Operator APIs


OpenShift Container Platform 4.17

Reference guide for Operator APIs

Red Hat OpenShift Documentation Team

Abstract

This document describes the OpenShift Container Platform Operator API objects and their detailed specifications.

Chapter 1. Operator APIs

1.1. Authentication [operator.openshift.io/v1]

Description
Authentication provides information to configure an operator to manage authentication. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.2. CloudCredential [operator.openshift.io/v1]

Description
CloudCredential provides a means to configure an operator to manage CredentialsRequests. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.3. ClusterCSIDriver [operator.openshift.io/v1]

Description
ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.4. Console [operator.openshift.io/v1]

Description
Console provides a means to configure an operator to manage the console. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.5. Config [operator.openshift.io/v1]

Description
Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.6. Config [imageregistry.operator.openshift.io/v1]

Description
Config is the configuration object for a registry instance managed by the registry operator Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.7. Config [samples.operator.openshift.io/v1]

Description
Config contains the configuration and detailed condition status for the Samples Operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.8. CSISnapshotController [operator.openshift.io/v1]

Description
CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. cluster is the canonical name. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.9. DNS [operator.openshift.io/v1]

Description
DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster. This supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.10. DNSRecord [ingress.operator.openshift.io/v1]

Description
DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. Cluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators. If DNSManagementPolicy is "Unmanaged", the operator will not be responsible for managing the DNS records on the cloud provider. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.11. Etcd [operator.openshift.io/v1]

Description
Etcd provides information to configure an operator to manage etcd. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.12. ImageContentSourcePolicy [operator.openshift.io/v1alpha1]

Description
ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
Type
object

1.13. ImagePruner [imageregistry.operator.openshift.io/v1]

Description
ImagePruner is the configuration object for an image registry pruner managed by the registry operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.14. IngressController [operator.openshift.io/v1]

Description
IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources. When an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out. https://kubernetes.io/docs/concepts/services-networking/ingress-controllers Whenever possible, sensible defaults for the platform are used. See each field for more details. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.15. InsightsOperator [operator.openshift.io/v1]

Description
InsightsOperator holds cluster-wide information about the Insights Operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.16. KubeAPIServer [operator.openshift.io/v1]

Description
KubeAPIServer provides information to configure an operator to manage kube-apiserver. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.17. KubeControllerManager [operator.openshift.io/v1]

Description
KubeControllerManager provides information to configure an operator to manage kube-controller-manager. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.18. KubeScheduler [operator.openshift.io/v1]

Description
KubeScheduler provides information to configure an operator to manage scheduler. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.19. KubeStorageVersionMigrator [operator.openshift.io/v1]

Description
KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.20. MachineConfiguration [operator.openshift.io/v1]

Description
MachineConfiguration provides information to configure an operator to manage Machine Configuration. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.21. Network [operator.openshift.io/v1]

Description
Network describes the cluster’s desired network configuration. It is consumed by the cluster-network-operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.22. OpenShiftAPIServer [operator.openshift.io/v1]

Description
OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.23. OpenShiftControllerManager [operator.openshift.io/v1]

Description
OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.24. OperatorPKI [network.operator.openshift.io/v1]

Description

OperatorPKI is a simple certificate authority. It is not intended for external use - rather, it is internal to the network operator. The CNO creates a CA and a certificate signed by that CA. The certificate has both ClientAuth and ServerAuth extended usages enabled.

More specifically, given an OperatorPKI with <name>, the CNO will manage:
  • A Secret called <name>-ca with two data keys:
  • tls.key - the private key
  • tls.crt - the CA certificate
  • A ConfigMap called <name>-ca with a single data key:
  • cabundle.crt - the CA certificate(s)
  • A Secret called <name>-cert with two data keys:
  • tls.key - the private key
  • tls.crt - the certificate, signed by the CA

The CA certificate will have a validity of 10 years, rotated after 9. The target certificate will have a validity of 6 months, rotated after 3

The CA certificate will have a CommonName of "<namespace>_<name>-ca@<timestamp>", where <timestamp> is the last rotation time.

Type
object

1.25. ServiceCA [operator.openshift.io/v1]

Description
ServiceCA provides information to configure an operator to manage the service cert controllers Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.26. Storage [operator.openshift.io/v1]

Description
Storage provides a means to configure an operator to manage the cluster storage operator. cluster is the canonical name. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

Chapter 2. Authentication [operator.openshift.io/v1]

Description
Authentication provides information to configure an operator to manage authentication. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

2.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

 

status

object

 

2.1.1. .spec

Description
Type
object
PropertyTypeDescription

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

2.1.2. .status

Description
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

oauthAPIServer

object

OAuthAPIServer holds status specific only to oauth-apiserver

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

2.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

2.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

2.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

2.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

2.1.7. .status.oauthAPIServer

Description
OAuthAPIServer holds status specific only to oauth-apiserver
Type
object
PropertyTypeDescription

latestAvailableRevision

integer

LatestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.

2.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/authentications

    • DELETE: delete collection of Authentication
    • GET: list objects of kind Authentication
    • POST: create an Authentication
  • /apis/operator.openshift.io/v1/authentications/{name}

    • DELETE: delete an Authentication
    • GET: read the specified Authentication
    • PATCH: partially update the specified Authentication
    • PUT: replace the specified Authentication
  • /apis/operator.openshift.io/v1/authentications/{name}/status

    • GET: read status of the specified Authentication
    • PATCH: partially update status of the specified Authentication
    • PUT: replace status of the specified Authentication

2.2.1. /apis/operator.openshift.io/v1/authentications

HTTP method
DELETE
Description
delete collection of Authentication
Table 2.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind Authentication
Table 2.2. HTTP responses
HTTP codeReponse body

200 - OK

AuthenticationList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create an Authentication
Table 2.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 2.4. Body parameters
ParameterTypeDescription

body

Authentication schema

 
Table 2.5. HTTP responses
HTTP codeReponse body

200 - OK

Authentication schema

201 - Created

Authentication schema

202 - Accepted

Authentication schema

401 - Unauthorized

Empty

2.2.2. /apis/operator.openshift.io/v1/authentications/{name}

Table 2.6. Global path parameters
ParameterTypeDescription

name

string

name of the Authentication

HTTP method
DELETE
Description
delete an Authentication
Table 2.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 2.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified Authentication
Table 2.9. HTTP responses
HTTP codeReponse body

200 - OK

Authentication schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified Authentication
Table 2.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 2.11. HTTP responses
HTTP codeReponse body

200 - OK

Authentication schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified Authentication
Table 2.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 2.13. Body parameters
ParameterTypeDescription

body

Authentication schema

 
Table 2.14. HTTP responses
HTTP codeReponse body

200 - OK

Authentication schema

201 - Created

Authentication schema

401 - Unauthorized

Empty

2.2.3. /apis/operator.openshift.io/v1/authentications/{name}/status

Table 2.15. Global path parameters
ParameterTypeDescription

name

string

name of the Authentication

HTTP method
GET
Description
read status of the specified Authentication
Table 2.16. HTTP responses
HTTP codeReponse body

200 - OK

Authentication schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified Authentication
Table 2.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 2.18. HTTP responses
HTTP codeReponse body

200 - OK

Authentication schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified Authentication
Table 2.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 2.20. Body parameters
ParameterTypeDescription

body

Authentication schema

 
Table 2.21. HTTP responses
HTTP codeReponse body

200 - OK

Authentication schema

201 - Created

Authentication schema

401 - Unauthorized

Empty

Chapter 3. CloudCredential [operator.openshift.io/v1]

Description
CloudCredential provides a means to configure an operator to manage CredentialsRequests. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

3.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.

status

object

CloudCredentialStatus defines the observed status of the cloud-credential-operator.

3.1.1. .spec

Description
CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.
Type
object
PropertyTypeDescription

credentialsMode

string

CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into "manual" mode if desired. Leaving the field in default mode runs CCO so that the cluster’s cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" Others: Do not set value as other platforms only support running in "Passthrough"

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

3.1.2. .status

Description
CloudCredentialStatus defines the observed status of the cloud-credential-operator.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

3.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

3.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

3.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

3.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

3.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/cloudcredentials

    • DELETE: delete collection of CloudCredential
    • GET: list objects of kind CloudCredential
    • POST: create a CloudCredential
  • /apis/operator.openshift.io/v1/cloudcredentials/{name}

    • DELETE: delete a CloudCredential
    • GET: read the specified CloudCredential
    • PATCH: partially update the specified CloudCredential
    • PUT: replace the specified CloudCredential
  • /apis/operator.openshift.io/v1/cloudcredentials/{name}/status

    • GET: read status of the specified CloudCredential
    • PATCH: partially update status of the specified CloudCredential
    • PUT: replace status of the specified CloudCredential

3.2.1. /apis/operator.openshift.io/v1/cloudcredentials

HTTP method
DELETE
Description
delete collection of CloudCredential
Table 3.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind CloudCredential
Table 3.2. HTTP responses
HTTP codeReponse body

200 - OK

CloudCredentialList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a CloudCredential
Table 3.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 3.4. Body parameters
ParameterTypeDescription

body

CloudCredential schema

 
Table 3.5. HTTP responses
HTTP codeReponse body

200 - OK

CloudCredential schema

201 - Created

CloudCredential schema

202 - Accepted

CloudCredential schema

401 - Unauthorized

Empty

3.2.2. /apis/operator.openshift.io/v1/cloudcredentials/{name}

Table 3.6. Global path parameters
ParameterTypeDescription

name

string

name of the CloudCredential

HTTP method
DELETE
Description
delete a CloudCredential
Table 3.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 3.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified CloudCredential
Table 3.9. HTTP responses
HTTP codeReponse body

200 - OK

CloudCredential schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified CloudCredential
Table 3.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 3.11. HTTP responses
HTTP codeReponse body

200 - OK

CloudCredential schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified CloudCredential
Table 3.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 3.13. Body parameters
ParameterTypeDescription

body

CloudCredential schema

 
Table 3.14. HTTP responses
HTTP codeReponse body

200 - OK

CloudCredential schema

201 - Created

CloudCredential schema

401 - Unauthorized

Empty

3.2.3. /apis/operator.openshift.io/v1/cloudcredentials/{name}/status

Table 3.15. Global path parameters
ParameterTypeDescription

name

string

name of the CloudCredential

HTTP method
GET
Description
read status of the specified CloudCredential
Table 3.16. HTTP responses
HTTP codeReponse body

200 - OK

CloudCredential schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified CloudCredential
Table 3.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 3.18. HTTP responses
HTTP codeReponse body

200 - OK

CloudCredential schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified CloudCredential
Table 3.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 3.20. Body parameters
ParameterTypeDescription

body

CloudCredential schema

 
Table 3.21. HTTP responses
HTTP codeReponse body

200 - OK

CloudCredential schema

201 - Created

CloudCredential schema

401 - Unauthorized

Empty

Chapter 4. ClusterCSIDriver [operator.openshift.io/v1]

Description
ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

4.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

4.1.1. .spec

Description
spec holds user settable values for configuration
Type
object
PropertyTypeDescription

driverConfig

object

driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

storageClassState

string

StorageClassState determines if CSI operator should create and manage storage classes. If this field value is empty or Managed - CSI operator will continuously reconcile storage class and create if necessary. If this field value is Unmanaged - CSI operator will not reconcile any previously created storage class. If this field value is Removed - CSI operator will delete the storage class it created previously. When omitted, this means the user has no opinion and the platform chooses a reasonable default, which is subject to change over time. The current default behaviour is Managed.

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

4.1.2. .spec.driverConfig

Description
driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
Type
object
Required
  • driverType
PropertyTypeDescription

aws

object

aws is used to configure the AWS CSI driver.

azure

object

azure is used to configure the Azure CSI driver.

driverType

string

driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.

gcp

object

gcp is used to configure the GCP CSI driver.

ibmcloud

object

ibmcloud is used to configure the IBM Cloud CSI driver.

vSphere

object

vsphere is used to configure the vsphere CSI driver.

4.1.3. .spec.driverConfig.aws

Description
aws is used to configure the AWS CSI driver.
Type
object
PropertyTypeDescription

efsVolumeMetrics

object

efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.

kmsKeyARN

string

kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.

4.1.4. .spec.driverConfig.aws.efsVolumeMetrics

Description
efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.
Type
object
Required
  • state
PropertyTypeDescription

recursiveWalk

object

recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.

state

string

state defines the state of metric collection in the AWS EFS CSI Driver. This field is required and must be set to one of the following values: Disabled or RecursiveWalk. Disabled means no metrics collection will be performed. This is the default value. RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. This process may result in high CPU and memory usage, depending on the volume size.

4.1.5. .spec.driverConfig.aws.efsVolumeMetrics.recursiveWalk

Description
recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.
Type
object
PropertyTypeDescription

fsRateLimit

integer

fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 5. The valid range is from 1 to 100 goroutines.

refreshPeriodMinutes

integer

refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 240. The valid range is from 1 to 43200 minutes (30 days).

4.1.6. .spec.driverConfig.azure

Description
azure is used to configure the Azure CSI driver.
Type
object
PropertyTypeDescription

diskEncryptionSet

object

diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.

4.1.7. .spec.driverConfig.azure.diskEncryptionSet

Description
diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.
Type
object
Required
  • name
  • resourceGroup
  • subscriptionID
PropertyTypeDescription

name

string

name is the name of the disk encryption set that will be set on the default storage class. The value should consist of only alphanumberic characters, underscores (_), hyphens, and be at most 80 characters in length.

resourceGroup

string

resourceGroup defines the Azure resource group that contains the disk encryption set. The value should consist of only alphanumberic characters, underscores (_), parentheses, hyphens and periods. The value should not end in a period and be at most 90 characters in length.

subscriptionID

string

subscriptionID defines the Azure subscription that contains the disk encryption set. The value should meet the following conditions: 1. It should be a 128-bit number. 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. 3. It should be displayed in five groups separated by hyphens (-). 4. The first group should be 8 characters long. 5. The second, third, and fourth groups should be 4 characters long. 6. The fifth group should be 12 characters long. An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378

4.1.8. .spec.driverConfig.gcp

Description
gcp is used to configure the GCP CSI driver.
Type
object
PropertyTypeDescription

kmsKey

object

kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.

4.1.9. .spec.driverConfig.gcp.kmsKey

Description
kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.
Type
object
Required
  • keyRing
  • name
  • projectID
PropertyTypeDescription

keyRing

string

keyRing is the name of the KMS Key Ring which the KMS Key belongs to. The value should correspond to an existing KMS key ring and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.

location

string

location is the GCP location in which the Key Ring exists. The value must match an existing GCP location, or "global". Defaults to global, if not set.

name

string

name is the name of the customer-managed encryption key to be used for disk encryption. The value should correspond to an existing KMS key and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.

projectID

string

projectID is the ID of the Project in which the KMS Key Ring exists. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.

4.1.10. .spec.driverConfig.ibmcloud

Description
ibmcloud is used to configure the IBM Cloud CSI driver.
Type
object
Required
  • encryptionKeyCRN
PropertyTypeDescription

encryptionKeyCRN

string

encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes.

4.1.11. .spec.driverConfig.vSphere

Description
vsphere is used to configure the vsphere CSI driver.
Type
object
PropertyTypeDescription

globalMaxSnapshotsPerBlockVolume

integer

globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html

granularMaxSnapshotsPerBlockVolumeInVSAN

integer

granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.

granularMaxSnapshotsPerBlockVolumeInVVOL

integer

granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.

topologyCategories

array (string)

topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.

4.1.12. .status

Description
status holds observed values from the cluster. They may not be overridden.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

4.1.13. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

4.1.14. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

4.1.15. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

4.1.16. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

4.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/clustercsidrivers

    • DELETE: delete collection of ClusterCSIDriver
    • GET: list objects of kind ClusterCSIDriver
    • POST: create a ClusterCSIDriver
  • /apis/operator.openshift.io/v1/clustercsidrivers/{name}

    • DELETE: delete a ClusterCSIDriver
    • GET: read the specified ClusterCSIDriver
    • PATCH: partially update the specified ClusterCSIDriver
    • PUT: replace the specified ClusterCSIDriver
  • /apis/operator.openshift.io/v1/clustercsidrivers/{name}/status

    • GET: read status of the specified ClusterCSIDriver
    • PATCH: partially update status of the specified ClusterCSIDriver
    • PUT: replace status of the specified ClusterCSIDriver

4.2.1. /apis/operator.openshift.io/v1/clustercsidrivers

HTTP method
DELETE
Description
delete collection of ClusterCSIDriver
Table 4.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind ClusterCSIDriver
Table 4.2. HTTP responses
HTTP codeReponse body

200 - OK

ClusterCSIDriverList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a ClusterCSIDriver
Table 4.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 4.4. Body parameters
ParameterTypeDescription

body

ClusterCSIDriver schema

 
Table 4.5. HTTP responses
HTTP codeReponse body

200 - OK

ClusterCSIDriver schema

201 - Created

ClusterCSIDriver schema

202 - Accepted

ClusterCSIDriver schema

401 - Unauthorized

Empty

4.2.2. /apis/operator.openshift.io/v1/clustercsidrivers/{name}

Table 4.6. Global path parameters
ParameterTypeDescription

name

string

name of the ClusterCSIDriver

HTTP method
DELETE
Description
delete a ClusterCSIDriver
Table 4.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 4.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified ClusterCSIDriver
Table 4.9. HTTP responses
HTTP codeReponse body

200 - OK

ClusterCSIDriver schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified ClusterCSIDriver
Table 4.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 4.11. HTTP responses
HTTP codeReponse body

200 - OK

ClusterCSIDriver schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified ClusterCSIDriver
Table 4.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 4.13. Body parameters
ParameterTypeDescription

body

ClusterCSIDriver schema

 
Table 4.14. HTTP responses
HTTP codeReponse body

200 - OK

ClusterCSIDriver schema

201 - Created

ClusterCSIDriver schema

401 - Unauthorized

Empty

4.2.3. /apis/operator.openshift.io/v1/clustercsidrivers/{name}/status

Table 4.15. Global path parameters
ParameterTypeDescription

name

string

name of the ClusterCSIDriver

HTTP method
GET
Description
read status of the specified ClusterCSIDriver
Table 4.16. HTTP responses
HTTP codeReponse body

200 - OK

ClusterCSIDriver schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified ClusterCSIDriver
Table 4.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 4.18. HTTP responses
HTTP codeReponse body

200 - OK

ClusterCSIDriver schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified ClusterCSIDriver
Table 4.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 4.20. Body parameters
ParameterTypeDescription

body

ClusterCSIDriver schema

 
Table 4.21. HTTP responses
HTTP codeReponse body

200 - OK

ClusterCSIDriver schema

201 - Created

ClusterCSIDriver schema

401 - Unauthorized

Empty

Chapter 5. Console [operator.openshift.io/v1]

Description
Console provides a means to configure an operator to manage the console. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

5.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ConsoleSpec is the specification of the desired behavior of the Console.

status

object

ConsoleStatus defines the observed status of the Console.

5.1.1. .spec

Description
ConsoleSpec is the specification of the desired behavior of the Console.
Type
object
PropertyTypeDescription

customization

object

customization is used to optionally provide a small set of customization options to the web console.

ingress

object

ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

plugins

array (string)

plugins defines a list of enabled console plugin names.

providers

object

providers contains configuration for using specific service providers.

route

object

route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

5.1.2. .spec.customization

Description
customization is used to optionally provide a small set of customization options to the web console.
Type
object
PropertyTypeDescription

addPage

object

addPage allows customizing actions on the Add page in developer perspective.

brand

string

brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.

capabilities

array

capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton. Each of the available capabilities may appear only once in the list.

capabilities[]

object

Capabilities contains set of UI capabilities and their state in the console UI.

customLogoFile

object

customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred

customProductName

string

customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.

developerCatalog

object

developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).

documentationBaseURL

string

documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.

perspectives

array

perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.

perspectives[]

object

Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown

projectAccess

object

projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.

quickStarts

object

quickStarts allows customization of available ConsoleQuickStart resources in console.

5.1.3. .spec.customization.addPage

Description
addPage allows customizing actions on the Add page in developer perspective.
Type
object
PropertyTypeDescription

disabledActions

array (string)

disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.

5.1.4. .spec.customization.capabilities

Description
capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton. Each of the available capabilities may appear only once in the list.
Type
array

5.1.5. .spec.customization.capabilities[]

Description
Capabilities contains set of UI capabilities and their state in the console UI.
Type
object
Required
  • name
  • visibility
PropertyTypeDescription

name

string

name is the unique name of a capability. Available capabilities are LightspeedButton.

visibility

object

visibility defines the visibility state of the capability.

5.1.6. .spec.customization.capabilities[].visibility

Description
visibility defines the visibility state of the capability.
Type
object
Required
  • state
PropertyTypeDescription

state

string

state defines if the capability is enabled or disabled in the console UI. Enabling the capability in the console UI is represented by the "Enabled" value. Disabling the capability in the console UI is represented by the "Disabled" value.

5.1.7. .spec.customization.customLogoFile

Description
customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred
Type
object
PropertyTypeDescription

key

string

Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.

name

string

 

5.1.8. .spec.customization.developerCatalog

Description
developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).
Type
object
PropertyTypeDescription

categories

array

categories which are shown in the developer catalog.

categories[]

object

DeveloperConsoleCatalogCategory for the developer console catalog.

types

object

types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.

5.1.9. .spec.customization.developerCatalog.categories

Description
categories which are shown in the developer catalog.
Type
array

5.1.10. .spec.customization.developerCatalog.categories[]

Description
DeveloperConsoleCatalogCategory for the developer console catalog.
Type
object
Required
  • id
  • label
PropertyTypeDescription

id

string

ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.

label

string

label defines a category display label. It is required and must have 1-64 characters.

subcategories

array

subcategories defines a list of child categories.

subcategories[]

object

DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.

tags

array (string)

tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.

5.1.11. .spec.customization.developerCatalog.categories[].subcategories

Description
subcategories defines a list of child categories.
Type
array

5.1.12. .spec.customization.developerCatalog.categories[].subcategories[]

Description
DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.
Type
object
Required
  • id
  • label
PropertyTypeDescription

id

string

ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.

label

string

label defines a category display label. It is required and must have 1-64 characters.

tags

array (string)

tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.

5.1.13. .spec.customization.developerCatalog.types

Description
types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.
Type
object
Required
  • state
PropertyTypeDescription

disabled

array (string)

disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.

enabled

array (string)

enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown.

state

string

state defines if a list of catalog types should be enabled or disabled.

5.1.14. .spec.customization.perspectives

Description
perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.
Type
array

5.1.15. .spec.customization.perspectives[]

Description
Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown
Type
object
Required
  • id
  • visibility
PropertyTypeDescription

id

string

id defines the id of the perspective. Example: "dev", "admin". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.

pinnedResources

array

pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via kubectl api-resources. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.

pinnedResources[]

object

PinnedResourceReference includes the group, version and type of resource

visibility

object

visibility defines the state of perspective along with access review checks if needed for that perspective.

5.1.16. .spec.customization.perspectives[].pinnedResources

Description
pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via kubectl api-resources. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.
Type
array

5.1.17. .spec.customization.perspectives[].pinnedResources[]

Description
PinnedResourceReference includes the group, version and type of resource
Type
object
Required
  • group
  • resource
  • version
PropertyTypeDescription

group

string

group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: "", "apps", "build.openshift.io", etc.

resource

string

resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: "deployments", "deploymentconfigs", "pods", etc.

version

string

version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: "v1", "v1beta1", etc.

5.1.18. .spec.customization.perspectives[].visibility

Description
visibility defines the state of perspective along with access review checks if needed for that perspective.
Type
object
Required
  • state
PropertyTypeDescription

accessReview

object

accessReview defines required and missing access review checks.

state

string

state defines the perspective is enabled or disabled or access review check is required.

5.1.19. .spec.customization.perspectives[].visibility.accessReview

Description
accessReview defines required and missing access review checks.
Type
object
PropertyTypeDescription

missing

array

missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.

missing[]

object

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

required

array

required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.

required[]

object

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

5.1.20. .spec.customization.perspectives[].visibility.accessReview.missing

Description
missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.
Type
array

5.1.21. .spec.customization.perspectives[].visibility.accessReview.missing[]

Description
ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
Type
object
PropertyTypeDescription

group

string

Group is the API Group of the Resource. "*" means all.

name

string

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

resource

string

Resource is one of the existing resource types. "*" means all.

subresource

string

Subresource is one of the existing resource types. "" means none.

verb

string

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

version

string

Version is the API Version of the Resource. "*" means all.

5.1.22. .spec.customization.perspectives[].visibility.accessReview.required

Description
required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.
Type
array

5.1.23. .spec.customization.perspectives[].visibility.accessReview.required[]

Description
ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
Type
object
PropertyTypeDescription

group

string

Group is the API Group of the Resource. "*" means all.

name

string

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

resource

string

Resource is one of the existing resource types. "*" means all.

subresource

string

Subresource is one of the existing resource types. "" means none.

verb

string

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

version

string

Version is the API Version of the Resource. "*" means all.

5.1.24. .spec.customization.projectAccess

Description
projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.
Type
object
PropertyTypeDescription

availableClusterRoles

array (string)

availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab.

5.1.25. .spec.customization.quickStarts

Description
quickStarts allows customization of available ConsoleQuickStart resources in console.
Type
object
PropertyTypeDescription

disabled

array (string)

disabled is a list of ConsoleQuickStart resource names that are not shown to users.

5.1.26. .spec.ingress

Description
ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.
Type
object
PropertyTypeDescription

clientDownloadsURL

string

clientDownloadsURL is a URL to be used as the address to download client binaries. If not specified, the downloads route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. The console operator will monitor the URL and may go degraded if it’s unreachable for an extended period. Must use the HTTPS scheme.

consoleURL

string

consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it’s unreachable for an extended period. Must use the HTTPS scheme.

5.1.27. .spec.providers

Description
providers contains configuration for using specific service providers.
Type
object
PropertyTypeDescription

statuspage

object

statuspage contains ID for statuspage.io page that provides status info about.

5.1.28. .spec.providers.statuspage

Description
statuspage contains ID for statuspage.io page that provides status info about.
Type
object
PropertyTypeDescription

pageID

string

pageID is the unique ID assigned by Statuspage for your page. This must be a public page.

5.1.29. .spec.route

Description
route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED
Type
object
PropertyTypeDescription

hostname

string

hostname is the desired custom domain under which console will be available.

secret

object

secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - "tls.crt" - to specifies custom certificate - "tls.key" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.

5.1.30. .spec.route.secret

Description
secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - "tls.crt" - to specifies custom certificate - "tls.key" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.
Type
object
Required
  • name
PropertyTypeDescription

name

string

name is the metadata.name of the referenced secret

5.1.31. .status

Description
ConsoleStatus defines the observed status of the Console.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

5.1.32. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

5.1.33. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

5.1.34. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

5.1.35. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

5.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/consoles

    • DELETE: delete collection of Console
    • GET: list objects of kind Console
    • POST: create a Console
  • /apis/operator.openshift.io/v1/consoles/{name}

    • DELETE: delete a Console
    • GET: read the specified Console
    • PATCH: partially update the specified Console
    • PUT: replace the specified Console
  • /apis/operator.openshift.io/v1/consoles/{name}/status

    • GET: read status of the specified Console
    • PATCH: partially update status of the specified Console
    • PUT: replace status of the specified Console

5.2.1. /apis/operator.openshift.io/v1/consoles

HTTP method
DELETE
Description
delete collection of Console
Table 5.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind Console
Table 5.2. HTTP responses
HTTP codeReponse body

200 - OK

ConsoleList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a Console
Table 5.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 5.4. Body parameters
ParameterTypeDescription

body

Console schema

 
Table 5.5. HTTP responses
HTTP codeReponse body

200 - OK

Console schema

201 - Created

Console schema

202 - Accepted

Console schema

401 - Unauthorized

Empty

5.2.2. /apis/operator.openshift.io/v1/consoles/{name}

Table 5.6. Global path parameters
ParameterTypeDescription

name

string

name of the Console

HTTP method
DELETE
Description
delete a Console
Table 5.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 5.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified Console
Table 5.9. HTTP responses
HTTP codeReponse body

200 - OK

Console schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified Console
Table 5.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 5.11. HTTP responses
HTTP codeReponse body

200 - OK

Console schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified Console
Table 5.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 5.13. Body parameters
ParameterTypeDescription

body

Console schema

 
Table 5.14. HTTP responses
HTTP codeReponse body

200 - OK

Console schema

201 - Created

Console schema

401 - Unauthorized

Empty

5.2.3. /apis/operator.openshift.io/v1/consoles/{name}/status

Table 5.15. Global path parameters
ParameterTypeDescription

name

string

name of the Console

HTTP method
GET
Description
read status of the specified Console
Table 5.16. HTTP responses
HTTP codeReponse body

200 - OK

Console schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified Console
Table 5.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 5.18. HTTP responses
HTTP codeReponse body

200 - OK

Console schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified Console
Table 5.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 5.20. Body parameters
ParameterTypeDescription

body

Console schema

 
Table 5.21. HTTP responses
HTTP codeReponse body

200 - OK

Console schema

201 - Created

Console schema

401 - Unauthorized

Empty

Chapter 6. Config [operator.openshift.io/v1]

Description
Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

6.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the Config Operator.

status

object

status defines the observed status of the Config Operator.

6.1.1. .spec

Description
spec is the specification of the desired behavior of the Config Operator.
Type
object
PropertyTypeDescription

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

6.1.2. .status

Description
status defines the observed status of the Config Operator.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

6.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

6.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

6.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

6.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

6.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/configs

    • DELETE: delete collection of Config
    • GET: list objects of kind Config
    • POST: create a Config
  • /apis/operator.openshift.io/v1/configs/{name}

    • DELETE: delete a Config
    • GET: read the specified Config
    • PATCH: partially update the specified Config
    • PUT: replace the specified Config
  • /apis/operator.openshift.io/v1/configs/{name}/status

    • GET: read status of the specified Config
    • PATCH: partially update status of the specified Config
    • PUT: replace status of the specified Config

6.2.1. /apis/operator.openshift.io/v1/configs

HTTP method
DELETE
Description
delete collection of Config
Table 6.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind Config
Table 6.2. HTTP responses
HTTP codeReponse body

200 - OK

ConfigList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a Config
Table 6.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 6.4. Body parameters
ParameterTypeDescription

body

Config schema

 
Table 6.5. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

201 - Created

Config schema

202 - Accepted

Config schema

401 - Unauthorized

Empty

6.2.2. /apis/operator.openshift.io/v1/configs/{name}

Table 6.6. Global path parameters
ParameterTypeDescription

name

string

name of the Config

HTTP method
DELETE
Description
delete a Config
Table 6.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 6.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified Config
Table 6.9. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified Config
Table 6.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 6.11. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified Config
Table 6.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 6.13. Body parameters
ParameterTypeDescription

body

Config schema

 
Table 6.14. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

201 - Created

Config schema

401 - Unauthorized

Empty

6.2.3. /apis/operator.openshift.io/v1/configs/{name}/status

Table 6.15. Global path parameters
ParameterTypeDescription

name

string

name of the Config

HTTP method
GET
Description
read status of the specified Config
Table 6.16. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified Config
Table 6.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 6.18. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified Config
Table 6.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 6.20. Body parameters
ParameterTypeDescription

body

Config schema

 
Table 6.21. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

201 - Created

Config schema

401 - Unauthorized

Empty

Chapter 7. Config [imageregistry.operator.openshift.io/v1]

Description
Config is the configuration object for a registry instance managed by the registry operator Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • metadata
  • spec

7.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ImageRegistrySpec defines the specs for the running registry.

status

object

ImageRegistryStatus reports image registry operational status.

7.1.1. .spec

Description
ImageRegistrySpec defines the specs for the running registry.
Type
object
Required
  • replicas
PropertyTypeDescription

affinity

object

affinity is a group of node affinity scheduling rules for the image registry pod(s).

defaultRoute

boolean

defaultRoute indicates whether an external facing route for the registry should be created using the default generated hostname.

disableRedirect

boolean

disableRedirect controls whether to route all data through the Registry, rather than redirecting to the backend.

httpSecret

string

httpSecret is the value needed by the registry to secure uploads, generated by default.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

logging

integer

logging is deprecated, use logLevel instead.

managementState

string

managementState indicates whether and how the operator should manage the component

nodeSelector

object (string)

nodeSelector defines the node selection constraints for the registry pod.

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

proxy

object

proxy defines the proxy to be used when calling master api, upstream registries, etc.

readOnly

boolean

readOnly indicates whether the registry instance should reject attempts to push new images or delete existing ones.

replicas

integer

replicas determines the number of registry instances to run.

requests

object

requests controls how many parallel requests a given registry instance will handle before queuing additional requests.

resources

object

resources defines the resource requests+limits for the registry pod.

rolloutStrategy

string

rolloutStrategy defines rollout strategy for the image registry deployment.

routes

array

routes defines additional external facing routes which should be created for the registry.

routes[]

object

ImageRegistryConfigRoute holds information on external route access to image registry.

storage

object

storage details for configuring registry storage, e.g. S3 bucket coordinates.

tolerations

array

tolerations defines the tolerations for the registry pod.

tolerations[]

object

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.

topologySpreadConstraints

array

topologySpreadConstraints specify how to spread matching pods among the given topology.

topologySpreadConstraints[]

object

TopologySpreadConstraint specifies how to spread matching pods among the given topology.

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

7.1.2. .spec.affinity

Description
affinity is a group of node affinity scheduling rules for the image registry pod(s).
Type
object
PropertyTypeDescription

nodeAffinity

object

Describes node affinity scheduling rules for the pod.

podAffinity

object

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

object

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

7.1.3. .spec.affinity.nodeAffinity

Description
Describes node affinity scheduling rules for the pod.
Type
object
PropertyTypeDescription

preferredDuringSchedulingIgnoredDuringExecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringExecution[]

object

An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).

requiredDuringSchedulingIgnoredDuringExecution

object

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

7.1.4. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution

Description
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
Type
array

7.1.5. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[]

Description
An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
Type
object
Required
  • preference
  • weight
PropertyTypeDescription

preference

object

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

7.1.6. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference

Description
A node selector term, associated with the corresponding weight.
Type
object
PropertyTypeDescription

matchExpressions

array

A list of node selector requirements by node’s labels.

matchExpressions[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchFields

array

A list of node selector requirements by node’s fields.

matchFields[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

7.1.7. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions

Description
A list of node selector requirements by node’s labels.
Type
array

7.1.8. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[]

Description
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

7.1.9. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields

Description
A list of node selector requirements by node’s fields.
Type
array

7.1.10. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields[]

Description
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

7.1.11. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

Description
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
Type
object
Required
  • nodeSelectorTerms
PropertyTypeDescription

nodeSelectorTerms

array

Required. A list of node selector terms. The terms are ORed.

nodeSelectorTerms[]

object

A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.

7.1.12. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms

Description
Required. A list of node selector terms. The terms are ORed.
Type
array

7.1.13. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[]

Description
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
Type
object
PropertyTypeDescription

matchExpressions

array

A list of node selector requirements by node’s labels.

matchExpressions[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchFields

array

A list of node selector requirements by node’s fields.

matchFields[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

7.1.14. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions

Description
A list of node selector requirements by node’s labels.
Type
array

7.1.15. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[]

Description
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

7.1.16. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields

Description
A list of node selector requirements by node’s fields.
Type
array

7.1.17. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields[]

Description
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

7.1.18. .spec.affinity.podAffinity

Description
Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
Type
object
PropertyTypeDescription

preferredDuringSchedulingIgnoredDuringExecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringExecution[]

object

The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)

requiredDuringSchedulingIgnoredDuringExecution

array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

requiredDuringSchedulingIgnoredDuringExecution[]

object

Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running

7.1.19. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution

Description
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
Type
array

7.1.20. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[]

Description
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
Type
object
Required
  • podAffinityTerm
  • weight
PropertyTypeDescription

podAffinityTerm

object

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

7.1.21. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm

Description
Required. A pod affinity term, associated with the corresponding weight.
Type
object
Required
  • topologyKey
PropertyTypeDescription

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

7.1.22. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector

Description
A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

7.1.23. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

7.1.24. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

7.1.25. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector

Description
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

7.1.26. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

7.1.27. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

7.1.28. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution

Description
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Type
array

7.1.29. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[]

Description
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
Type
object
Required
  • topologyKey
PropertyTypeDescription

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

7.1.30. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector

Description
A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

7.1.31. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

7.1.32. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

7.1.33. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector

Description
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

7.1.34. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

7.1.35. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

7.1.36. .spec.affinity.podAntiAffinity

Description
Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
Type
object
PropertyTypeDescription

preferredDuringSchedulingIgnoredDuringExecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringExecution[]

object

The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)

requiredDuringSchedulingIgnoredDuringExecution

array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

requiredDuringSchedulingIgnoredDuringExecution[]

object

Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running

7.1.37. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution

Description
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
Type
array

7.1.38. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[]

Description
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
Type
object
Required
  • podAffinityTerm
  • weight
PropertyTypeDescription

podAffinityTerm

object

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

7.1.39. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm

Description
Required. A pod affinity term, associated with the corresponding weight.
Type
object
Required
  • topologyKey
PropertyTypeDescription

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

7.1.40. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector

Description
A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

7.1.41. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

7.1.42. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

7.1.43. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector

Description
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

7.1.44. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

7.1.45. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

7.1.46. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution

Description
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Type
array

7.1.47. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[]

Description
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
Type
object
Required
  • topologyKey
PropertyTypeDescription

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

7.1.48. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector

Description
A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

7.1.49. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

7.1.50. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

7.1.51. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector

Description
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

7.1.52. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

7.1.53. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

7.1.54. .spec.proxy

Description
proxy defines the proxy to be used when calling master api, upstream registries, etc.
Type
object
PropertyTypeDescription

http

string

http defines the proxy to be used by the image registry when accessing HTTP endpoints.

https

string

https defines the proxy to be used by the image registry when accessing HTTPS endpoints.

noProxy

string

noProxy defines a comma-separated list of host names that shouldn’t go through any proxy.

7.1.55. .spec.requests

Description
requests controls how many parallel requests a given registry instance will handle before queuing additional requests.
Type
object
PropertyTypeDescription

read

object

read defines limits for image registry’s reads.

write

object

write defines limits for image registry’s writes.

7.1.56. .spec.requests.read

Description
read defines limits for image registry’s reads.
Type
object
PropertyTypeDescription

maxInQueue

integer

maxInQueue sets the maximum queued api requests to the registry.

maxRunning

integer

maxRunning sets the maximum in flight api requests to the registry.

maxWaitInQueue

string

maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected.

7.1.57. .spec.requests.write

Description
write defines limits for image registry’s writes.
Type
object
PropertyTypeDescription

maxInQueue

integer

maxInQueue sets the maximum queued api requests to the registry.

maxRunning

integer

maxRunning sets the maximum in flight api requests to the registry.

maxWaitInQueue

string

maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected.

7.1.58. .spec.resources

Description
resources defines the resource requests+limits for the registry pod.
Type
object
PropertyTypeDescription

claims

array

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.

claims[]

object

ResourceClaim references one entry in PodSpec.ResourceClaims.

limits

integer-or-string

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests

integer-or-string

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

7.1.59. .spec.resources.claims

Description
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
Type
array

7.1.60. .spec.resources.claims[]

Description
ResourceClaim references one entry in PodSpec.ResourceClaims.
Type
object
Required
  • name
PropertyTypeDescription

name

string

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

7.1.61. .spec.routes

Description
routes defines additional external facing routes which should be created for the registry.
Type
array

7.1.62. .spec.routes[]

Description
ImageRegistryConfigRoute holds information on external route access to image registry.
Type
object
Required
  • name
PropertyTypeDescription

hostname

string

hostname for the route.

name

string

name of the route to be created.

secretName

string

secretName points to secret containing the certificates to be used by the route.

7.1.63. .spec.storage

Description
storage details for configuring registry storage, e.g. S3 bucket coordinates.
Type
object
PropertyTypeDescription

azure

object

azure represents configuration that uses Azure Blob Storage.

emptyDir

object

emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.

gcs

object

gcs represents configuration that uses Google Cloud Storage.

ibmcos

object

ibmcos represents configuration that uses IBM Cloud Object Storage.

managementState

string

managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed.

oss

object

Oss represents configuration that uses Alibaba Cloud Object Storage Service.

pvc

object

pvc represents configuration that uses a PersistentVolumeClaim.

s3

object

s3 represents configuration that uses Amazon Simple Storage Service.

swift

object

swift represents configuration that uses OpenStack Object Storage.

7.1.64. .spec.storage.azure

Description
azure represents configuration that uses Azure Blob Storage.
Type
object
PropertyTypeDescription

accountName

string

accountName defines the account to be used by the registry.

cloudName

string

cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object.

container

string

container defines Azure’s container to be used by registry.

networkAccess

object

networkAccess defines the network access properties for the storage account. Defaults to type: External.

7.1.65. .spec.storage.azure.networkAccess

Description
networkAccess defines the network access properties for the storage account. Defaults to type: External.
Type
object
PropertyTypeDescription

internal

object

internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.

type

string

type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: External means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster’s vnet. External storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateEndpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateEndpointName. Defaults to "External".

7.1.66. .spec.storage.azure.networkAccess.internal

Description
internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.
Type
object
PropertyTypeDescription

networkResourceGroupName

string

networkResourceGroupName is the resource group name where the cluster’s vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period.

privateEndpointName

string

privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.

subnetName

string

subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the kubernetes.io_cluster.<cluster-id> tag in the vnet resource, then using one of listed subnets. Advanced cluster network configurations that use network security groups to protect subnets should ensure the provided subnetName has access to Azure Storage service. It must be between 1 and 80 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_).

vnetName

string

vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the kubernetes.io_cluster.<cluster-id> tag in the vnet resource. This tag is set automatically by the installer. Commonly, this will be the same vnet as the cluster. Advanced cluster network configurations should ensure the provided vnetName is the vnet of the nodes where the image registry pods are running from. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.

7.1.67. .spec.storage.emptyDir

Description
emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.
Type
object

7.1.68. .spec.storage.gcs

Description
gcs represents configuration that uses Google Cloud Storage.
Type
object
PropertyTypeDescription

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

keyID

string

keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key.

projectID

string

projectID is the Project ID of the GCP project that this bucket should be associated with.

region

string

region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region.

7.1.69. .spec.storage.ibmcos

Description
ibmcos represents configuration that uses IBM Cloud Object Storage.
Type
object
PropertyTypeDescription

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

location

string

location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location.

resourceGroupName

string

resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group.

resourceKeyCRN

string

resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided.

serviceInstanceCRN

string

serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided.

7.1.70. .spec.storage.oss

Description
Oss represents configuration that uses Alibaba Cloud Object Storage Service.
Type
object
PropertyTypeDescription

bucket

string

Bucket is the bucket name in which you want to store the registry’s data. About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be autogenerated in the form of <clusterid>-image-registry-<region>-<random string 27 chars>

encryption

object

Encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)

endpointAccessibility

string

EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is Internal.

region

string

Region is the Alibaba Cloud Region in which your bucket exists. For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be based on the installed Alibaba Cloud Region.

7.1.71. .spec.storage.oss.encryption

Description
Encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)
Type
object
PropertyTypeDescription

kms

object

KMS (key management service) is an encryption type that holds the struct for KMS KeyID

method

string

Method defines the different encrytion modes available Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is AES256.

7.1.72. .spec.storage.oss.encryption.kms

Description
KMS (key management service) is an encryption type that holds the struct for KMS KeyID
Type
object
Required
  • keyID
PropertyTypeDescription

keyID

string

KeyID holds the KMS encryption key ID

7.1.73. .spec.storage.pvc

Description
pvc represents configuration that uses a PersistentVolumeClaim.
Type
object
PropertyTypeDescription

claim

string

claim defines the Persisent Volume Claim’s name to be used.

7.1.74. .spec.storage.s3

Description
s3 represents configuration that uses Amazon Simple Storage Service.
Type
object
PropertyTypeDescription

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

chunkSizeMiB

integer

chunkSizeMiB defines the size of the multipart upload chunks of the S3 API. The S3 API requires multipart upload chunks to be at least 5MiB. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is 10 MiB. The value is an integer number of MiB. The minimum value is 5 and the maximum value is 5120 (5 GiB).

cloudFront

object

cloudFront configures Amazon Cloudfront as the storage middleware in a registry.

encrypt

boolean

encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false.

keyID

string

keyID is the KMS key ID to use for encryption. Optional, Encrypt must be true, or this parameter is ignored.

region

string

region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region.

regionEndpoint

string

regionEndpoint is the endpoint for S3 compatible storage services. It should be a valid URL with scheme, e.g. https://s3.example.com. Optional, defaults based on the Region that is provided.

trustedCA

object

trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".

virtualHostedStyle

boolean

virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom RegionEndpoint Optional, defaults to false.

7.1.75. .spec.storage.s3.cloudFront

Description
cloudFront configures Amazon Cloudfront as the storage middleware in a registry.
Type
object
Required
  • baseURL
  • keypairID
  • privateKey
PropertyTypeDescription

baseURL

string

baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served.

duration

string

duration is the duration of the Cloudfront session.

keypairID

string

keypairID is key pair ID provided by AWS.

privateKey

object

privateKey points to secret containing the private key, provided by AWS.

7.1.76. .spec.storage.s3.cloudFront.privateKey

Description
privateKey points to secret containing the private key, provided by AWS.
Type
object
Required
  • key
PropertyTypeDescription

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop kubebuilder:default when controller-gen doesn’t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.

optional

boolean

Specify whether the Secret or its key must be defined

7.1.77. .spec.storage.s3.trustedCA

Description
trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".
Type
object
PropertyTypeDescription

name

string

name is the metadata.name of the referenced config map. This field must adhere to standard config map naming restrictions. The name must consist solely of alphanumeric characters, hyphens (-) and periods (.). It has a maximum length of 253 characters. If this field is not specified or is empty string, the default trust bundle will be used.

7.1.78. .spec.storage.swift

Description
swift represents configuration that uses OpenStack Object Storage.
Type
object
PropertyTypeDescription

authURL

string

authURL defines the URL for obtaining an authentication token.

authVersion

string

authVersion specifies the OpenStack Auth’s version.

container

string

container defines the name of Swift container where to store the registry’s data.

domain

string

domain specifies Openstack’s domain name for Identity v3 API.

domainID

string

domainID specifies Openstack’s domain id for Identity v3 API.

regionName

string

regionName defines Openstack’s region in which container exists.

tenant

string

tenant defines Openstack tenant name to be used by registry.

tenantID

string

tenant defines Openstack tenant id to be used by registry.

7.1.79. .spec.tolerations

Description
tolerations defines the tolerations for the registry pod.
Type
array

7.1.80. .spec.tolerations[]

Description
The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Type
object
PropertyTypeDescription

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

7.1.81. .spec.topologySpreadConstraints

Description
topologySpreadConstraints specify how to spread matching pods among the given topology.
Type
array

7.1.82. .spec.topologySpreadConstraints[]

Description
TopologySpreadConstraint specifies how to spread matching pods among the given topology.
Type
object
Required
  • maxSkew
  • topologyKey
  • whenUnsatisfiable
PropertyTypeDescription

labelSelector

object

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn’t set. Keys that don’t exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. When whenUnsatisfiable=DoNotSchedule, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When whenUnsatisfiable=ScheduleAnyway, it is used to give higher precedence to topologies that satisfy it. It’s a required field. Default value is 1 and 0 is not allowed.

minDomains

integer

MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won’t schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.

nodeAffinityPolicy

string

NodeAffinityPolicy indicates how we will treat Pod’s nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.

nodeTaintsPolicy

string

NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won’t make it more imbalanced. It’s a required field.

7.1.83. .spec.topologySpreadConstraints[].labelSelector

Description
LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

7.1.84. .spec.topologySpreadConstraints[].labelSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

7.1.85. .spec.topologySpreadConstraints[].labelSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

7.1.86. .status

Description
ImageRegistryStatus reports image registry operational status.
Type
object
Required
  • storage
  • storageManaged
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

storage

object

storage indicates the current applied storage configuration of the registry.

storageManaged

boolean

storageManaged is deprecated, please refer to Storage.managementState

version

string

version is the level this availability applies to

7.1.87. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

7.1.88. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

7.1.89. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

7.1.90. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

7.1.91. .status.storage

Description
storage indicates the current applied storage configuration of the registry.
Type
object
PropertyTypeDescription

azure

object

azure represents configuration that uses Azure Blob Storage.

emptyDir

object

emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.

gcs

object

gcs represents configuration that uses Google Cloud Storage.

ibmcos

object

ibmcos represents configuration that uses IBM Cloud Object Storage.

managementState

string

managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed.

oss

object

Oss represents configuration that uses Alibaba Cloud Object Storage Service.

pvc

object

pvc represents configuration that uses a PersistentVolumeClaim.

s3

object

s3 represents configuration that uses Amazon Simple Storage Service.

swift

object

swift represents configuration that uses OpenStack Object Storage.

7.1.92. .status.storage.azure

Description
azure represents configuration that uses Azure Blob Storage.
Type
object
PropertyTypeDescription

accountName

string

accountName defines the account to be used by the registry.

cloudName

string

cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object.

container

string

container defines Azure’s container to be used by registry.

networkAccess

object

networkAccess defines the network access properties for the storage account. Defaults to type: External.

7.1.93. .status.storage.azure.networkAccess

Description
networkAccess defines the network access properties for the storage account. Defaults to type: External.
Type
object
PropertyTypeDescription

internal

object

internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.

type

string

type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: External means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster’s vnet. External storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateEndpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateEndpointName. Defaults to "External".

7.1.94. .status.storage.azure.networkAccess.internal

Description
internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.
Type
object
PropertyTypeDescription

networkResourceGroupName

string

networkResourceGroupName is the resource group name where the cluster’s vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period.

privateEndpointName

string

privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.

subnetName

string

subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the kubernetes.io_cluster.<cluster-id> tag in the vnet resource, then using one of listed subnets. Advanced cluster network configurations that use network security groups to protect subnets should ensure the provided subnetName has access to Azure Storage service. It must be between 1 and 80 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_).

vnetName

string

vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the kubernetes.io_cluster.<cluster-id> tag in the vnet resource. This tag is set automatically by the installer. Commonly, this will be the same vnet as the cluster. Advanced cluster network configurations should ensure the provided vnetName is the vnet of the nodes where the image registry pods are running from. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.

7.1.95. .status.storage.emptyDir

Description
emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.
Type
object

7.1.96. .status.storage.gcs

Description
gcs represents configuration that uses Google Cloud Storage.
Type
object
PropertyTypeDescription

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

keyID

string

keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key.

projectID

string

projectID is the Project ID of the GCP project that this bucket should be associated with.

region

string

region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region.

7.1.97. .status.storage.ibmcos

Description
ibmcos represents configuration that uses IBM Cloud Object Storage.
Type
object
PropertyTypeDescription

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

location

string

location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location.

resourceGroupName

string

resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group.

resourceKeyCRN

string

resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided.

serviceInstanceCRN

string

serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided.

7.1.98. .status.storage.oss

Description
Oss represents configuration that uses Alibaba Cloud Object Storage Service.
Type
object
PropertyTypeDescription

bucket

string

Bucket is the bucket name in which you want to store the registry’s data. About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be autogenerated in the form of <clusterid>-image-registry-<region>-<random string 27 chars>

encryption

object

Encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)

endpointAccessibility

string

EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is Internal.

region

string

Region is the Alibaba Cloud Region in which your bucket exists. For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be based on the installed Alibaba Cloud Region.

7.1.99. .status.storage.oss.encryption

Description
Encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)
Type
object
PropertyTypeDescription

kms

object

KMS (key management service) is an encryption type that holds the struct for KMS KeyID

method

string

Method defines the different encrytion modes available Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is AES256.

7.1.100. .status.storage.oss.encryption.kms

Description
KMS (key management service) is an encryption type that holds the struct for KMS KeyID
Type
object
Required
  • keyID
PropertyTypeDescription

keyID

string

KeyID holds the KMS encryption key ID

7.1.101. .status.storage.pvc

Description
pvc represents configuration that uses a PersistentVolumeClaim.
Type
object
PropertyTypeDescription

claim

string

claim defines the Persisent Volume Claim’s name to be used.

7.1.102. .status.storage.s3

Description
s3 represents configuration that uses Amazon Simple Storage Service.
Type
object
PropertyTypeDescription

bucket

string

bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided.

chunkSizeMiB

integer

chunkSizeMiB defines the size of the multipart upload chunks of the S3 API. The S3 API requires multipart upload chunks to be at least 5MiB. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is 10 MiB. The value is an integer number of MiB. The minimum value is 5 and the maximum value is 5120 (5 GiB).

cloudFront

object

cloudFront configures Amazon Cloudfront as the storage middleware in a registry.

encrypt

boolean

encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false.

keyID

string

keyID is the KMS key ID to use for encryption. Optional, Encrypt must be true, or this parameter is ignored.

region

string

region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region.

regionEndpoint

string

regionEndpoint is the endpoint for S3 compatible storage services. It should be a valid URL with scheme, e.g. https://s3.example.com. Optional, defaults based on the Region that is provided.

trustedCA

object

trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".

virtualHostedStyle

boolean

virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom RegionEndpoint Optional, defaults to false.

7.1.103. .status.storage.s3.cloudFront

Description
cloudFront configures Amazon Cloudfront as the storage middleware in a registry.
Type
object
Required
  • baseURL
  • keypairID
  • privateKey
PropertyTypeDescription

baseURL

string

baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served.

duration

string

duration is the duration of the Cloudfront session.

keypairID

string

keypairID is key pair ID provided by AWS.

privateKey

object

privateKey points to secret containing the private key, provided by AWS.

7.1.104. .status.storage.s3.cloudFront.privateKey

Description
privateKey points to secret containing the private key, provided by AWS.
Type
object
Required
  • key
PropertyTypeDescription

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop kubebuilder:default when controller-gen doesn’t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.

optional

boolean

Specify whether the Secret or its key must be defined

7.1.105. .status.storage.s3.trustedCA

Description
trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".
Type
object
PropertyTypeDescription

name

string

name is the metadata.name of the referenced config map. This field must adhere to standard config map naming restrictions. The name must consist solely of alphanumeric characters, hyphens (-) and periods (.). It has a maximum length of 253 characters. If this field is not specified or is empty string, the default trust bundle will be used.

7.1.106. .status.storage.swift

Description
swift represents configuration that uses OpenStack Object Storage.
Type
object
PropertyTypeDescription

authURL

string

authURL defines the URL for obtaining an authentication token.

authVersion

string

authVersion specifies the OpenStack Auth’s version.

container

string

container defines the name of Swift container where to store the registry’s data.

domain

string

domain specifies Openstack’s domain name for Identity v3 API.

domainID

string

domainID specifies Openstack’s domain id for Identity v3 API.

regionName

string

regionName defines Openstack’s region in which container exists.

tenant

string

tenant defines Openstack tenant name to be used by registry.

tenantID

string

tenant defines Openstack tenant id to be used by registry.

7.2. API endpoints

The following API endpoints are available:

  • /apis/imageregistry.operator.openshift.io/v1/configs

    • DELETE: delete collection of Config
    • GET: list objects of kind Config
    • POST: create a Config
  • /apis/imageregistry.operator.openshift.io/v1/configs/{name}

    • DELETE: delete a Config
    • GET: read the specified Config
    • PATCH: partially update the specified Config
    • PUT: replace the specified Config
  • /apis/imageregistry.operator.openshift.io/v1/configs/{name}/status

    • GET: read status of the specified Config
    • PATCH: partially update status of the specified Config
    • PUT: replace status of the specified Config

7.2.1. /apis/imageregistry.operator.openshift.io/v1/configs

HTTP method
DELETE
Description
delete collection of Config
Table 7.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind Config
Table 7.2. HTTP responses
HTTP codeReponse body

200 - OK

ConfigList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a Config
Table 7.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 7.4. Body parameters
ParameterTypeDescription

body

Config schema

 
Table 7.5. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

201 - Created

Config schema

202 - Accepted

Config schema

401 - Unauthorized

Empty

7.2.2. /apis/imageregistry.operator.openshift.io/v1/configs/{name}

Table 7.6. Global path parameters
ParameterTypeDescription

name

string

name of the Config

HTTP method
DELETE
Description
delete a Config
Table 7.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 7.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified Config
Table 7.9. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified Config
Table 7.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 7.11. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified Config
Table 7.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 7.13. Body parameters
ParameterTypeDescription

body

Config schema

 
Table 7.14. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

201 - Created

Config schema

401 - Unauthorized

Empty

7.2.3. /apis/imageregistry.operator.openshift.io/v1/configs/{name}/status

Table 7.15. Global path parameters
ParameterTypeDescription

name

string

name of the Config

HTTP method
GET
Description
read status of the specified Config
Table 7.16. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified Config
Table 7.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 7.18. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified Config
Table 7.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 7.20. Body parameters
ParameterTypeDescription

body

Config schema

 
Table 7.21. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

201 - Created

Config schema

401 - Unauthorized

Empty

Chapter 8. Config [samples.operator.openshift.io/v1]

Description
Config contains the configuration and detailed condition status for the Samples Operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • metadata
  • spec

8.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.

status

object

ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.

8.1.1. .spec

Description
ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.
Type
object
PropertyTypeDescription

architectures

array (string)

architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently.

managementState

string

managementState is top level on/off type of switch for all operators. When "Managed", this operator processes config and manipulates the samples accordingly. When "Unmanaged", this operator ignores any updates to the resources it watches. When "Removed", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator’s namespace that represents the last config used to manipulate the samples,

samplesRegistry

string

samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.

skippedImagestreams

array (string)

skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.

skippedTemplates

array (string)

skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.

8.1.2. .status

Description
ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.
Type
object
PropertyTypeDescription

architectures

array (string)

architectures determine which hardware architecture(s) to install, where x86_64 and ppc64le are the supported choices.

conditions

array

conditions represents the available maintenance status of the sample imagestreams and templates.

conditions[]

object

ConfigCondition captures various conditions of the Config as entries are processed.

managementState

string

managementState reflects the current operational status of the on/off switch for the operator. This operator compares the ManagementState as part of determining that we are turning the operator back on (i.e. "Managed") when it was previously "Unmanaged".

samplesRegistry

string

samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.

skippedImagestreams

array (string)

skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.

skippedTemplates

array (string)

skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.

version

string

version is the value of the operator’s payload based version indicator when it was last successfully processed

8.1.3. .status.conditions

Description
conditions represents the available maintenance status of the sample imagestreams and templates.
Type
array

8.1.4. .status.conditions[]

Description
ConfigCondition captures various conditions of the Config as entries are processed.
Type
object
Required
  • status
  • type
PropertyTypeDescription

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another.

lastUpdateTime

string

lastUpdateTime is the last time this condition was updated.

message

string

message is a human readable message indicating details about the transition.

reason

string

reason is what caused the condition’s last transition.

status

string

status of the condition, one of True, False, Unknown.

type

string

type of condition.

8.2. API endpoints

The following API endpoints are available:

  • /apis/samples.operator.openshift.io/v1/configs

    • DELETE: delete collection of Config
    • GET: list objects of kind Config
    • POST: create a Config
  • /apis/samples.operator.openshift.io/v1/configs/{name}

    • DELETE: delete a Config
    • GET: read the specified Config
    • PATCH: partially update the specified Config
    • PUT: replace the specified Config
  • /apis/samples.operator.openshift.io/v1/configs/{name}/status

    • GET: read status of the specified Config
    • PATCH: partially update status of the specified Config
    • PUT: replace status of the specified Config

8.2.1. /apis/samples.operator.openshift.io/v1/configs

HTTP method
DELETE
Description
delete collection of Config
Table 8.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind Config
Table 8.2. HTTP responses
HTTP codeReponse body

200 - OK

ConfigList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a Config
Table 8.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 8.4. Body parameters
ParameterTypeDescription

body

Config schema

 
Table 8.5. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

201 - Created

Config schema

202 - Accepted

Config schema

401 - Unauthorized

Empty

8.2.2. /apis/samples.operator.openshift.io/v1/configs/{name}

Table 8.6. Global path parameters
ParameterTypeDescription

name

string

name of the Config

HTTP method
DELETE
Description
delete a Config
Table 8.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 8.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified Config
Table 8.9. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified Config
Table 8.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 8.11. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified Config
Table 8.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 8.13. Body parameters
ParameterTypeDescription

body

Config schema

 
Table 8.14. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

201 - Created

Config schema

401 - Unauthorized

Empty

8.2.3. /apis/samples.operator.openshift.io/v1/configs/{name}/status

Table 8.15. Global path parameters
ParameterTypeDescription

name

string

name of the Config

HTTP method
GET
Description
read status of the specified Config
Table 8.16. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified Config
Table 8.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 8.18. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified Config
Table 8.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 8.20. Body parameters
ParameterTypeDescription

body

Config schema

 
Table 8.21. HTTP responses
HTTP codeReponse body

200 - OK

Config schema

201 - Created

Config schema

401 - Unauthorized

Empty

Chapter 9. CSISnapshotController [operator.openshift.io/v1]

Description
CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. cluster is the canonical name. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

9.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

9.1.1. .spec

Description
spec holds user settable values for configuration
Type
object
PropertyTypeDescription

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

9.1.2. .status

Description
status holds observed values from the cluster. They may not be overridden.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

9.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

9.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

9.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

9.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

9.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/csisnapshotcontrollers

    • DELETE: delete collection of CSISnapshotController
    • GET: list objects of kind CSISnapshotController
    • POST: create a CSISnapshotController
  • /apis/operator.openshift.io/v1/csisnapshotcontrollers/{name}

    • DELETE: delete a CSISnapshotController
    • GET: read the specified CSISnapshotController
    • PATCH: partially update the specified CSISnapshotController
    • PUT: replace the specified CSISnapshotController
  • /apis/operator.openshift.io/v1/csisnapshotcontrollers/{name}/status

    • GET: read status of the specified CSISnapshotController
    • PATCH: partially update status of the specified CSISnapshotController
    • PUT: replace status of the specified CSISnapshotController

9.2.1. /apis/operator.openshift.io/v1/csisnapshotcontrollers

HTTP method
DELETE
Description
delete collection of CSISnapshotController
Table 9.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind CSISnapshotController
Table 9.2. HTTP responses
HTTP codeReponse body

200 - OK

CSISnapshotControllerList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a CSISnapshotController
Table 9.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 9.4. Body parameters
ParameterTypeDescription

body

CSISnapshotController schema

 
Table 9.5. HTTP responses
HTTP codeReponse body

200 - OK

CSISnapshotController schema

201 - Created

CSISnapshotController schema

202 - Accepted

CSISnapshotController schema

401 - Unauthorized

Empty

9.2.2. /apis/operator.openshift.io/v1/csisnapshotcontrollers/{name}

Table 9.6. Global path parameters
ParameterTypeDescription

name

string

name of the CSISnapshotController

HTTP method
DELETE
Description
delete a CSISnapshotController
Table 9.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 9.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified CSISnapshotController
Table 9.9. HTTP responses
HTTP codeReponse body

200 - OK

CSISnapshotController schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified CSISnapshotController
Table 9.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 9.11. HTTP responses
HTTP codeReponse body

200 - OK

CSISnapshotController schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified CSISnapshotController
Table 9.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 9.13. Body parameters
ParameterTypeDescription

body

CSISnapshotController schema

 
Table 9.14. HTTP responses
HTTP codeReponse body

200 - OK

CSISnapshotController schema

201 - Created

CSISnapshotController schema

401 - Unauthorized

Empty

9.2.3. /apis/operator.openshift.io/v1/csisnapshotcontrollers/{name}/status

Table 9.15. Global path parameters
ParameterTypeDescription

name

string

name of the CSISnapshotController

HTTP method
GET
Description
read status of the specified CSISnapshotController
Table 9.16. HTTP responses
HTTP codeReponse body

200 - OK

CSISnapshotController schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified CSISnapshotController
Table 9.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 9.18. HTTP responses
HTTP codeReponse body

200 - OK

CSISnapshotController schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified CSISnapshotController
Table 9.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 9.20. Body parameters
ParameterTypeDescription

body

CSISnapshotController schema

 
Table 9.21. HTTP responses
HTTP codeReponse body

200 - OK

CSISnapshotController schema

201 - Created

CSISnapshotController schema

401 - Unauthorized

Empty

Chapter 10. DNS [operator.openshift.io/v1]

Description
DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster. This supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

10.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the DNS.

status

object

status is the most recently observed status of the DNS.

10.1.1. .spec

Description
spec is the specification of the desired behavior of the DNS.
Type
object
PropertyTypeDescription

cache

object

cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.

logLevel

string

logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses. Setting logLevel: Trace will produce extremely verbose logs. Valid values are: "Normal", "Debug", "Trace". Defaults to "Normal".

managementState

string

managementState indicates whether the DNS operator should manage cluster DNS

nodePlacement

object

nodePlacement provides explicit control over the scheduling of DNS pods. Generally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint. If unset, defaults are used. See nodePlacement for more details.

operatorLogLevel

string

operatorLogLevel controls the logging level of the DNS Operator. Valid values are: "Normal", "Debug", "Trace". Defaults to "Normal". setting operatorLogLevel: Trace will produce extremely verbose logs.

servers

array

servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server. For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", and the name query is for "www.a.foo.com", it will be routed to the Server with Zone "a.foo.com". If this field is nil, no servers are created.

servers[]

object

Server defines the schema for a server that runs per instance of CoreDNS.

upstreamResolvers

object

upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (".") server If this field is not specified, the upstream used will default to /etc/resolv.conf, with policy "sequential"

10.1.2. .spec.cache

Description
cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.
Type
object
PropertyTypeDescription

negativeTTL

string

negativeTTL is optional and specifies the amount of time that a negative response should be cached. If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.

positiveTTL

string

positiveTTL is optional and specifies the amount of time that a positive response should be cached. If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.

10.1.3. .spec.nodePlacement

Description
nodePlacement provides explicit control over the scheduling of DNS pods. Generally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint. If unset, defaults are used. See nodePlacement for more details.
Type
object
PropertyTypeDescription

nodeSelector

object (string)

nodeSelector is the node selector applied to DNS pods. If empty, the default is used, which is currently the following: kubernetes.io/os: linux This default is subject to change. If set, the specified selector is used and replaces the default.

tolerations

array

tolerations is a list of tolerations applied to DNS pods. If empty, the DNS operator sets a toleration for the "node-role.kubernetes.io/master" taint. This default is subject to change. Specifying tolerations without including a toleration for the "node-role.kubernetes.io/master" taint may be risky as it could lead to an outage if all worker nodes become unavailable. Note that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

tolerations[]

object

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.

10.1.4. .spec.nodePlacement.tolerations

Description
tolerations is a list of tolerations applied to DNS pods. If empty, the DNS operator sets a toleration for the "node-role.kubernetes.io/master" taint. This default is subject to change. Specifying tolerations without including a toleration for the "node-role.kubernetes.io/master" taint may be risky as it could lead to an outage if all worker nodes become unavailable. Note that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
Type
array

10.1.5. .spec.nodePlacement.tolerations[]

Description
The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Type
object
PropertyTypeDescription

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

10.1.6. .spec.servers

Description
servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server. For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", and the name query is for "www.a.foo.com", it will be routed to the Server with Zone "a.foo.com". If this field is nil, no servers are created.
Type
array

10.1.7. .spec.servers[]

Description
Server defines the schema for a server that runs per instance of CoreDNS.
Type
object
PropertyTypeDescription

forwardPlugin

object

forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.

name

string

name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335.

zones

array (string)

zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., "cluster.local") is invalid.

10.1.8. .spec.servers[].forwardPlugin

Description
forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.
Type
object
PropertyTypeDescription

policy

string

policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: * "Random" picks a random upstream server for each query. * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. The default value is "Random"

protocolStrategy

string

protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are "TCP" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. "TCP" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. "TCP" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.

transportConfig

object

transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.

upstreams

array (string)

upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53. A maximum of 15 upstreams is allowed per ForwardPlugin.

10.1.9. .spec.servers[].forwardPlugin.transportConfig

Description
transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.
Type
object
PropertyTypeDescription

tls

object

tls contains the additional configuration options to use when Transport is set to "TLS".

transport

string

transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). Possible values: "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is "Cleartext". "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from "TLS" to "Cleartext" explicitly. "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.

10.1.10. .spec.servers[].forwardPlugin.transportConfig.tls

Description
tls contains the additional configuration options to use when Transport is set to "TLS".
Type
object
Required
  • serverName
PropertyTypeDescription

caBundle

object

caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. 1. The configmap must contain a ca-bundle.crt key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.

serverName

string

serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).

10.1.11. .spec.servers[].forwardPlugin.transportConfig.tls.caBundle

Description
caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. 1. The configmap must contain a ca-bundle.crt key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.
Type
object
Required
  • name
PropertyTypeDescription

name

string

name is the metadata.name of the referenced config map

10.1.12. .spec.upstreamResolvers

Description
upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (".") server If this field is not specified, the upstream used will default to /etc/resolv.conf, with policy "sequential"
Type
object
PropertyTypeDescription

policy

string

Policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: * "Random" picks a random upstream server for each query. * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. The default value is "Sequential"

protocolStrategy

string

protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are "TCP" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. "TCP" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. "TCP" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.

transportConfig

object

transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.

upstreams

array

Upstreams is a list of resolvers to forward name queries for the "." domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. A maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default

upstreams[]

object

Upstream can either be of type SystemResolvConf, or of type Network. - For an Upstream of type SystemResolvConf, no further fields are necessary: The upstream will be configured to use /etc/resolv.conf. - For an Upstream of type Network, a NetworkResolver field needs to be defined with an IP address or IP:port if the upstream listens on a port other than 53.

10.1.13. .spec.upstreamResolvers.transportConfig

Description
transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.
Type
object
PropertyTypeDescription

tls

object

tls contains the additional configuration options to use when Transport is set to "TLS".

transport

string

transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). Possible values: "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is "Cleartext". "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from "TLS" to "Cleartext" explicitly. "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.

10.1.14. .spec.upstreamResolvers.transportConfig.tls

Description
tls contains the additional configuration options to use when Transport is set to "TLS".
Type
object
Required
  • serverName
PropertyTypeDescription

caBundle

object

caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. 1. The configmap must contain a ca-bundle.crt key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.

serverName

string

serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).

10.1.15. .spec.upstreamResolvers.transportConfig.tls.caBundle

Description
caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. 1. The configmap must contain a ca-bundle.crt key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.
Type
object
Required
  • name
PropertyTypeDescription

name

string

name is the metadata.name of the referenced config map

10.1.16. .spec.upstreamResolvers.upstreams

Description
Upstreams is a list of resolvers to forward name queries for the "." domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. A maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default
Type
array

10.1.17. .spec.upstreamResolvers.upstreams[]

Description
Upstream can either be of type SystemResolvConf, or of type Network. - For an Upstream of type SystemResolvConf, no further fields are necessary: The upstream will be configured to use /etc/resolv.conf. - For an Upstream of type Network, a NetworkResolver field needs to be defined with an IP address or IP:port if the upstream listens on a port other than 53.
Type
object
Required
  • type
PropertyTypeDescription

address

string

Address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address.

port

integer

Port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535

type

string

Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network. * When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: /etc/resolv.conf will be used * When Network is used, the Upstream structure must contain at least an Address

10.1.18. .status

Description
status is the most recently observed status of the DNS.
Type
object
Required
  • clusterDomain
  • clusterIP
PropertyTypeDescription

clusterDomain

string

clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: "cluster.local" More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service

clusterIP

string

clusterIP is the service IP through which this DNS is made available. In the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy. In general, this IP can be specified in a pod’s spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @<service IP> More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

conditions

array

conditions provide information about the state of the DNS on the cluster. These are the supported DNS conditions: * Available - True if the following conditions are met: * DNS controller daemonset is available. - False if any of those conditions are unsatisfied.

conditions[]

object

OperatorCondition is just the standard condition fields.

10.1.19. .status.conditions

Description
conditions provide information about the state of the DNS on the cluster. These are the supported DNS conditions: * Available - True if the following conditions are met: * DNS controller daemonset is available. - False if any of those conditions are unsatisfied.
Type
array

10.1.20. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

10.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/dnses

    • DELETE: delete collection of DNS
    • GET: list objects of kind DNS
    • POST: create a DNS
  • /apis/operator.openshift.io/v1/dnses/{name}

    • DELETE: delete a DNS
    • GET: read the specified DNS
    • PATCH: partially update the specified DNS
    • PUT: replace the specified DNS
  • /apis/operator.openshift.io/v1/dnses/{name}/status

    • GET: read status of the specified DNS
    • PATCH: partially update status of the specified DNS
    • PUT: replace status of the specified DNS

10.2.1. /apis/operator.openshift.io/v1/dnses

HTTP method
DELETE
Description
delete collection of DNS
Table 10.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind DNS
Table 10.2. HTTP responses
HTTP codeReponse body

200 - OK

DNSList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a DNS
Table 10.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 10.4. Body parameters
ParameterTypeDescription

body

DNS schema

 
Table 10.5. HTTP responses
HTTP codeReponse body

200 - OK

DNS schema

201 - Created

DNS schema

202 - Accepted

DNS schema

401 - Unauthorized

Empty

10.2.2. /apis/operator.openshift.io/v1/dnses/{name}

Table 10.6. Global path parameters
ParameterTypeDescription

name

string

name of the DNS

HTTP method
DELETE
Description
delete a DNS
Table 10.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 10.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified DNS
Table 10.9. HTTP responses
HTTP codeReponse body

200 - OK

DNS schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified DNS
Table 10.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 10.11. HTTP responses
HTTP codeReponse body

200 - OK

DNS schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified DNS
Table 10.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 10.13. Body parameters
ParameterTypeDescription

body

DNS schema

 
Table 10.14. HTTP responses
HTTP codeReponse body

200 - OK

DNS schema

201 - Created

DNS schema

401 - Unauthorized

Empty

10.2.3. /apis/operator.openshift.io/v1/dnses/{name}/status

Table 10.15. Global path parameters
ParameterTypeDescription

name

string

name of the DNS

HTTP method
GET
Description
read status of the specified DNS
Table 10.16. HTTP responses
HTTP codeReponse body

200 - OK

DNS schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified DNS
Table 10.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 10.18. HTTP responses
HTTP codeReponse body

200 - OK

DNS schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified DNS
Table 10.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 10.20. Body parameters
ParameterTypeDescription

body

DNS schema

 
Table 10.21. HTTP responses
HTTP codeReponse body

200 - OK

DNS schema

201 - Created

DNS schema

401 - Unauthorized

Empty

Chapter 11. DNSRecord [ingress.operator.openshift.io/v1]

Description
DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. Cluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators. If DNSManagementPolicy is "Unmanaged", the operator will not be responsible for managing the DNS records on the cloud provider. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

11.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the dnsRecord.

status

object

status is the most recently observed status of the dnsRecord.

11.1.1. .spec

Description
spec is the specification of the desired behavior of the dnsRecord.
Type
object
Required
  • dnsManagementPolicy
  • dnsName
  • recordTTL
  • recordType
  • targets
PropertyTypeDescription

dnsManagementPolicy

string

dnsManagementPolicy denotes the current policy applied on the DNS record. Records that have policy set as "Unmanaged" are ignored by the ingress operator. This means that the DNS record on the cloud provider is not managed by the operator, and the "Published" status condition will be updated to "Unknown" status, since it is externally managed. Any existing record on the cloud provider can be deleted at the discretion of the cluster admin. This field defaults to Managed. Valid values are "Managed" and "Unmanaged".

dnsName

string

dnsName is the hostname of the DNS record

recordTTL

integer

recordTTL is the record TTL in seconds. If zero, the default is 30. RecordTTL will not be used in AWS regions Alias targets, but will be used in CNAME targets, per AWS API contract.

recordType

string

recordType is the DNS record type. For example, "A" or "CNAME".

targets

array (string)

targets are record targets.

11.1.2. .status

Description
status is the most recently observed status of the dnsRecord.
Type
object
PropertyTypeDescription

observedGeneration

integer

observedGeneration is the most recently observed generation of the DNSRecord. When the DNSRecord is updated, the controller updates the corresponding record in each managed zone. If an update for a particular zone fails, that failure is recorded in the status condition for the zone so that the controller can determine that it needs to retry the update for that specific zone.

zones

array

zones are the status of the record in each zone.

zones[]

object

DNSZoneStatus is the status of a record within a specific zone.

11.1.3. .status.zones

Description
zones are the status of the record in each zone.
Type
array

11.1.4. .status.zones[]

Description
DNSZoneStatus is the status of a record within a specific zone.
Type
object
PropertyTypeDescription

conditions

array

conditions are any conditions associated with the record in the zone. If publishing the record succeeds, the "Published" condition will be set with status "True" and upon failure it will be set to "False" along with the reason and message describing the cause of the failure.

conditions[]

object

DNSZoneCondition is just the standard condition fields.

dnsZone

object

dnsZone is the zone where the record is published.

11.1.5. .status.zones[].conditions

Description
conditions are any conditions associated with the record in the zone. If publishing the record succeeds, the "Published" condition will be set with status "True" and upon failure it will be set to "False" along with the reason and message describing the cause of the failure.
Type
array

11.1.6. .status.zones[].conditions[]

Description
DNSZoneCondition is just the standard condition fields.
Type
object
Required
  • status
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

11.1.7. .status.zones[].dnsZone

Description
dnsZone is the zone where the record is published.
Type
object
PropertyTypeDescription

id

string

id is the identifier that can be used to find the DNS hosted zone. on AWS zone can be fetched using ID as id in [1] on Azure zone can be fetched using ID as a pre-determined name in [2], on GCP zone can be fetched using ID as a pre-determined name in [3]. [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get

tags

object (string)

tags can be used to query the DNS hosted zone. on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using Tags as tag-filters, [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options

11.2. API endpoints

The following API endpoints are available:

  • /apis/ingress.operator.openshift.io/v1/dnsrecords

    • GET: list objects of kind DNSRecord
  • /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords

    • DELETE: delete collection of DNSRecord
    • GET: list objects of kind DNSRecord
    • POST: create a DNSRecord
  • /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords/{name}

    • DELETE: delete a DNSRecord
    • GET: read the specified DNSRecord
    • PATCH: partially update the specified DNSRecord
    • PUT: replace the specified DNSRecord
  • /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords/{name}/status

    • GET: read status of the specified DNSRecord
    • PATCH: partially update status of the specified DNSRecord
    • PUT: replace status of the specified DNSRecord

11.2.1. /apis/ingress.operator.openshift.io/v1/dnsrecords

HTTP method
GET
Description
list objects of kind DNSRecord
Table 11.1. HTTP responses
HTTP codeReponse body

200 - OK

DNSRecordList schema

401 - Unauthorized

Empty

11.2.2. /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords

HTTP method
DELETE
Description
delete collection of DNSRecord
Table 11.2. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind DNSRecord
Table 11.3. HTTP responses
HTTP codeReponse body

200 - OK

DNSRecordList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a DNSRecord
Table 11.4. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 11.5. Body parameters
ParameterTypeDescription

body

DNSRecord schema

 
Table 11.6. HTTP responses
HTTP codeReponse body

200 - OK

DNSRecord schema

201 - Created

DNSRecord schema

202 - Accepted

DNSRecord schema

401 - Unauthorized

Empty

11.2.3. /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords/{name}

Table 11.7. Global path parameters
ParameterTypeDescription

name

string

name of the DNSRecord

HTTP method
DELETE
Description
delete a DNSRecord
Table 11.8. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 11.9. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified DNSRecord
Table 11.10. HTTP responses
HTTP codeReponse body

200 - OK

DNSRecord schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified DNSRecord
Table 11.11. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 11.12. HTTP responses
HTTP codeReponse body

200 - OK

DNSRecord schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified DNSRecord
Table 11.13. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 11.14. Body parameters
ParameterTypeDescription

body

DNSRecord schema

 
Table 11.15. HTTP responses
HTTP codeReponse body

200 - OK

DNSRecord schema

201 - Created

DNSRecord schema

401 - Unauthorized

Empty

11.2.4. /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords/{name}/status

Table 11.16. Global path parameters
ParameterTypeDescription

name

string

name of the DNSRecord

HTTP method
GET
Description
read status of the specified DNSRecord
Table 11.17. HTTP responses
HTTP codeReponse body

200 - OK

DNSRecord schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified DNSRecord
Table 11.18. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 11.19. HTTP responses
HTTP codeReponse body

200 - OK

DNSRecord schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified DNSRecord
Table 11.20. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 11.21. Body parameters
ParameterTypeDescription

body

DNSRecord schema

 
Table 11.22. HTTP responses
HTTP codeReponse body

200 - OK

DNSRecord schema

201 - Created

DNSRecord schema

401 - Unauthorized

Empty

Chapter 12. Etcd [operator.openshift.io/v1]

Description
Etcd provides information to configure an operator to manage etcd. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

12.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

 

status

object

 

12.1.1. .spec

Description
Type
object
PropertyTypeDescription

controlPlaneHardwareSpeed

string

HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are "", "Standard" and "Slower". "" means no opinion and the platform is left to choose a reasonable default which is subject to change without notice.

failedRevisionLimit

integer

failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

forceRedeploymentReason

string

forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

succeededRevisionLimit

integer

succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

12.1.2. .status

Description
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

controlPlaneHardwareSpeed

string

ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

latestAvailableRevision

integer

latestAvailableRevision is the deploymentID of the most recent deployment

latestAvailableRevisionReason

string

latestAvailableRevisionReason describe the detailed reason for the most recent deployment

nodeStatuses

array

nodeStatuses track the deployment values and errors across individual nodes

nodeStatuses[]

object

NodeStatus provides information about the current state of a particular node managed by this operator.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

12.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

12.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

12.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

12.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

12.1.7. .status.nodeStatuses

Description
nodeStatuses track the deployment values and errors across individual nodes
Type
array

12.1.8. .status.nodeStatuses[]

Description
NodeStatus provides information about the current state of a particular node managed by this operator.
Type
object
Required
  • nodeName
PropertyTypeDescription

currentRevision

integer

currentRevision is the generation of the most recently successful deployment

lastFailedCount

integer

lastFailedCount is how often the installer pod of the last failed revision failed.

lastFailedReason

string

lastFailedReason is a machine readable failure reason string.

lastFailedRevision

integer

lastFailedRevision is the generation of the deployment we tried and failed to deploy.

lastFailedRevisionErrors

array (string)

lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.

lastFailedTime

string

lastFailedTime is the time the last failed revision failed the last time.

lastFallbackCount

integer

lastFallbackCount is how often a fallback to a previous revision happened.

nodeName

string

nodeName is the name of the node

targetRevision

integer

targetRevision is the generation of the deployment we’re trying to apply

12.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/etcds

    • DELETE: delete collection of Etcd
    • GET: list objects of kind Etcd
    • POST: create an Etcd
  • /apis/operator.openshift.io/v1/etcds/{name}

    • DELETE: delete an Etcd
    • GET: read the specified Etcd
    • PATCH: partially update the specified Etcd
    • PUT: replace the specified Etcd
  • /apis/operator.openshift.io/v1/etcds/{name}/status

    • GET: read status of the specified Etcd
    • PATCH: partially update status of the specified Etcd
    • PUT: replace status of the specified Etcd

12.2.1. /apis/operator.openshift.io/v1/etcds

HTTP method
DELETE
Description
delete collection of Etcd
Table 12.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind Etcd
Table 12.2. HTTP responses
HTTP codeReponse body

200 - OK

EtcdList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create an Etcd
Table 12.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 12.4. Body parameters
ParameterTypeDescription

body

Etcd schema

 
Table 12.5. HTTP responses
HTTP codeReponse body

200 - OK

Etcd schema

201 - Created

Etcd schema

202 - Accepted

Etcd schema

401 - Unauthorized

Empty

12.2.2. /apis/operator.openshift.io/v1/etcds/{name}

Table 12.6. Global path parameters
ParameterTypeDescription

name

string

name of the Etcd

HTTP method
DELETE
Description
delete an Etcd
Table 12.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 12.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified Etcd
Table 12.9. HTTP responses
HTTP codeReponse body

200 - OK

Etcd schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified Etcd
Table 12.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 12.11. HTTP responses
HTTP codeReponse body

200 - OK

Etcd schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified Etcd
Table 12.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 12.13. Body parameters
ParameterTypeDescription

body

Etcd schema

 
Table 12.14. HTTP responses
HTTP codeReponse body

200 - OK

Etcd schema

201 - Created

Etcd schema

401 - Unauthorized

Empty

12.2.3. /apis/operator.openshift.io/v1/etcds/{name}/status

Table 12.15. Global path parameters
ParameterTypeDescription

name

string

name of the Etcd

HTTP method
GET
Description
read status of the specified Etcd
Table 12.16. HTTP responses
HTTP codeReponse body

200 - OK

Etcd schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified Etcd
Table 12.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 12.18. HTTP responses
HTTP codeReponse body

200 - OK

Etcd schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified Etcd
Table 12.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 12.20. Body parameters
ParameterTypeDescription

body

Etcd schema

 
Table 12.21. HTTP responses
HTTP codeReponse body

200 - OK

Etcd schema

201 - Created

Etcd schema

401 - Unauthorized

Empty

Chapter 13. ImageContentSourcePolicy [operator.openshift.io/v1alpha1]

Description
ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
Type
object
Required
  • spec

13.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

13.1.1. .spec

Description
spec holds user settable values for configuration
Type
object
PropertyTypeDescription

repositoryDigestMirrors

array

repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors a, b, c and policy B has mirrors c, d, e, the mirrors will be used in the order a, b, c, d, e. If the orders of mirror entries conflict (e.g. a, b vs. b, a) the configuration is not rejected but the resulting order is unspecified.

repositoryDigestMirrors[]

object

RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.

13.1.2. .spec.repositoryDigestMirrors

Description
repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors a, b, c and policy B has mirrors c, d, e, the mirrors will be used in the order a, b, c, d, e. If the orders of mirror entries conflict (e.g. a, b vs. b, a) the configuration is not rejected but the resulting order is unspecified.
Type
array

13.1.3. .spec.repositoryDigestMirrors[]

Description
RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.
Type
object
Required
  • source
PropertyTypeDescription

mirrors

array (string)

mirrors is one or more repositories that may also contain the same images. The order of mirrors in this list is treated as the user’s desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.

source

string

source is the repository that users refer to, e.g. in image pull specifications.

13.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies

    • DELETE: delete collection of ImageContentSourcePolicy
    • GET: list objects of kind ImageContentSourcePolicy
    • POST: create an ImageContentSourcePolicy
  • /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies/{name}

    • DELETE: delete an ImageContentSourcePolicy
    • GET: read the specified ImageContentSourcePolicy
    • PATCH: partially update the specified ImageContentSourcePolicy
    • PUT: replace the specified ImageContentSourcePolicy
  • /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies/{name}/status

    • GET: read status of the specified ImageContentSourcePolicy
    • PATCH: partially update status of the specified ImageContentSourcePolicy
    • PUT: replace status of the specified ImageContentSourcePolicy

13.2.1. /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies

HTTP method
DELETE
Description
delete collection of ImageContentSourcePolicy
Table 13.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind ImageContentSourcePolicy
Table 13.2. HTTP responses
HTTP codeReponse body

200 - OK

ImageContentSourcePolicyList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create an ImageContentSourcePolicy
Table 13.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 13.4. Body parameters
ParameterTypeDescription

body

ImageContentSourcePolicy schema

 
Table 13.5. HTTP responses
HTTP codeReponse body

200 - OK

ImageContentSourcePolicy schema

201 - Created

ImageContentSourcePolicy schema

202 - Accepted

ImageContentSourcePolicy schema

401 - Unauthorized

Empty

13.2.2. /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies/{name}

Table 13.6. Global path parameters
ParameterTypeDescription

name

string

name of the ImageContentSourcePolicy

HTTP method
DELETE
Description
delete an ImageContentSourcePolicy
Table 13.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 13.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified ImageContentSourcePolicy
Table 13.9. HTTP responses
HTTP codeReponse body

200 - OK

ImageContentSourcePolicy schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified ImageContentSourcePolicy
Table 13.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 13.11. HTTP responses
HTTP codeReponse body

200 - OK

ImageContentSourcePolicy schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified ImageContentSourcePolicy
Table 13.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 13.13. Body parameters
ParameterTypeDescription

body

ImageContentSourcePolicy schema

 
Table 13.14. HTTP responses
HTTP codeReponse body

200 - OK

ImageContentSourcePolicy schema

201 - Created

ImageContentSourcePolicy schema

401 - Unauthorized

Empty

13.2.3. /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies/{name}/status

Table 13.15. Global path parameters
ParameterTypeDescription

name

string

name of the ImageContentSourcePolicy

HTTP method
GET
Description
read status of the specified ImageContentSourcePolicy
Table 13.16. HTTP responses
HTTP codeReponse body

200 - OK

ImageContentSourcePolicy schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified ImageContentSourcePolicy
Table 13.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 13.18. HTTP responses
HTTP codeReponse body

200 - OK

ImageContentSourcePolicy schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified ImageContentSourcePolicy
Table 13.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 13.20. Body parameters
ParameterTypeDescription

body

ImageContentSourcePolicy schema

 
Table 13.21. HTTP responses
HTTP codeReponse body

200 - OK

ImageContentSourcePolicy schema

201 - Created

ImageContentSourcePolicy schema

401 - Unauthorized

Empty

Chapter 14. ImagePruner [imageregistry.operator.openshift.io/v1]

Description
ImagePruner is the configuration object for an image registry pruner managed by the registry operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • metadata
  • spec

14.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ImagePrunerSpec defines the specs for the running image pruner.

status

object

ImagePrunerStatus reports image pruner operational status.

14.1.1. .spec

Description
ImagePrunerSpec defines the specs for the running image pruner.
Type
object
PropertyTypeDescription

affinity

object

affinity is a group of node affinity scheduling rules for the image pruner pod.

failedJobsHistoryLimit

integer

failedJobsHistoryLimit specifies how many failed image pruner jobs to retain. Defaults to 3 if not set.

ignoreInvalidImageReferences

boolean

ignoreInvalidImageReferences indicates whether the pruner can ignore errors while parsing image references.

keepTagRevisions

integer

keepTagRevisions specifies the number of image revisions for a tag in an image stream that will be preserved. Defaults to 3.

keepYoungerThan

integer

keepYoungerThan specifies the minimum age in nanoseconds of an image and its referrers for it to be considered a candidate for pruning. DEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. If both are set, this field is ignored and keepYoungerThanDuration takes precedence.

keepYoungerThanDuration

string

keepYoungerThanDuration specifies the minimum age of an image and its referrers for it to be considered a candidate for pruning. Defaults to 60m (60 minutes).

logLevel

string

logLevel sets the level of log output for the pruner job. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

nodeSelector

object (string)

nodeSelector defines the node selection constraints for the image pruner pod.

resources

object

resources defines the resource requests and limits for the image pruner pod.

schedule

string

schedule specifies when to execute the job using standard cronjob syntax: https://wikipedia.org/wiki/Cron. Defaults to 0 0 * * *.

successfulJobsHistoryLimit

integer

successfulJobsHistoryLimit specifies how many successful image pruner jobs to retain. Defaults to 3 if not set.

suspend

boolean

suspend specifies whether or not to suspend subsequent executions of this cronjob. Defaults to false.

tolerations

array

tolerations defines the node tolerations for the image pruner pod.

tolerations[]

object

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.

14.1.2. .spec.affinity

Description
affinity is a group of node affinity scheduling rules for the image pruner pod.
Type
object
PropertyTypeDescription

nodeAffinity

object

Describes node affinity scheduling rules for the pod.

podAffinity

object

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

object

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

14.1.3. .spec.affinity.nodeAffinity

Description
Describes node affinity scheduling rules for the pod.
Type
object
PropertyTypeDescription

preferredDuringSchedulingIgnoredDuringExecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringExecution[]

object

An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).

requiredDuringSchedulingIgnoredDuringExecution

object

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

14.1.4. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution

Description
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
Type
array

14.1.5. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[]

Description
An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
Type
object
Required
  • preference
  • weight
PropertyTypeDescription

preference

object

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

14.1.6. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference

Description
A node selector term, associated with the corresponding weight.
Type
object
PropertyTypeDescription

matchExpressions

array

A list of node selector requirements by node’s labels.

matchExpressions[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchFields

array

A list of node selector requirements by node’s fields.

matchFields[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

14.1.7. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions

Description
A list of node selector requirements by node’s labels.
Type
array

14.1.8. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[]

Description
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

14.1.9. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields

Description
A list of node selector requirements by node’s fields.
Type
array

14.1.10. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields[]

Description
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

14.1.11. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

Description
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
Type
object
Required
  • nodeSelectorTerms
PropertyTypeDescription

nodeSelectorTerms

array

Required. A list of node selector terms. The terms are ORed.

nodeSelectorTerms[]

object

A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.

14.1.12. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms

Description
Required. A list of node selector terms. The terms are ORed.
Type
array

14.1.13. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[]

Description
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
Type
object
PropertyTypeDescription

matchExpressions

array

A list of node selector requirements by node’s labels.

matchExpressions[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchFields

array

A list of node selector requirements by node’s fields.

matchFields[]

object

A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

14.1.14. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions

Description
A list of node selector requirements by node’s labels.
Type
array

14.1.15. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[]

Description
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

14.1.16. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields

Description
A list of node selector requirements by node’s fields.
Type
array

14.1.17. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields[]

Description
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

array (string)

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

14.1.18. .spec.affinity.podAffinity

Description
Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
Type
object
PropertyTypeDescription

preferredDuringSchedulingIgnoredDuringExecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringExecution[]

object

The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)

requiredDuringSchedulingIgnoredDuringExecution

array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

requiredDuringSchedulingIgnoredDuringExecution[]

object

Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running

14.1.19. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution

Description
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
Type
array

14.1.20. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[]

Description
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
Type
object
Required
  • podAffinityTerm
  • weight
PropertyTypeDescription

podAffinityTerm

object

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

14.1.21. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm

Description
Required. A pod affinity term, associated with the corresponding weight.
Type
object
Required
  • topologyKey
PropertyTypeDescription

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

14.1.22. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector

Description
A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

14.1.23. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

14.1.24. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

14.1.25. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector

Description
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

14.1.26. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

14.1.27. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

14.1.28. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution

Description
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Type
array

14.1.29. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[]

Description
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
Type
object
Required
  • topologyKey
PropertyTypeDescription

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

14.1.30. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector

Description
A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

14.1.31. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

14.1.32. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

14.1.33. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector

Description
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

14.1.34. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

14.1.35. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

14.1.36. .spec.affinity.podAntiAffinity

Description
Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
Type
object
PropertyTypeDescription

preferredDuringSchedulingIgnoredDuringExecution

array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

preferredDuringSchedulingIgnoredDuringExecution[]

object

The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)

requiredDuringSchedulingIgnoredDuringExecution

array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

requiredDuringSchedulingIgnoredDuringExecution[]

object

Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running

14.1.37. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution

Description
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
Type
array

14.1.38. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[]

Description
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
Type
object
Required
  • podAffinityTerm
  • weight
PropertyTypeDescription

podAffinityTerm

object

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

14.1.39. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm

Description
Required. A pod affinity term, associated with the corresponding weight.
Type
object
Required
  • topologyKey
PropertyTypeDescription

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

14.1.40. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector

Description
A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

14.1.41. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

14.1.42. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

14.1.43. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector

Description
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

14.1.44. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

14.1.45. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

14.1.46. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution

Description
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Type
array

14.1.47. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[]

Description
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
Type
object
Required
  • topologyKey
PropertyTypeDescription

labelSelector

object

A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.

matchLabelKeys

array (string)

MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

mismatchLabelKeys

array (string)

MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod’s pod (anti) affinity. Keys that don’t exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn’t set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.

namespaceSelector

object

A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.

namespaces

array (string)

namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace".

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

14.1.48. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector

Description
A label query over a set of resources, in this case pods. If it’s null, this PodAffinityTerm matches with no Pods.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

14.1.49. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

14.1.50. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

14.1.51. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector

Description
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

14.1.52. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

14.1.53. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

14.1.54. .spec.resources

Description
resources defines the resource requests and limits for the image pruner pod.
Type
object
PropertyTypeDescription

claims

array

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.

claims[]

object

ResourceClaim references one entry in PodSpec.ResourceClaims.

limits

integer-or-string

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests

integer-or-string

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

14.1.55. .spec.resources.claims

Description
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
Type
array

14.1.56. .spec.resources.claims[]

Description
ResourceClaim references one entry in PodSpec.ResourceClaims.
Type
object
Required
  • name
PropertyTypeDescription

name

string

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

14.1.57. .spec.tolerations

Description
tolerations defines the node tolerations for the image pruner pod.
Type
array

14.1.58. .spec.tolerations[]

Description
The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Type
object
PropertyTypeDescription

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

14.1.59. .status

Description
ImagePrunerStatus reports image pruner operational status.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status.

conditions[]

object

OperatorCondition is just the standard condition fields.

observedGeneration

integer

observedGeneration is the last generation change that has been applied.

14.1.60. .status.conditions

Description
conditions is a list of conditions and their status.
Type
array

14.1.61. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

14.2. API endpoints

The following API endpoints are available:

  • /apis/imageregistry.operator.openshift.io/v1/imagepruners

    • DELETE: delete collection of ImagePruner
    • GET: list objects of kind ImagePruner
    • POST: create an ImagePruner
  • /apis/imageregistry.operator.openshift.io/v1/imagepruners/{name}

    • DELETE: delete an ImagePruner
    • GET: read the specified ImagePruner
    • PATCH: partially update the specified ImagePruner
    • PUT: replace the specified ImagePruner
  • /apis/imageregistry.operator.openshift.io/v1/imagepruners/{name}/status

    • GET: read status of the specified ImagePruner
    • PATCH: partially update status of the specified ImagePruner
    • PUT: replace status of the specified ImagePruner

14.2.1. /apis/imageregistry.operator.openshift.io/v1/imagepruners

HTTP method
DELETE
Description
delete collection of ImagePruner
Table 14.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind ImagePruner
Table 14.2. HTTP responses
HTTP codeReponse body

200 - OK

ImagePrunerList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create an ImagePruner
Table 14.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 14.4. Body parameters
ParameterTypeDescription

body

ImagePruner schema

 
Table 14.5. HTTP responses
HTTP codeReponse body

200 - OK

ImagePruner schema

201 - Created

ImagePruner schema

202 - Accepted

ImagePruner schema

401 - Unauthorized

Empty

14.2.2. /apis/imageregistry.operator.openshift.io/v1/imagepruners/{name}

Table 14.6. Global path parameters
ParameterTypeDescription

name

string

name of the ImagePruner

HTTP method
DELETE
Description
delete an ImagePruner
Table 14.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 14.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified ImagePruner
Table 14.9. HTTP responses
HTTP codeReponse body

200 - OK

ImagePruner schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified ImagePruner
Table 14.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 14.11. HTTP responses
HTTP codeReponse body

200 - OK

ImagePruner schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified ImagePruner
Table 14.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 14.13. Body parameters
ParameterTypeDescription

body

ImagePruner schema

 
Table 14.14. HTTP responses
HTTP codeReponse body

200 - OK

ImagePruner schema

201 - Created

ImagePruner schema

401 - Unauthorized

Empty

14.2.3. /apis/imageregistry.operator.openshift.io/v1/imagepruners/{name}/status

Table 14.15. Global path parameters
ParameterTypeDescription

name

string

name of the ImagePruner

HTTP method
GET
Description
read status of the specified ImagePruner
Table 14.16. HTTP responses
HTTP codeReponse body

200 - OK

ImagePruner schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified ImagePruner
Table 14.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 14.18. HTTP responses
HTTP codeReponse body

200 - OK

ImagePruner schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified ImagePruner
Table 14.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 14.20. Body parameters
ParameterTypeDescription

body

ImagePruner schema

 
Table 14.21. HTTP responses
HTTP codeReponse body

200 - OK

ImagePruner schema

201 - Created

ImagePruner schema

401 - Unauthorized

Empty

Chapter 15. IngressController [operator.openshift.io/v1]

Description
IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources. When an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out. https://kubernetes.io/docs/concepts/services-networking/ingress-controllers Whenever possible, sensible defaults for the platform are used. See each field for more details. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

15.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the IngressController.

status

object

status is the most recently observed status of the IngressController.

15.1.1. .spec

Description
spec is the specification of the desired behavior of the IngressController.
Type
object
PropertyTypeDescription

clientTLS

object

clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.

defaultCertificate

object

defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don’t specify their own certificate, defaultCertificate is used. The secret must contain the following keys and data: tls.crt: certificate file contents tls.key: key file contents If unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate’s CA will be automatically integrated with the cluster’s trust store. If a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing. The in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift’s built-in OAuth server.

domain

string

domain is a DNS name serviced by the ingress controller and is used to configure multiple features: * For the LoadBalancerService endpoint publishing strategy, domain is used to configure DNS records. See endpointPublishingStrategy. * When using a generated default certificate, the certificate will be valid for domain and its subdomains. See defaultCertificate. * The value is published to individual Route statuses so that end-users know where to target external DNS records. domain must be unique among all IngressControllers, and cannot be updated. If empty, defaults to ingress.config.openshift.io/cluster .spec.domain.

endpointPublishingStrategy

object

endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc. If unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform: AWS: LoadBalancerService (with External scope) Azure: LoadBalancerService (with External scope) GCP: LoadBalancerService (with External scope) IBMCloud: LoadBalancerService (with External scope) AlibabaCloud: LoadBalancerService (with External scope) Libvirt: HostNetwork Any other platform types (including None) default to HostNetwork. endpointPublishingStrategy cannot be updated.

httpCompression

object

httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.

httpEmptyRequestsPolicy

string

httpEmptyRequestsPolicy describes how HTTP connections should be handled if the connection times out before a request is received. Allowed values for this field are "Respond" and "Ignore". If the field is set to "Respond", the ingress controller sends an HTTP 400 or 408 response, logs the connection (if access logging is enabled), and counts the connection in the appropriate metrics. If the field is set to "Ignore", the ingress controller closes the connection without sending a response, logging the connection, or incrementing metrics. The default value is "Respond". Typically, these connections come from load balancers' health probes or Web browsers' speculative connections ("preconnect") and can be safely ignored. However, these requests may also be caused by network errors, and so setting this field to "Ignore" may impede detection and diagnosis of problems. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts.

httpErrorCodePages

object

httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format "error-page-<error code>.http", where <error code> is an HTTP error code. For example, "error-page-503.http" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.

httpHeaders

object

httpHeaders defines policy for HTTP headers. If this field is empty, the default values are used.

logging

object

logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.

namespaceSelector

object

namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards. If unset, the default is no filtering.

nodePlacement

object

nodePlacement enables explicit control over the scheduling of the ingress controller. If unset, defaults are used. See NodePlacement for more details.

replicas

integer

replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. The value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field’s value is SingleReplica or HighlyAvailable, respectively. These defaults are subject to change.

routeAdmission

object

routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces). If empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.

routeSelector

object

routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards. If unset, the default is no filtering.

tlsSecurityProfile

object

tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.

tuningOptions

object

tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details. Setting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.

unsupportedConfigOverrides

``

unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.

15.1.2. .spec.clientTLS

Description
clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.
Type
object
Required
  • clientCA
  • clientCertificatePolicy
PropertyTypeDescription

allowedSubjectPatterns

array (string)

allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate’s distinguished name or else the ingress controller rejects the certificate and denies the connection.

clientCA

object

clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client’s certificate. The administrator must create this configmap in the openshift-config namespace.

clientCertificatePolicy

string

clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values "Required" or "Optional". Note that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.

15.1.3. .spec.clientTLS.clientCA

Description
clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client’s certificate. The administrator must create this configmap in the openshift-config namespace.
Type
object
Required
  • name
PropertyTypeDescription

name

string

name is the metadata.name of the referenced config map

15.1.4. .spec.defaultCertificate

Description
defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don’t specify their own certificate, defaultCertificate is used. The secret must contain the following keys and data: tls.crt: certificate file contents tls.key: key file contents If unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate’s CA will be automatically integrated with the cluster’s trust store. If a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing. The in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift’s built-in OAuth server.
Type
object
PropertyTypeDescription

name

string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop kubebuilder:default when controller-gen doesn’t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.

15.1.5. .spec.endpointPublishingStrategy

Description
endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc. If unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform: AWS: LoadBalancerService (with External scope) Azure: LoadBalancerService (with External scope) GCP: LoadBalancerService (with External scope) IBMCloud: LoadBalancerService (with External scope) AlibabaCloud: LoadBalancerService (with External scope) Libvirt: HostNetwork Any other platform types (including None) default to HostNetwork. endpointPublishingStrategy cannot be updated.
Type
object
Required
  • type
PropertyTypeDescription

hostNetwork

object

hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.

loadBalancer

object

loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.

nodePort

object

nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.

private

object

private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.

type

string

type is the publishing strategy to use. Valid values are: * LoadBalancerService Publishes the ingress controller using a Kubernetes LoadBalancer Service. In this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment. See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer If domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service’s external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. Wildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms. * HostNetwork Publishes the ingress controller on node ports where the ingress controller is deployed. In this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports. * Private Does not publish the ingress controller. In this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller. * NodePortService Publishes the ingress controller using a Kubernetes NodePort Service. In this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved.

15.1.6. .spec.endpointPublishingStrategy.hostNetwork

Description
hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.
Type
object
PropertyTypeDescription

httpPort

integer

httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80.

httpsPort

integer

httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443.

protocol

string

protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.

statsPort

integer

statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936.

15.1.7. .spec.endpointPublishingStrategy.loadBalancer

Description
loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.
Type
object
Required
  • dnsManagementPolicy
  • scope
PropertyTypeDescription

allowedSourceRanges

``

allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted. Each range must be specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, which allows all source addresses. To facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the "router-<ingresscontroller name>" service in the "openshift-ingress" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12.

dnsManagementPolicy

string

dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged.

providerParameters

object

providerParameters holds desired load balancer information specific to the underlying infrastructure provider. If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.

scope

string

scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal".

15.1.8. .spec.endpointPublishingStrategy.loadBalancer.providerParameters

Description
providerParameters holds desired load balancer information specific to the underlying infrastructure provider. If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.
Type
object
Required
  • type
PropertyTypeDescription

aws

object

aws provides configuration settings that are specific to AWS load balancers. If empty, defaults will be applied. See specific aws fields for details about their defaults.

gcp

object

gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults.

ibm

object

ibm provides configuration settings that are specific to IBM Cloud load balancers. If empty, defaults will be applied. See specific ibm fields for details about their defaults.

type

string

type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and "VSphere".

15.1.9. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws

Description
aws provides configuration settings that are specific to AWS load balancers. If empty, defaults will be applied. See specific aws fields for details about their defaults.
Type
object
Required
  • type
PropertyTypeDescription

classicLoadBalancer

object

classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.

networkLoadBalancer

object

networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.

type

string

type is the type of AWS load balancer to instantiate for an ingresscontroller. Valid values are: * "Classic": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb * "NLB": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb

15.1.10. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer

Description
classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.
Type
object
PropertyTypeDescription

connectionIdleTimeout

string

connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see https://pkg.go.dev/time#ParseDuration. A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.

subnets

object

subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.

15.1.11. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets

Description
subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
Type
object
PropertyTypeDescription

ids

array (string)

ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with "subnet-", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.

names

array (string)

names specifies a list of AWS subnets by subnet name. Subnet names must not start with "subnet-", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.

15.1.12. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer

Description
networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.
Type
object
PropertyTypeDescription

eipAllocations

array (string)

eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply: eipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.

subnets

object

subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.

15.1.13. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.subnets

Description
subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
Type
object
PropertyTypeDescription

ids

array (string)

ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with "subnet-", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.

names

array (string)

names specifies a list of AWS subnets by subnet name. Subnet names must not start with "subnet-", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.

15.1.14. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.gcp

Description
gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults.
Type
object
PropertyTypeDescription

clientAccess

string

clientAccess describes how client access is restricted for internal load balancers. Valid values are: * "Global": Specifying an internal load balancer with Global client access allows clients from any region within the VPC to communicate with the load balancer. https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access * "Local": Specifying an internal load balancer with Local client access means only clients within the same region (and VPC) as the GCP load balancer can communicate with the load balancer. Note that this is the default behavior. https://cloud.google.com/load-balancing/docs/internal#client_access

15.1.15. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.ibm

Description
ibm provides configuration settings that are specific to IBM Cloud load balancers. If empty, defaults will be applied. See specific ibm fields for details about their defaults.
Type
object
PropertyTypeDescription

protocol

string

protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. Valid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled.

15.1.16. .spec.endpointPublishingStrategy.nodePort

Description
nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.
Type
object
PropertyTypeDescription

protocol

string

protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.

15.1.17. .spec.endpointPublishingStrategy.private

Description
private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.
Type
object
PropertyTypeDescription

protocol

string

protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.

15.1.18. .spec.httpCompression

Description
httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.
Type
object
PropertyTypeDescription

mimeTypes

array (string)

mimeTypes is a list of MIME types that should have compression applied. This list can be empty, in which case the ingress controller does not apply compression. Note: Not all MIME types benefit from compression, but HAProxy will still use resources to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) formats benefit from compression, but formats that are already compressed (image, audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2

15.1.19. .spec.httpErrorCodePages

Description
httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format "error-page-<error code>.http", where <error code> is an HTTP error code. For example, "error-page-503.http" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.
Type
object
Required
  • name
PropertyTypeDescription

name

string

name is the metadata.name of the referenced config map

15.1.20. .spec.httpHeaders

Description
httpHeaders defines policy for HTTP headers. If this field is empty, the default values are used.
Type
object
PropertyTypeDescription

actions

object

actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (Strict-Transport-Security) header is not supported via actions. Strict-Transport-Security may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController’s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route’s spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers after interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.

forwardedHeaderPolicy

string

forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following: * "Append", which specifies that the IngressController appends the headers, preserving existing headers. * "Replace", which specifies that the IngressController sets the headers, replacing any existing Forwarded or X-Forwarded-* headers. * "IfNone", which specifies that the IngressController sets the headers if they are not already set. * "Never", which specifies that the IngressController never sets the headers, preserving any existing headers. By default, the policy is "Append".

headerNameCaseAdjustments

``

headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying "X-Forwarded-For" indicates that the "x-forwarded-for" HTTP header should be adjusted to have the specified capitalization. These adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1. For request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses. If this field is empty, no request headers are adjusted.

uniqueId

object

uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests. If this field is empty, no such header is injected into requests.

15.1.21. .spec.httpHeaders.actions

Description
actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (Strict-Transport-Security) header is not supported via actions. Strict-Transport-Security may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController’s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route’s spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers after interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.
Type
object
PropertyTypeDescription

request

array

request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either Set or Delete headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".

request[]

object

IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.

response

array

response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either Set or Delete headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".

response[]

object

IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.

15.1.22. .spec.httpHeaders.actions.request

Description
request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either Set or Delete headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
Type
array

15.1.23. .spec.httpHeaders.actions.request[]

Description
IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.
Type
object
Required
  • action
  • name
PropertyTypeDescription

action

object

action specifies actions to perform on headers, such as setting or deleting headers.

name

string

name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.

15.1.24. .spec.httpHeaders.actions.request[].action

Description
action specifies actions to perform on headers, such as setting or deleting headers.
Type
object
Required
  • type
PropertyTypeDescription

set

object

set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.

type

string

type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.

15.1.25. .spec.httpHeaders.actions.request[].action.set

Description
set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
Type
object
Required
  • value
PropertyTypeDescription

value

string

value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy’s %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers after interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.

15.1.26. .spec.httpHeaders.actions.response

Description
response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either Set or Delete headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
Type
array

15.1.27. .spec.httpHeaders.actions.response[]

Description
IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.
Type
object
Required
  • action
  • name
PropertyTypeDescription

action

object

action specifies actions to perform on headers, such as setting or deleting headers.

name

string

name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.

15.1.28. .spec.httpHeaders.actions.response[].action

Description
action specifies actions to perform on headers, such as setting or deleting headers.
Type
object
Required
  • type
PropertyTypeDescription

set

object

set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.

type

string

type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.

15.1.29. .spec.httpHeaders.actions.response[].action.set

Description
set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
Type
object
Required
  • value
PropertyTypeDescription

value

string

value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy’s %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers after interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.

15.1.30. .spec.httpHeaders.uniqueId

Description
uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests. If this field is empty, no such header is injected into requests.
Type
object
PropertyTypeDescription

format

string

format specifies the format for the injected HTTP header’s value. This field has no effect unless name is specified. For the HAProxy-based ingress controller implementation, this format uses the same syntax as the HTTP log format. If the field is empty, the default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the corresponding HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3

name

string

name specifies the name of the HTTP header (for example, "unique-id") that the ingress controller should inject into HTTP requests. The field’s value must be a valid HTTP header name as defined in RFC 2616 section 4.2. If the field is empty, no header is injected.

15.1.31. .spec.logging

Description
logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.
Type
object
PropertyTypeDescription

access

object

access describes how the client requests should be logged. If this field is empty, access logging is disabled.

15.1.32. .spec.logging.access

Description
access describes how the client requests should be logged. If this field is empty, access logging is disabled.
Type
object
Required
  • destination
PropertyTypeDescription

destination

object

destination is where access logs go.

httpCaptureCookies

``

httpCaptureCookies specifies HTTP cookies that should be captured in access logs. If this field is empty, no cookies are captured.

httpCaptureHeaders

object

httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.

httpLogFormat

string

httpLogFormat specifies the format of the log message for an HTTP request. If this field is empty, log messages use the implementation’s default HTTP log format. For HAProxy’s default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 Note that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). It does not affect the log format for TLS passthrough connections.

logEmptyRequests

string

logEmptyRequests specifies how connections on which no request is received should be logged. Typically, these empty requests come from load balancers' health probes or Web browsers' speculative connections ("preconnect"), in which case logging these requests may be undesirable. However, these requests may also be caused by network errors, in which case logging empty requests may be useful for diagnosing the errors. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts. Allowed values for this field are "Log" and "Ignore". The default value is "Log".

15.1.33. .spec.logging.access.destination

Description
destination is where access logs go.
Type
object
Required
  • type
PropertyTypeDescription

container

object

container holds parameters for the Container logging destination. Present only if type is Container.

syslog

object

syslog holds parameters for a syslog endpoint. Present only if type is Syslog.

type

string

type is the type of destination for logs. It must be one of the following: * Container The ingress operator configures the sidecar container named "logs" on the ingress controller pod and configures the ingress controller to write logs to the sidecar. The logs are then available as container logs. The expectation is that the administrator configures a custom logging solution that reads logs from this sidecar. Note that using container logs means that logs may be dropped if the rate of logs exceeds the container runtime’s or the custom logging solution’s capacity. * Syslog Logs are sent to a syslog endpoint. The administrator must specify an endpoint that can receive syslog messages. The expectation is that the administrator has configured a custom syslog instance.

15.1.34. .spec.logging.access.destination.container

Description
container holds parameters for the Container logging destination. Present only if type is Container.
Type
object
PropertyTypeDescription

maxLength

integer

maxLength is the maximum length of the log message. Valid values are integers in the range 480 to 8192, inclusive. When omitted, the default value is 1024.

15.1.35. .spec.logging.access.destination.syslog

Description
syslog holds parameters for a syslog endpoint. Present only if type is Syslog.
Type
object
Required
  • address
  • port
PropertyTypeDescription

address

string

address is the IP address of the syslog endpoint that receives log messages.

facility

string

facility specifies the syslog facility of log messages. If this field is empty, the facility is "local1".

maxLength

integer

maxLength is the maximum length of the log message. Valid values are integers in the range 480 to 4096, inclusive. When omitted, the default value is 1024.

port

integer

port is the UDP port number of the syslog endpoint that receives log messages.

15.1.36. .spec.logging.access.httpCaptureHeaders

Description
httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.
Type
object
PropertyTypeDescription

request

``

request specifies which HTTP request headers to capture. If this field is empty, no request headers are captured.

response

``

response specifies which HTTP response headers to capture. If this field is empty, no response headers are captured.

15.1.37. .spec.namespaceSelector

Description
namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards. If unset, the default is no filtering.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

15.1.38. .spec.namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

15.1.39. .spec.namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

15.1.40. .spec.nodePlacement

Description
nodePlacement enables explicit control over the scheduling of the ingress controller. If unset, defaults are used. See NodePlacement for more details.
Type
object
PropertyTypeDescription

nodeSelector

object

nodeSelector is the node selector applied to ingress controller deployments. If set, the specified selector is used and replaces the default. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. When defaultPlacement is Workers, the default is: kubernetes.io/os: linux node-role.kubernetes.io/worker: '' When defaultPlacement is ControlPlane, the default is: kubernetes.io/os: linux node-role.kubernetes.io/master: '' These defaults are subject to change. Note that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.

tolerations

array

tolerations is a list of tolerations applied to ingress controller deployments. The default is an empty list. See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

tolerations[]

object

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.

15.1.41. .spec.nodePlacement.nodeSelector

Description
nodeSelector is the node selector applied to ingress controller deployments. If set, the specified selector is used and replaces the default. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. When defaultPlacement is Workers, the default is: kubernetes.io/os: linux node-role.kubernetes.io/worker: '' When defaultPlacement is ControlPlane, the default is: kubernetes.io/os: linux node-role.kubernetes.io/master: '' These defaults are subject to change. Note that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

15.1.42. .spec.nodePlacement.nodeSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

15.1.43. .spec.nodePlacement.nodeSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

15.1.44. .spec.nodePlacement.tolerations

Description
tolerations is a list of tolerations applied to ingress controller deployments. The default is an empty list. See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
Type
array

15.1.45. .spec.nodePlacement.tolerations[]

Description
The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Type
object
PropertyTypeDescription

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

15.1.46. .spec.routeAdmission

Description
routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces). If empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.
Type
object
PropertyTypeDescription

namespaceOwnership

string

namespaceOwnership describes how host name claims across namespaces should be handled. Value must be one of: - Strict: Do not allow routes in different namespaces to claim the same host. - InterNamespaceAllowed: Allow routes to claim different paths of the same host name across namespaces. If empty, the default is Strict.

wildcardPolicy

string

wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route’s wildcard policy. [1] https://github.com/openshift/api/blob/master/route/v1/types.go Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller. WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. If empty, defaults to "WildcardsDisallowed".

15.1.47. .spec.routeSelector

Description
routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards. If unset, the default is no filtering.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

15.1.48. .spec.routeSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

15.1.49. .spec.routeSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

15.1.50. .spec.tlsSecurityProfile

Description
tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.
Type
object
PropertyTypeDescription

custom

``

custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11

intermediate

``

intermediate is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12

modern

``

modern is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13

old

``

old is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10

type

string

type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.

15.1.51. .spec.tuningOptions

Description
tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details. Setting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.
Type
object
PropertyTypeDescription

clientFinTimeout

string

clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection. If unset, the default timeout is 1s

clientTimeout

string

clientTimeout defines how long a connection will be held open while waiting for a client response. If unset, the default timeout is 30s

connectTimeout

string

ConnectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". When omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.

headerBufferBytes

integer

headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes. Setting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary.

headerBufferMaxRewriteBytes

integer

headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes. Setting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary.

healthCheckInterval

string

healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation "router.openshift.io/haproxy.health.check.interval". Expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". Setting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven’t yet been detected as such. An empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s. Currently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.

maxConnections

integer

maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed. Permitted values are: empty, 0, -1, and the range 2000-2000000. If this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases. If the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000. Setting a value that is greater than the current operating system limit will prevent the HAProxy process from starting. If you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there’s no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime. You can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. You can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.

reloadInterval

string

reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend’s servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy’s configuration can take effect more quickly. The value must be a time duration value; see https://pkg.go.dev/time#ParseDuration. Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default). A zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". Note: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy’s configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.

serverFinTimeout

string

serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection. If unset, the default timeout is 1s

serverTimeout

string

serverTimeout defines how long a connection will be held open while waiting for a server/backend response. If unset, the default timeout is 30s

threadCount

integer

threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases. Setting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.

tlsInspectDelay

string

tlsInspectDelay defines how long the router can hold data to find a matching route. Setting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used. If unset, the default inspect delay is 5s

tunnelTimeout

string

tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle. If unset, the default timeout is 1h

15.1.52. .status

Description
status is the most recently observed status of the IngressController.
Type
object
PropertyTypeDescription

availableReplicas

integer

availableReplicas is number of observed available replicas according to the ingress controller deployment.

conditions

array

conditions is a list of conditions and their status. Available means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas) There are additional conditions which indicate the status of other ingress controller features and capabilities. * LoadBalancerManaged - True if the following conditions are met: * The endpoint publishing strategy requires a service load balancer. - False if any of those conditions are unsatisfied. * LoadBalancerReady - True if the following conditions are met: * A load balancer is managed. * The load balancer is ready. - False if any of those conditions are unsatisfied. * DNSManaged - True if the following conditions are met: * The endpoint publishing strategy and platform support DNS. * The ingress controller domain is set. * dns.config.openshift.io/cluster configures DNS zones. - False if any of those conditions are unsatisfied. * DNSReady - True if the following conditions are met: * DNS is managed. * DNS records have been successfully created. - False if any of those conditions are unsatisfied.

conditions[]

object

OperatorCondition is just the standard condition fields.

domain

string

domain is the actual domain in use.

endpointPublishingStrategy

object

endpointPublishingStrategy is the actual strategy in use.

namespaceSelector

object

namespaceSelector is the actual namespaceSelector in use.

observedGeneration

integer

observedGeneration is the most recent generation observed.

routeSelector

object

routeSelector is the actual routeSelector in use.

selector

string

selector is a label selector, in string format, for ingress controller pods corresponding to the IngressController. The number of matching pods should equal the value of availableReplicas.

tlsProfile

object

tlsProfile is the TLS connection configuration that is in effect.

15.1.53. .status.conditions

Description
conditions is a list of conditions and their status. Available means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas) There are additional conditions which indicate the status of other ingress controller features and capabilities. * LoadBalancerManaged - True if the following conditions are met: * The endpoint publishing strategy requires a service load balancer. - False if any of those conditions are unsatisfied. * LoadBalancerReady - True if the following conditions are met: * A load balancer is managed. * The load balancer is ready. - False if any of those conditions are unsatisfied. * DNSManaged - True if the following conditions are met: * The endpoint publishing strategy and platform support DNS. * The ingress controller domain is set. * dns.config.openshift.io/cluster configures DNS zones. - False if any of those conditions are unsatisfied. * DNSReady - True if the following conditions are met: * DNS is managed. * DNS records have been successfully created. - False if any of those conditions are unsatisfied.
Type
array

15.1.54. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

15.1.55. .status.endpointPublishingStrategy

Description
endpointPublishingStrategy is the actual strategy in use.
Type
object
Required
  • type
PropertyTypeDescription

hostNetwork

object

hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.

loadBalancer

object

loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.

nodePort

object

nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.

private

object

private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.

type

string

type is the publishing strategy to use. Valid values are: * LoadBalancerService Publishes the ingress controller using a Kubernetes LoadBalancer Service. In this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment. See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer If domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service’s external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. Wildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms. * HostNetwork Publishes the ingress controller on node ports where the ingress controller is deployed. In this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports. * Private Does not publish the ingress controller. In this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller. * NodePortService Publishes the ingress controller using a Kubernetes NodePort Service. In this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved.

15.1.56. .status.endpointPublishingStrategy.hostNetwork

Description
hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.
Type
object
PropertyTypeDescription

httpPort

integer

httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80.

httpsPort

integer

httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443.

protocol

string

protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.

statsPort

integer

statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936.

15.1.57. .status.endpointPublishingStrategy.loadBalancer

Description
loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.
Type
object
Required
  • dnsManagementPolicy
  • scope
PropertyTypeDescription

allowedSourceRanges

``

allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted. Each range must be specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, which allows all source addresses. To facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the "router-<ingresscontroller name>" service in the "openshift-ingress" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12.

dnsManagementPolicy

string

dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged.

providerParameters

object

providerParameters holds desired load balancer information specific to the underlying infrastructure provider. If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.

scope

string

scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal".

15.1.58. .status.endpointPublishingStrategy.loadBalancer.providerParameters

Description
providerParameters holds desired load balancer information specific to the underlying infrastructure provider. If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.
Type
object
Required
  • type
PropertyTypeDescription

aws

object

aws provides configuration settings that are specific to AWS load balancers. If empty, defaults will be applied. See specific aws fields for details about their defaults.

gcp

object

gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults.

ibm

object

ibm provides configuration settings that are specific to IBM Cloud load balancers. If empty, defaults will be applied. See specific ibm fields for details about their defaults.

type

string

type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and "VSphere".

15.1.59. .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws

Description
aws provides configuration settings that are specific to AWS load balancers. If empty, defaults will be applied. See specific aws fields for details about their defaults.
Type
object
Required
  • type
PropertyTypeDescription

classicLoadBalancer

object

classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.

networkLoadBalancer

object

networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.

type

string

type is the type of AWS load balancer to instantiate for an ingresscontroller. Valid values are: * "Classic": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb * "NLB": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb

15.1.60. .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer

Description
classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.
Type
object
PropertyTypeDescription

connectionIdleTimeout

string

connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see https://pkg.go.dev/time#ParseDuration. A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.

subnets

object

subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.

15.1.61. .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets

Description
subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
Type
object
PropertyTypeDescription

ids

array (string)

ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with "subnet-", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.

names

array (string)

names specifies a list of AWS subnets by subnet name. Subnet names must not start with "subnet-", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.

15.1.62. .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer

Description
networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.
Type
object
PropertyTypeDescription

eipAllocations

array (string)

eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply: eipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.

subnets

object

subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.

15.1.63. .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.subnets

Description
subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10. In order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values. When omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.
Type
object
PropertyTypeDescription

ids

array (string)

ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with "subnet-", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.

names

array (string)

names specifies a list of AWS subnets by subnet name. Subnet names must not start with "subnet-", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.

15.1.64. .status.endpointPublishingStrategy.loadBalancer.providerParameters.gcp

Description
gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults.
Type
object
PropertyTypeDescription

clientAccess

string

clientAccess describes how client access is restricted for internal load balancers. Valid values are: * "Global": Specifying an internal load balancer with Global client access allows clients from any region within the VPC to communicate with the load balancer. https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access * "Local": Specifying an internal load balancer with Local client access means only clients within the same region (and VPC) as the GCP load balancer can communicate with the load balancer. Note that this is the default behavior. https://cloud.google.com/load-balancing/docs/internal#client_access

15.1.65. .status.endpointPublishingStrategy.loadBalancer.providerParameters.ibm

Description
ibm provides configuration settings that are specific to IBM Cloud load balancers. If empty, defaults will be applied. See specific ibm fields for details about their defaults.
Type
object
PropertyTypeDescription

protocol

string

protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. Valid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled.

15.1.66. .status.endpointPublishingStrategy.nodePort

Description
nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.
Type
object
PropertyTypeDescription

protocol

string

protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.

15.1.67. .status.endpointPublishingStrategy.private

Description
private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.
Type
object
PropertyTypeDescription

protocol

string

protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.

15.1.68. .status.namespaceSelector

Description
namespaceSelector is the actual namespaceSelector in use.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

15.1.69. .status.namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

15.1.70. .status.namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

15.1.71. .status.routeSelector

Description
routeSelector is the actual routeSelector in use.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

15.1.72. .status.routeSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

15.1.73. .status.routeSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

15.1.74. .status.tlsProfile

Description
tlsProfile is the TLS connection configuration that is in effect.
Type
object
PropertyTypeDescription

ciphers

array (string)

ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - DES-CBC3-SHA

minTLSVersion

string

minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): minTLSVersion: VersionTLS11 NOTE: currently the highest minTLSVersion allowed is VersionTLS12

15.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/ingresscontrollers

    • GET: list objects of kind IngressController
  • /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers

    • DELETE: delete collection of IngressController
    • GET: list objects of kind IngressController
    • POST: create an IngressController
  • /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}

    • DELETE: delete an IngressController
    • GET: read the specified IngressController
    • PATCH: partially update the specified IngressController
    • PUT: replace the specified IngressController
  • /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}/scale

    • GET: read scale of the specified IngressController
    • PATCH: partially update scale of the specified IngressController
    • PUT: replace scale of the specified IngressController
  • /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}/status

    • GET: read status of the specified IngressController
    • PATCH: partially update status of the specified IngressController
    • PUT: replace status of the specified IngressController

15.2.1. /apis/operator.openshift.io/v1/ingresscontrollers

HTTP method
GET
Description
list objects of kind IngressController
Table 15.1. HTTP responses
HTTP codeReponse body

200 - OK

IngressControllerList schema

401 - Unauthorized

Empty

15.2.2. /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers

HTTP method
DELETE
Description
delete collection of IngressController
Table 15.2. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind IngressController
Table 15.3. HTTP responses
HTTP codeReponse body

200 - OK

IngressControllerList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create an IngressController
Table 15.4. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 15.5. Body parameters
ParameterTypeDescription

body

IngressController schema

 
Table 15.6. HTTP responses
HTTP codeReponse body

200 - OK

IngressController schema

201 - Created

IngressController schema

202 - Accepted

IngressController schema

401 - Unauthorized

Empty

15.2.3. /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}

Table 15.7. Global path parameters
ParameterTypeDescription

name

string

name of the IngressController

HTTP method
DELETE
Description
delete an IngressController
Table 15.8. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 15.9. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified IngressController
Table 15.10. HTTP responses
HTTP codeReponse body

200 - OK

IngressController schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified IngressController
Table 15.11. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 15.12. HTTP responses
HTTP codeReponse body

200 - OK

IngressController schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified IngressController
Table 15.13. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 15.14. Body parameters
ParameterTypeDescription

body

IngressController schema

 
Table 15.15. HTTP responses
HTTP codeReponse body

200 - OK

IngressController schema

201 - Created

IngressController schema

401 - Unauthorized

Empty

15.2.4. /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}/scale

Table 15.16. Global path parameters
ParameterTypeDescription

name

string

name of the IngressController

HTTP method
GET
Description
read scale of the specified IngressController
Table 15.17. HTTP responses
HTTP codeReponse body

200 - OK

Scale schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update scale of the specified IngressController
Table 15.18. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 15.19. HTTP responses
HTTP codeReponse body

200 - OK

Scale schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace scale of the specified IngressController
Table 15.20. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 15.21. Body parameters
ParameterTypeDescription

body

Scale schema

 
Table 15.22. HTTP responses
HTTP codeReponse body

200 - OK

Scale schema

201 - Created

Scale schema

401 - Unauthorized

Empty

15.2.5. /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}/status

Table 15.23. Global path parameters
ParameterTypeDescription

name

string

name of the IngressController

HTTP method
GET
Description
read status of the specified IngressController
Table 15.24. HTTP responses
HTTP codeReponse body

200 - OK

IngressController schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified IngressController
Table 15.25. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 15.26. HTTP responses
HTTP codeReponse body

200 - OK

IngressController schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified IngressController
Table 15.27. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 15.28. Body parameters
ParameterTypeDescription

body

IngressController schema

 
Table 15.29. HTTP responses
HTTP codeReponse body

200 - OK

IngressController schema

201 - Created

IngressController schema

401 - Unauthorized

Empty

Chapter 16. InsightsOperator [operator.openshift.io/v1]

Description
InsightsOperator holds cluster-wide information about the Insights Operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

16.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the Insights.

status

object

status is the most recently observed status of the Insights operator.

16.1.1. .spec

Description
spec is the specification of the desired behavior of the Insights.
Type
object
PropertyTypeDescription

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides

16.1.2. .status

Description
status is the most recently observed status of the Insights operator.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

gatherStatus

object

gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

insightsReport

object

insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

16.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

16.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

16.1.5. .status.gatherStatus

Description
gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.
Type
object
PropertyTypeDescription

gatherers

array

gatherers is a list of active gatherers (and their statuses) in the last gathering.

gatherers[]

object

gathererStatus represents information about a particular data gatherer.

lastGatherDuration

string

lastGatherDuration is the total time taken to process all gatherers during the last gather event.

lastGatherTime

string

lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.

16.1.6. .status.gatherStatus.gatherers

Description
gatherers is a list of active gatherers (and their statuses) in the last gathering.
Type
array

16.1.7. .status.gatherStatus.gatherers[]

Description
gathererStatus represents information about a particular data gatherer.
Type
object
Required
  • conditions
  • lastGatherDuration
  • name
PropertyTypeDescription

conditions

array

conditions provide details on the status of each gatherer.

conditions[]

object

Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo’s current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions" // other fields }

lastGatherDuration

string

lastGatherDuration represents the time spent gathering.

name

string

name is the name of the gatherer.

16.1.8. .status.gatherStatus.gatherers[].conditions

Description
conditions provide details on the status of each gatherer.
Type
array

16.1.9. .status.gatherStatus.gatherers[].conditions[]

Description
Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo’s current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions" // other fields }
Type
object
Required
  • lastTransitionTime
  • message
  • reason
  • status
  • type
PropertyTypeDescription

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

status

string

status of the condition, one of True, False, Unknown.

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

16.1.10. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

16.1.11. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

16.1.12. .status.insightsReport

Description
insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.
Type
object
PropertyTypeDescription

downloadedAt

string

downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).

healthChecks

array

healthChecks provides basic information about active Insights health checks in a cluster.

healthChecks[]

object

healthCheck represents an Insights health check attributes.

16.1.13. .status.insightsReport.healthChecks

Description
healthChecks provides basic information about active Insights health checks in a cluster.
Type
array

16.1.14. .status.insightsReport.healthChecks[]

Description
healthCheck represents an Insights health check attributes.
Type
object
Required
  • advisorURI
  • description
  • state
  • totalRisk
PropertyTypeDescription

advisorURI

string

advisorURI provides the URL link to the Insights Advisor.

description

string

description provides basic description of the healtcheck.

state

string

state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.

totalRisk

integer

totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.

16.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/insightsoperators

    • DELETE: delete collection of InsightsOperator
    • GET: list objects of kind InsightsOperator
    • POST: create an InsightsOperator
  • /apis/operator.openshift.io/v1/insightsoperators/{name}

    • DELETE: delete an InsightsOperator
    • GET: read the specified InsightsOperator
    • PATCH: partially update the specified InsightsOperator
    • PUT: replace the specified InsightsOperator
  • /apis/operator.openshift.io/v1/insightsoperators/{name}/scale

    • GET: read scale of the specified InsightsOperator
    • PATCH: partially update scale of the specified InsightsOperator
    • PUT: replace scale of the specified InsightsOperator
  • /apis/operator.openshift.io/v1/insightsoperators/{name}/status

    • GET: read status of the specified InsightsOperator
    • PATCH: partially update status of the specified InsightsOperator
    • PUT: replace status of the specified InsightsOperator

16.2.1. /apis/operator.openshift.io/v1/insightsoperators

HTTP method
DELETE
Description
delete collection of InsightsOperator
Table 16.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind InsightsOperator
Table 16.2. HTTP responses
HTTP codeReponse body

200 - OK

InsightsOperatorList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create an InsightsOperator
Table 16.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 16.4. Body parameters
ParameterTypeDescription

body

InsightsOperator schema

 
Table 16.5. HTTP responses
HTTP codeReponse body

200 - OK

InsightsOperator schema

201 - Created

InsightsOperator schema

202 - Accepted

InsightsOperator schema

401 - Unauthorized

Empty

16.2.2. /apis/operator.openshift.io/v1/insightsoperators/{name}

Table 16.6. Global path parameters
ParameterTypeDescription

name

string

name of the InsightsOperator

HTTP method
DELETE
Description
delete an InsightsOperator
Table 16.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 16.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified InsightsOperator
Table 16.9. HTTP responses
HTTP codeReponse body

200 - OK

InsightsOperator schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified InsightsOperator
Table 16.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 16.11. HTTP responses
HTTP codeReponse body

200 - OK

InsightsOperator schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified InsightsOperator
Table 16.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 16.13. Body parameters
ParameterTypeDescription

body

InsightsOperator schema

 
Table 16.14. HTTP responses
HTTP codeReponse body

200 - OK

InsightsOperator schema

201 - Created

InsightsOperator schema

401 - Unauthorized

Empty

16.2.3. /apis/operator.openshift.io/v1/insightsoperators/{name}/scale

Table 16.15. Global path parameters
ParameterTypeDescription

name

string

name of the InsightsOperator

HTTP method
GET
Description
read scale of the specified InsightsOperator
Table 16.16. HTTP responses
HTTP codeReponse body

200 - OK

Scale schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update scale of the specified InsightsOperator
Table 16.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 16.18. HTTP responses
HTTP codeReponse body

200 - OK

Scale schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace scale of the specified InsightsOperator
Table 16.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 16.20. Body parameters
ParameterTypeDescription

body

Scale schema

 
Table 16.21. HTTP responses
HTTP codeReponse body

200 - OK

Scale schema

201 - Created

Scale schema

401 - Unauthorized

Empty

16.2.4. /apis/operator.openshift.io/v1/insightsoperators/{name}/status

Table 16.22. Global path parameters
ParameterTypeDescription

name

string

name of the InsightsOperator

HTTP method
GET
Description
read status of the specified InsightsOperator
Table 16.23. HTTP responses
HTTP codeReponse body

200 - OK

InsightsOperator schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified InsightsOperator
Table 16.24. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 16.25. HTTP responses
HTTP codeReponse body

200 - OK

InsightsOperator schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified InsightsOperator
Table 16.26. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 16.27. Body parameters
ParameterTypeDescription

body

InsightsOperator schema

 
Table 16.28. HTTP responses
HTTP codeReponse body

200 - OK

InsightsOperator schema

201 - Created

InsightsOperator schema

401 - Unauthorized

Empty

Chapter 17. KubeAPIServer [operator.openshift.io/v1]

Description
KubeAPIServer provides information to configure an operator to manage kube-apiserver. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

17.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the Kubernetes API Server

status

object

status is the most recently observed status of the Kubernetes API Server

17.1.1. .spec

Description
spec is the specification of the desired behavior of the Kubernetes API Server
Type
object
PropertyTypeDescription

failedRevisionLimit

integer

failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

forceRedeploymentReason

string

forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

succeededRevisionLimit

integer

succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

17.1.2. .status

Description
status is the most recently observed status of the Kubernetes API Server
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

latestAvailableRevision

integer

latestAvailableRevision is the deploymentID of the most recent deployment

latestAvailableRevisionReason

string

latestAvailableRevisionReason describe the detailed reason for the most recent deployment

nodeStatuses

array

nodeStatuses track the deployment values and errors across individual nodes

nodeStatuses[]

object

NodeStatus provides information about the current state of a particular node managed by this operator.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

serviceAccountIssuers

array

serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection

serviceAccountIssuers[]

object

 

version

string

version is the level this availability applies to

17.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

17.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

17.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

17.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

17.1.7. .status.nodeStatuses

Description
nodeStatuses track the deployment values and errors across individual nodes
Type
array

17.1.8. .status.nodeStatuses[]

Description
NodeStatus provides information about the current state of a particular node managed by this operator.
Type
object
Required
  • nodeName
PropertyTypeDescription

currentRevision

integer

currentRevision is the generation of the most recently successful deployment

lastFailedCount

integer

lastFailedCount is how often the installer pod of the last failed revision failed.

lastFailedReason

string

lastFailedReason is a machine readable failure reason string.

lastFailedRevision

integer

lastFailedRevision is the generation of the deployment we tried and failed to deploy.

lastFailedRevisionErrors

array (string)

lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.

lastFailedTime

string

lastFailedTime is the time the last failed revision failed the last time.

lastFallbackCount

integer

lastFallbackCount is how often a fallback to a previous revision happened.

nodeName

string

nodeName is the name of the node

targetRevision

integer

targetRevision is the generation of the deployment we’re trying to apply

17.1.9. .status.serviceAccountIssuers

Description
serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
Type
array

17.1.10. .status.serviceAccountIssuers[]

Description
Type
object
PropertyTypeDescription

expirationTime

string

expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers.

name

string

name is the name of the service account issuer ---

17.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/kubeapiservers

    • DELETE: delete collection of KubeAPIServer
    • GET: list objects of kind KubeAPIServer
    • POST: create a KubeAPIServer
  • /apis/operator.openshift.io/v1/kubeapiservers/{name}

    • DELETE: delete a KubeAPIServer
    • GET: read the specified KubeAPIServer
    • PATCH: partially update the specified KubeAPIServer
    • PUT: replace the specified KubeAPIServer
  • /apis/operator.openshift.io/v1/kubeapiservers/{name}/status

    • GET: read status of the specified KubeAPIServer
    • PATCH: partially update status of the specified KubeAPIServer
    • PUT: replace status of the specified KubeAPIServer

17.2.1. /apis/operator.openshift.io/v1/kubeapiservers

HTTP method
DELETE
Description
delete collection of KubeAPIServer
Table 17.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind KubeAPIServer
Table 17.2. HTTP responses
HTTP codeReponse body

200 - OK

KubeAPIServerList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a KubeAPIServer
Table 17.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 17.4. Body parameters
ParameterTypeDescription

body

KubeAPIServer schema

 
Table 17.5. HTTP responses
HTTP codeReponse body

200 - OK

KubeAPIServer schema

201 - Created

KubeAPIServer schema

202 - Accepted

KubeAPIServer schema

401 - Unauthorized

Empty

17.2.2. /apis/operator.openshift.io/v1/kubeapiservers/{name}

Table 17.6. Global path parameters
ParameterTypeDescription

name

string

name of the KubeAPIServer

HTTP method
DELETE
Description
delete a KubeAPIServer
Table 17.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 17.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified KubeAPIServer
Table 17.9. HTTP responses
HTTP codeReponse body

200 - OK

KubeAPIServer schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified KubeAPIServer
Table 17.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 17.11. HTTP responses
HTTP codeReponse body

200 - OK

KubeAPIServer schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified KubeAPIServer
Table 17.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 17.13. Body parameters
ParameterTypeDescription

body

KubeAPIServer schema

 
Table 17.14. HTTP responses
HTTP codeReponse body

200 - OK

KubeAPIServer schema

201 - Created

KubeAPIServer schema

401 - Unauthorized

Empty

17.2.3. /apis/operator.openshift.io/v1/kubeapiservers/{name}/status

Table 17.15. Global path parameters
ParameterTypeDescription

name

string

name of the KubeAPIServer

HTTP method
GET
Description
read status of the specified KubeAPIServer
Table 17.16. HTTP responses
HTTP codeReponse body

200 - OK

KubeAPIServer schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified KubeAPIServer
Table 17.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 17.18. HTTP responses
HTTP codeReponse body

200 - OK

KubeAPIServer schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified KubeAPIServer
Table 17.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 17.20. Body parameters
ParameterTypeDescription

body

KubeAPIServer schema

 
Table 17.21. HTTP responses
HTTP codeReponse body

200 - OK

KubeAPIServer schema

201 - Created

KubeAPIServer schema

401 - Unauthorized

Empty

Chapter 18. KubeControllerManager [operator.openshift.io/v1]

Description
KubeControllerManager provides information to configure an operator to manage kube-controller-manager. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

18.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the Kubernetes Controller Manager

status

object

status is the most recently observed status of the Kubernetes Controller Manager

18.1.1. .spec

Description
spec is the specification of the desired behavior of the Kubernetes Controller Manager
Type
object
PropertyTypeDescription

failedRevisionLimit

integer

failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

forceRedeploymentReason

string

forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

succeededRevisionLimit

integer

succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

useMoreSecureServiceCA

boolean

useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only enough certificates to validate service serving certificates. Once set to true, it cannot be set to false. Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will only have the more secure content.

18.1.2. .status

Description
status is the most recently observed status of the Kubernetes Controller Manager
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

latestAvailableRevision

integer

latestAvailableRevision is the deploymentID of the most recent deployment

latestAvailableRevisionReason

string

latestAvailableRevisionReason describe the detailed reason for the most recent deployment

nodeStatuses

array

nodeStatuses track the deployment values and errors across individual nodes

nodeStatuses[]

object

NodeStatus provides information about the current state of a particular node managed by this operator.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

18.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

18.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

18.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

18.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

18.1.7. .status.nodeStatuses

Description
nodeStatuses track the deployment values and errors across individual nodes
Type
array

18.1.8. .status.nodeStatuses[]

Description
NodeStatus provides information about the current state of a particular node managed by this operator.
Type
object
Required
  • nodeName
PropertyTypeDescription

currentRevision

integer

currentRevision is the generation of the most recently successful deployment

lastFailedCount

integer

lastFailedCount is how often the installer pod of the last failed revision failed.

lastFailedReason

string

lastFailedReason is a machine readable failure reason string.

lastFailedRevision

integer

lastFailedRevision is the generation of the deployment we tried and failed to deploy.

lastFailedRevisionErrors

array (string)

lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.

lastFailedTime

string

lastFailedTime is the time the last failed revision failed the last time.

lastFallbackCount

integer

lastFallbackCount is how often a fallback to a previous revision happened.

nodeName

string

nodeName is the name of the node

targetRevision

integer

targetRevision is the generation of the deployment we’re trying to apply

18.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/kubecontrollermanagers

    • DELETE: delete collection of KubeControllerManager
    • GET: list objects of kind KubeControllerManager
    • POST: create a KubeControllerManager
  • /apis/operator.openshift.io/v1/kubecontrollermanagers/{name}

    • DELETE: delete a KubeControllerManager
    • GET: read the specified KubeControllerManager
    • PATCH: partially update the specified KubeControllerManager
    • PUT: replace the specified KubeControllerManager
  • /apis/operator.openshift.io/v1/kubecontrollermanagers/{name}/status

    • GET: read status of the specified KubeControllerManager
    • PATCH: partially update status of the specified KubeControllerManager
    • PUT: replace status of the specified KubeControllerManager

18.2.1. /apis/operator.openshift.io/v1/kubecontrollermanagers

HTTP method
DELETE
Description
delete collection of KubeControllerManager
Table 18.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind KubeControllerManager
Table 18.2. HTTP responses
HTTP codeReponse body

200 - OK

KubeControllerManagerList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a KubeControllerManager
Table 18.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 18.4. Body parameters
ParameterTypeDescription

body

KubeControllerManager schema

 
Table 18.5. HTTP responses
HTTP codeReponse body

200 - OK

KubeControllerManager schema

201 - Created

KubeControllerManager schema

202 - Accepted

KubeControllerManager schema

401 - Unauthorized

Empty

18.2.2. /apis/operator.openshift.io/v1/kubecontrollermanagers/{name}

Table 18.6. Global path parameters
ParameterTypeDescription

name

string

name of the KubeControllerManager

HTTP method
DELETE
Description
delete a KubeControllerManager
Table 18.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 18.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified KubeControllerManager
Table 18.9. HTTP responses
HTTP codeReponse body

200 - OK

KubeControllerManager schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified KubeControllerManager
Table 18.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 18.11. HTTP responses
HTTP codeReponse body

200 - OK

KubeControllerManager schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified KubeControllerManager
Table 18.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 18.13. Body parameters
ParameterTypeDescription

body

KubeControllerManager schema

 
Table 18.14. HTTP responses
HTTP codeReponse body

200 - OK

KubeControllerManager schema

201 - Created

KubeControllerManager schema

401 - Unauthorized

Empty

18.2.3. /apis/operator.openshift.io/v1/kubecontrollermanagers/{name}/status

Table 18.15. Global path parameters
ParameterTypeDescription

name

string

name of the KubeControllerManager

HTTP method
GET
Description
read status of the specified KubeControllerManager
Table 18.16. HTTP responses
HTTP codeReponse body

200 - OK

KubeControllerManager schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified KubeControllerManager
Table 18.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 18.18. HTTP responses
HTTP codeReponse body

200 - OK

KubeControllerManager schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified KubeControllerManager
Table 18.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 18.20. Body parameters
ParameterTypeDescription

body

KubeControllerManager schema

 
Table 18.21. HTTP responses
HTTP codeReponse body

200 - OK

KubeControllerManager schema

201 - Created

KubeControllerManager schema

401 - Unauthorized

Empty

Chapter 19. KubeScheduler [operator.openshift.io/v1]

Description
KubeScheduler provides information to configure an operator to manage scheduler. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

19.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the Kubernetes Scheduler

status

object

status is the most recently observed status of the Kubernetes Scheduler

19.1.1. .spec

Description
spec is the specification of the desired behavior of the Kubernetes Scheduler
Type
object
PropertyTypeDescription

failedRevisionLimit

integer

failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

forceRedeploymentReason

string

forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

succeededRevisionLimit

integer

succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

19.1.2. .status

Description
status is the most recently observed status of the Kubernetes Scheduler
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

latestAvailableRevision

integer

latestAvailableRevision is the deploymentID of the most recent deployment

latestAvailableRevisionReason

string

latestAvailableRevisionReason describe the detailed reason for the most recent deployment

nodeStatuses

array

nodeStatuses track the deployment values and errors across individual nodes

nodeStatuses[]

object

NodeStatus provides information about the current state of a particular node managed by this operator.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

19.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

19.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

19.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

19.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

19.1.7. .status.nodeStatuses

Description
nodeStatuses track the deployment values and errors across individual nodes
Type
array

19.1.8. .status.nodeStatuses[]

Description
NodeStatus provides information about the current state of a particular node managed by this operator.
Type
object
Required
  • nodeName
PropertyTypeDescription

currentRevision

integer

currentRevision is the generation of the most recently successful deployment

lastFailedCount

integer

lastFailedCount is how often the installer pod of the last failed revision failed.

lastFailedReason

string

lastFailedReason is a machine readable failure reason string.

lastFailedRevision

integer

lastFailedRevision is the generation of the deployment we tried and failed to deploy.

lastFailedRevisionErrors

array (string)

lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.

lastFailedTime

string

lastFailedTime is the time the last failed revision failed the last time.

lastFallbackCount

integer

lastFallbackCount is how often a fallback to a previous revision happened.

nodeName

string

nodeName is the name of the node

targetRevision

integer

targetRevision is the generation of the deployment we’re trying to apply

19.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/kubeschedulers

    • DELETE: delete collection of KubeScheduler
    • GET: list objects of kind KubeScheduler
    • POST: create a KubeScheduler
  • /apis/operator.openshift.io/v1/kubeschedulers/{name}

    • DELETE: delete a KubeScheduler
    • GET: read the specified KubeScheduler
    • PATCH: partially update the specified KubeScheduler
    • PUT: replace the specified KubeScheduler
  • /apis/operator.openshift.io/v1/kubeschedulers/{name}/status

    • GET: read status of the specified KubeScheduler
    • PATCH: partially update status of the specified KubeScheduler
    • PUT: replace status of the specified KubeScheduler

19.2.1. /apis/operator.openshift.io/v1/kubeschedulers

HTTP method
DELETE
Description
delete collection of KubeScheduler
Table 19.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind KubeScheduler
Table 19.2. HTTP responses
HTTP codeReponse body

200 - OK

KubeSchedulerList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a KubeScheduler
Table 19.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 19.4. Body parameters
ParameterTypeDescription

body

KubeScheduler schema

 
Table 19.5. HTTP responses
HTTP codeReponse body

200 - OK

KubeScheduler schema

201 - Created

KubeScheduler schema

202 - Accepted

KubeScheduler schema

401 - Unauthorized

Empty

19.2.2. /apis/operator.openshift.io/v1/kubeschedulers/{name}

Table 19.6. Global path parameters
ParameterTypeDescription

name

string

name of the KubeScheduler

HTTP method
DELETE
Description
delete a KubeScheduler
Table 19.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 19.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified KubeScheduler
Table 19.9. HTTP responses
HTTP codeReponse body

200 - OK

KubeScheduler schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified KubeScheduler
Table 19.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 19.11. HTTP responses
HTTP codeReponse body

200 - OK

KubeScheduler schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified KubeScheduler
Table 19.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 19.13. Body parameters
ParameterTypeDescription

body

KubeScheduler schema

 
Table 19.14. HTTP responses
HTTP codeReponse body

200 - OK

KubeScheduler schema

201 - Created

KubeScheduler schema

401 - Unauthorized

Empty

19.2.3. /apis/operator.openshift.io/v1/kubeschedulers/{name}/status

Table 19.15. Global path parameters
ParameterTypeDescription

name

string

name of the KubeScheduler

HTTP method
GET
Description
read status of the specified KubeScheduler
Table 19.16. HTTP responses
HTTP codeReponse body

200 - OK

KubeScheduler schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified KubeScheduler
Table 19.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 19.18. HTTP responses
HTTP codeReponse body

200 - OK

KubeScheduler schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified KubeScheduler
Table 19.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 19.20. Body parameters
ParameterTypeDescription

body

KubeScheduler schema

 
Table 19.21. HTTP responses
HTTP codeReponse body

200 - OK

KubeScheduler schema

201 - Created

KubeScheduler schema

401 - Unauthorized

Empty

Chapter 20. KubeStorageVersionMigrator [operator.openshift.io/v1]

Description
KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

20.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

 

status

object

 

20.1.1. .spec

Description
Type
object
PropertyTypeDescription

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

20.1.2. .status

Description
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

20.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

20.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

20.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

20.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

20.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/kubestorageversionmigrators

    • DELETE: delete collection of KubeStorageVersionMigrator
    • GET: list objects of kind KubeStorageVersionMigrator
    • POST: create a KubeStorageVersionMigrator
  • /apis/operator.openshift.io/v1/kubestorageversionmigrators/{name}

    • DELETE: delete a KubeStorageVersionMigrator
    • GET: read the specified KubeStorageVersionMigrator
    • PATCH: partially update the specified KubeStorageVersionMigrator
    • PUT: replace the specified KubeStorageVersionMigrator
  • /apis/operator.openshift.io/v1/kubestorageversionmigrators/{name}/status

    • GET: read status of the specified KubeStorageVersionMigrator
    • PATCH: partially update status of the specified KubeStorageVersionMigrator
    • PUT: replace status of the specified KubeStorageVersionMigrator

20.2.1. /apis/operator.openshift.io/v1/kubestorageversionmigrators

HTTP method
DELETE
Description
delete collection of KubeStorageVersionMigrator
Table 20.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind KubeStorageVersionMigrator
Table 20.2. HTTP responses
HTTP codeReponse body

200 - OK

KubeStorageVersionMigratorList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a KubeStorageVersionMigrator
Table 20.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 20.4. Body parameters
ParameterTypeDescription

body

KubeStorageVersionMigrator schema

 
Table 20.5. HTTP responses
HTTP codeReponse body

200 - OK

KubeStorageVersionMigrator schema

201 - Created

KubeStorageVersionMigrator schema

202 - Accepted

KubeStorageVersionMigrator schema

401 - Unauthorized

Empty

20.2.2. /apis/operator.openshift.io/v1/kubestorageversionmigrators/{name}

Table 20.6. Global path parameters
ParameterTypeDescription

name

string

name of the KubeStorageVersionMigrator

HTTP method
DELETE
Description
delete a KubeStorageVersionMigrator
Table 20.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 20.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified KubeStorageVersionMigrator
Table 20.9. HTTP responses
HTTP codeReponse body

200 - OK

KubeStorageVersionMigrator schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified KubeStorageVersionMigrator
Table 20.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 20.11. HTTP responses
HTTP codeReponse body

200 - OK

KubeStorageVersionMigrator schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified KubeStorageVersionMigrator
Table 20.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 20.13. Body parameters
ParameterTypeDescription

body

KubeStorageVersionMigrator schema

 
Table 20.14. HTTP responses
HTTP codeReponse body

200 - OK

KubeStorageVersionMigrator schema

201 - Created

KubeStorageVersionMigrator schema

401 - Unauthorized

Empty

20.2.3. /apis/operator.openshift.io/v1/kubestorageversionmigrators/{name}/status

Table 20.15. Global path parameters
ParameterTypeDescription

name

string

name of the KubeStorageVersionMigrator

HTTP method
GET
Description
read status of the specified KubeStorageVersionMigrator
Table 20.16. HTTP responses
HTTP codeReponse body

200 - OK

KubeStorageVersionMigrator schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified KubeStorageVersionMigrator
Table 20.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 20.18. HTTP responses
HTTP codeReponse body

200 - OK

KubeStorageVersionMigrator schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified KubeStorageVersionMigrator
Table 20.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 20.20. Body parameters
ParameterTypeDescription

body

KubeStorageVersionMigrator schema

 
Table 20.21. HTTP responses
HTTP codeReponse body

200 - OK

KubeStorageVersionMigrator schema

201 - Created

KubeStorageVersionMigrator schema

401 - Unauthorized

Empty

Chapter 21. MachineConfiguration [operator.openshift.io/v1]

Description
MachineConfiguration provides information to configure an operator to manage Machine Configuration. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

21.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the Machine Config Operator

status

object

status is the most recently observed status of the Machine Config Operator

21.1.1. .spec

Description
spec is the specification of the desired behavior of the Machine Config Operator
Type
object
PropertyTypeDescription

failedRevisionLimit

integer

failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

forceRedeploymentReason

string

forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managedBootImages

object

managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version’s boot image. When omitted, no boot images will be updated.

managementState

string

managementState indicates whether and how the operator should manage the component

nodeDisruptionPolicy

object

nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

succeededRevisionLimit

integer

succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

21.1.2. .spec.managedBootImages

Description
managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version’s boot image. When omitted, no boot images will be updated.
Type
object
PropertyTypeDescription

machineManagers

array

machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.

machineManagers[]

object

MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.

21.1.3. .spec.managedBootImages.machineManagers

Description
machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.
Type
array

21.1.4. .spec.managedBootImages.machineManagers[]

Description
MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.
Type
object
Required
  • apiGroup
  • resource
  • selection
PropertyTypeDescription

apiGroup

string

apiGroup is name of the APIGroup that the machine management resource belongs to. The only current valid value is machine.openshift.io. machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.

resource

string

resource is the machine management resource’s type. The only current valid value is machinesets. machinesets means that the machine manager will only register resources of the kind MachineSet.

selection

object

selection allows granular control of the machine management resources that will be registered for boot image updates.

21.1.5. .spec.managedBootImages.machineManagers[].selection

Description
selection allows granular control of the machine management resources that will be registered for boot image updates.
Type
object
Required
  • mode
PropertyTypeDescription

mode

string

mode determines how machine managers will be selected for updates. Valid values are All and Partial. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.

partial

object

partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to "Partial".

21.1.6. .spec.managedBootImages.machineManagers[].selection.partial

Description
partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to "Partial".
Type
object
Required
  • machineResourceSelector
PropertyTypeDescription

machineResourceSelector

object

machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.

21.1.7. .spec.managedBootImages.machineManagers[].selection.partial.machineResourceSelector

Description
machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.
Type
object
PropertyTypeDescription

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

21.1.8. .spec.managedBootImages.machineManagers[].selection.partial.machineResourceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

21.1.9. .spec.managedBootImages.machineManagers[].selection.partial.machineResourceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
  • key
  • operator
PropertyTypeDescription

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

21.1.10. .spec.nodeDisruptionPolicy

Description
nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.
Type
object
PropertyTypeDescription

files

array

files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.

files[]

object

NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object

sshkey

object

sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster

units

array

units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.

units[]

object

NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object

21.1.11. .spec.nodeDisruptionPolicy.files

Description
files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.
Type
array

21.1.12. .spec.nodeDisruptionPolicy.files[]

Description
NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object
Type
object
Required
  • actions
  • path
PropertyTypeDescription

actions

array

actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.

actions[]

object

 

path

string

path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.

21.1.13. .spec.nodeDisruptionPolicy.files[].actions

Description
actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
Type
array

21.1.14. .spec.nodeDisruptionPolicy.files[].actions[]

Description
Type
object
Required
  • type
PropertyTypeDescription

reload

object

reload specifies the service to reload, only valid if type is reload

restart

object

restart specifies the service to restart, only valid if type is restart

type

string

type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration

21.1.15. .spec.nodeDisruptionPolicy.files[].actions[].reload

Description
reload specifies the service to reload, only valid if type is reload
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.16. .spec.nodeDisruptionPolicy.files[].actions[].restart

Description
restart specifies the service to restart, only valid if type is restart
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.17. .spec.nodeDisruptionPolicy.sshkey

Description
sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster
Type
object
Required
  • actions
PropertyTypeDescription

actions

array

actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.

actions[]

object

 

21.1.18. .spec.nodeDisruptionPolicy.sshkey.actions

Description
actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
Type
array

21.1.19. .spec.nodeDisruptionPolicy.sshkey.actions[]

Description
Type
object
Required
  • type
PropertyTypeDescription

reload

object

reload specifies the service to reload, only valid if type is reload

restart

object

restart specifies the service to restart, only valid if type is restart

type

string

type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration

21.1.20. .spec.nodeDisruptionPolicy.sshkey.actions[].reload

Description
reload specifies the service to reload, only valid if type is reload
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.21. .spec.nodeDisruptionPolicy.sshkey.actions[].restart

Description
restart specifies the service to restart, only valid if type is restart
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.22. .spec.nodeDisruptionPolicy.units

Description
units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.
Type
array

21.1.23. .spec.nodeDisruptionPolicy.units[]

Description
NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object
Type
object
Required
  • actions
  • name
PropertyTypeDescription

actions

array

actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.

actions[]

object

 

name

string

name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.24. .spec.nodeDisruptionPolicy.units[].actions

Description
actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
Type
array

21.1.25. .spec.nodeDisruptionPolicy.units[].actions[]

Description
Type
object
Required
  • type
PropertyTypeDescription

reload

object

reload specifies the service to reload, only valid if type is reload

restart

object

restart specifies the service to restart, only valid if type is restart

type

string

type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration

21.1.26. .spec.nodeDisruptionPolicy.units[].actions[].reload

Description
reload specifies the service to reload, only valid if type is reload
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.27. .spec.nodeDisruptionPolicy.units[].actions[].restart

Description
restart specifies the service to restart, only valid if type is restart
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.28. .status

Description
status is the most recently observed status of the Machine Config Operator
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo’s current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions" // other fields }

nodeDisruptionPolicyStatus

object

nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

21.1.29. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

21.1.30. .status.conditions[]

Description
Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo’s current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions" // other fields }
Type
object
Required
  • lastTransitionTime
  • message
  • reason
  • status
  • type
PropertyTypeDescription

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

status

string

status of the condition, one of True, False, Unknown.

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

21.1.31. .status.nodeDisruptionPolicyStatus

Description
nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.
Type
object
PropertyTypeDescription

clusterPolicies

object

clusterPolicies is a merge of cluster default and user provided node disruption policies.

21.1.32. .status.nodeDisruptionPolicyStatus.clusterPolicies

Description
clusterPolicies is a merge of cluster default and user provided node disruption policies.
Type
object
PropertyTypeDescription

files

array

files is a list of MachineConfig file definitions and actions to take to changes on those paths

files[]

object

NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object

sshkey

object

sshkey is the overall sshkey MachineConfig definition

units

array

units is a list MachineConfig unit definitions and actions to take on changes to those services

units[]

object

NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object

21.1.33. .status.nodeDisruptionPolicyStatus.clusterPolicies.files

Description
files is a list of MachineConfig file definitions and actions to take to changes on those paths
Type
array

21.1.34. .status.nodeDisruptionPolicyStatus.clusterPolicies.files[]

Description
NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object
Type
object
Required
  • actions
  • path
PropertyTypeDescription

actions

array

actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.

actions[]

object

 

path

string

path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.

21.1.35. .status.nodeDisruptionPolicyStatus.clusterPolicies.files[].actions

Description
actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
Type
array

21.1.36. .status.nodeDisruptionPolicyStatus.clusterPolicies.files[].actions[]

Description
Type
object
Required
  • type
PropertyTypeDescription

reload

object

reload specifies the service to reload, only valid if type is reload

restart

object

restart specifies the service to restart, only valid if type is restart

type

string

type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration

21.1.37. .status.nodeDisruptionPolicyStatus.clusterPolicies.files[].actions[].reload

Description
reload specifies the service to reload, only valid if type is reload
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.38. .status.nodeDisruptionPolicyStatus.clusterPolicies.files[].actions[].restart

Description
restart specifies the service to restart, only valid if type is restart
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.39. .status.nodeDisruptionPolicyStatus.clusterPolicies.sshkey

Description
sshkey is the overall sshkey MachineConfig definition
Type
object
Required
  • actions
PropertyTypeDescription

actions

array

actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.

actions[]

object

 

21.1.40. .status.nodeDisruptionPolicyStatus.clusterPolicies.sshkey.actions

Description
actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
Type
array

21.1.41. .status.nodeDisruptionPolicyStatus.clusterPolicies.sshkey.actions[]

Description
Type
object
Required
  • type
PropertyTypeDescription

reload

object

reload specifies the service to reload, only valid if type is reload

restart

object

restart specifies the service to restart, only valid if type is restart

type

string

type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration

21.1.42. .status.nodeDisruptionPolicyStatus.clusterPolicies.sshkey.actions[].reload

Description
reload specifies the service to reload, only valid if type is reload
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.43. .status.nodeDisruptionPolicyStatus.clusterPolicies.sshkey.actions[].restart

Description
restart specifies the service to restart, only valid if type is restart
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.44. .status.nodeDisruptionPolicyStatus.clusterPolicies.units

Description
units is a list MachineConfig unit definitions and actions to take on changes to those services
Type
array

21.1.45. .status.nodeDisruptionPolicyStatus.clusterPolicies.units[]

Description
NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object
Type
object
Required
  • actions
  • name
PropertyTypeDescription

actions

array

actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.

actions[]

object

 

name

string

name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.46. .status.nodeDisruptionPolicyStatus.clusterPolicies.units[].actions

Description
actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.
Type
array

21.1.47. .status.nodeDisruptionPolicyStatus.clusterPolicies.units[].actions[]

Description
Type
object
Required
  • type
PropertyTypeDescription

reload

object

reload specifies the service to reload, only valid if type is reload

restart

object

restart specifies the service to restart, only valid if type is restart

type

string

type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration

21.1.48. .status.nodeDisruptionPolicyStatus.clusterPolicies.units[].actions[].reload

Description
reload specifies the service to reload, only valid if type is reload
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.1.49. .status.nodeDisruptionPolicyStatus.clusterPolicies.units[].actions[].restart

Description
restart specifies the service to restart, only valid if type is restart
Type
object
Required
  • serviceName
PropertyTypeDescription

serviceName

string

serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope".

21.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/machineconfigurations

    • DELETE: delete collection of MachineConfiguration
    • GET: list objects of kind MachineConfiguration
    • POST: create a MachineConfiguration
  • /apis/operator.openshift.io/v1/machineconfigurations/{name}

    • DELETE: delete a MachineConfiguration
    • GET: read the specified MachineConfiguration
    • PATCH: partially update the specified MachineConfiguration
    • PUT: replace the specified MachineConfiguration
  • /apis/operator.openshift.io/v1/machineconfigurations/{name}/status

    • GET: read status of the specified MachineConfiguration
    • PATCH: partially update status of the specified MachineConfiguration
    • PUT: replace status of the specified MachineConfiguration

21.2.1. /apis/operator.openshift.io/v1/machineconfigurations

HTTP method
DELETE
Description
delete collection of MachineConfiguration
Table 21.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind MachineConfiguration
Table 21.2. HTTP responses
HTTP codeReponse body

200 - OK

MachineConfigurationList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a MachineConfiguration
Table 21.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 21.4. Body parameters
ParameterTypeDescription

body

MachineConfiguration schema

 
Table 21.5. HTTP responses
HTTP codeReponse body

200 - OK

MachineConfiguration schema

201 - Created

MachineConfiguration schema

202 - Accepted

MachineConfiguration schema

401 - Unauthorized

Empty

21.2.2. /apis/operator.openshift.io/v1/machineconfigurations/{name}

Table 21.6. Global path parameters
ParameterTypeDescription

name

string

name of the MachineConfiguration

HTTP method
DELETE
Description
delete a MachineConfiguration
Table 21.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 21.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified MachineConfiguration
Table 21.9. HTTP responses
HTTP codeReponse body

200 - OK

MachineConfiguration schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified MachineConfiguration
Table 21.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 21.11. HTTP responses
HTTP codeReponse body

200 - OK

MachineConfiguration schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified MachineConfiguration
Table 21.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 21.13. Body parameters
ParameterTypeDescription

body

MachineConfiguration schema

 
Table 21.14. HTTP responses
HTTP codeReponse body

200 - OK

MachineConfiguration schema

201 - Created

MachineConfiguration schema

401 - Unauthorized

Empty

21.2.3. /apis/operator.openshift.io/v1/machineconfigurations/{name}/status

Table 21.15. Global path parameters
ParameterTypeDescription

name

string

name of the MachineConfiguration

HTTP method
GET
Description
read status of the specified MachineConfiguration
Table 21.16. HTTP responses
HTTP codeReponse body

200 - OK

MachineConfiguration schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified MachineConfiguration
Table 21.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 21.18. HTTP responses
HTTP codeReponse body

200 - OK

MachineConfiguration schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified MachineConfiguration
Table 21.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 21.20. Body parameters
ParameterTypeDescription

body

MachineConfiguration schema

 
Table 21.21. HTTP responses
HTTP codeReponse body

200 - OK

MachineConfiguration schema

201 - Created

MachineConfiguration schema

401 - Unauthorized

Empty

Chapter 22. Network [operator.openshift.io/v1]

Description
Network describes the cluster’s desired network configuration. It is consumed by the cluster-network-operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

22.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

NetworkSpec is the top-level network configuration object.

status

object

NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.

22.1.1. .spec

Description
NetworkSpec is the top-level network configuration object.
Type
object
PropertyTypeDescription

additionalNetworks

array

additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.

additionalNetworks[]

object

AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one "Config" that matches the type.

clusterNetwork

array

clusterNetwork is the IP address pool to use for pod IPs. Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.

clusterNetwork[]

object

ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks

defaultNetwork

object

defaultNetwork is the "default" network that all pods will receive

deployKubeProxy

boolean

deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when OpenShift SDN and ovn-kubernetes are used and true otherwise.

disableMultiNetwork

boolean

disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.

disableNetworkDiagnostics

boolean

disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.

exportNetworkFlows

object

exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.

kubeProxyConfig

object

kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

migration

object

migration enables and configures the cluster network migration. The migration procedure allows to change the network type and the MTU.

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

serviceNetwork

array (string)

serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

useMultiNetworkPolicy

boolean

useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.

22.1.2. .spec.additionalNetworks

Description
additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.
Type
array

22.1.3. .spec.additionalNetworks[]

Description
AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one "Config" that matches the type.
Type
object
Required
  • name
PropertyTypeDescription

name

string

name is the name of the network. This will be populated in the resulting CRD This must be unique.

namespace

string

namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace.

rawCNIConfig

string

rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD

simpleMacvlanConfig

object

SimpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan

type

string

type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan

22.1.4. .spec.additionalNetworks[].simpleMacvlanConfig

Description
SimpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan
Type
object
PropertyTypeDescription

ipamConfig

object

IPAMConfig configures IPAM module will be used for IP Address Management (IPAM).

master

string

master is the host interface to create the macvlan interface from. If not specified, it will be default route interface

mode

string

mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge

mtu

integer

mtu is the mtu to use for the macvlan interface. if unset, host’s kernel will select the value.

22.1.5. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig

Description
IPAMConfig configures IPAM module will be used for IP Address Management (IPAM).
Type
object
PropertyTypeDescription

staticIPAMConfig

object

StaticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic

type

string

Type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic

22.1.6. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig

Description
StaticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic
Type
object
PropertyTypeDescription

addresses

array

Addresses configures IP address for the interface

addresses[]

object

StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses

dns

object

DNS configures DNS for the interface

routes

array

Routes configures IP routes for the interface

routes[]

object

StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes

22.1.7. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.addresses

Description
Addresses configures IP address for the interface
Type
array

22.1.8. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.addresses[]

Description
StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses
Type
object
PropertyTypeDescription

address

string

Address is the IP address in CIDR format

gateway

string

Gateway is IP inside of subnet to designate as the gateway

22.1.9. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.dns

Description
DNS configures DNS for the interface
Type
object
PropertyTypeDescription

domain

string

Domain configures the domainname the local domain used for short hostname lookups

nameservers

array (string)

Nameservers points DNS servers for IP lookup

search

array (string)

Search configures priority ordered search domains for short hostname lookups

22.1.10. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.routes

Description
Routes configures IP routes for the interface
Type
array

22.1.11. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.routes[]

Description
StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes
Type
object
PropertyTypeDescription

destination

string

Destination points the IP route destination

gateway

string

Gateway is the route’s next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin).

22.1.12. .spec.clusterNetwork

Description
clusterNetwork is the IP address pool to use for pod IPs. Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.
Type
array

22.1.13. .spec.clusterNetwork[]

Description
ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
Type
object
PropertyTypeDescription

cidr

string

 

hostPrefix

integer

 

22.1.14. .spec.defaultNetwork

Description
defaultNetwork is the "default" network that all pods will receive
Type
object
PropertyTypeDescription

openshiftSDNConfig

object

openShiftSDNConfig configures the openshift-sdn plugin

ovnKubernetesConfig

object

ovnKubernetesConfig configures the ovn-kubernetes plugin.

type

string

type is the type of network All NetworkTypes are supported except for NetworkTypeRaw

22.1.15. .spec.defaultNetwork.openshiftSDNConfig

Description
openShiftSDNConfig configures the openshift-sdn plugin
Type
object
PropertyTypeDescription

enableUnidling

boolean

enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.

mode

string

mode is one of "Multitenant", "Subnet", or "NetworkPolicy"

mtu

integer

mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine’s uplink.

useExternalOpenvswitch

boolean

useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored. DEPRECATED: non-functional as of 4.6

vxlanPort

integer

vxlanPort is the port to use for all vxlan packets. The default is 4789.

22.1.16. .spec.defaultNetwork.ovnKubernetesConfig

Description
ovnKubernetesConfig configures the ovn-kubernetes plugin.
Type
object
PropertyTypeDescription

egressIPConfig

object

egressIPConfig holds the configuration for EgressIP options.

gatewayConfig

object

gatewayConfig holds the configuration for node gateway options.

genevePort

integer

geneve port is the UDP port to be used by geneve encapulation. Default is 6081

hybridOverlayConfig

object

HybridOverlayConfig configures an additional overlay network for peers that are not using OVN.

ipsecConfig

object

ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.

ipv4

object

ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.

ipv6

object

ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.

mtu

integer

mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400

policyAuditConfig

object

policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.

v4InternalSubnet

string

v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is 100.64.0.0/16

v6InternalSubnet

string

v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/48

22.1.17. .spec.defaultNetwork.ovnKubernetesConfig.egressIPConfig

Description
egressIPConfig holds the configuration for EgressIP options.
Type
object
PropertyTypeDescription

reachabilityTotalTimeoutSeconds

integer

reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. If the EgressIP node cannot be reached within this timeout, the node is declared down. Setting a large value may cause the EgressIP feature to react slowly to node changes. In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 1 second. A value of 0 disables the EgressIP node’s reachability check.

22.1.18. .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig

Description
gatewayConfig holds the configuration for node gateway options.
Type
object
PropertyTypeDescription

ipForwarding

string

IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to "Global". The supported values are "Restricted" and "Global".

ipv4

object

ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.

ipv6

object

ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.

routingViaHost

boolean

RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.

22.1.19. .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv4

Description
ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.
Type
object
PropertyTypeDescription

internalMasqueradeSubnet

string

internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format

22.1.20. .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6

Description
ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.
Type
object
PropertyTypeDescription

internalMasqueradeSubnet

string

internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted

22.1.21. .spec.defaultNetwork.ovnKubernetesConfig.hybridOverlayConfig

Description
HybridOverlayConfig configures an additional overlay network for peers that are not using OVN.
Type
object
PropertyTypeDescription

hybridClusterNetwork

array

HybridClusterNetwork defines a network space given to nodes on an additional overlay network.

hybridClusterNetwork[]

object

ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks

hybridOverlayVXLANPort

integer

HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789

22.1.22. .spec.defaultNetwork.ovnKubernetesConfig.hybridOverlayConfig.hybridClusterNetwork

Description
HybridClusterNetwork defines a network space given to nodes on an additional overlay network.
Type
array

22.1.23. .spec.defaultNetwork.ovnKubernetesConfig.hybridOverlayConfig.hybridClusterNetwork[]

Description
ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
Type
object
PropertyTypeDescription

cidr

string

 

hostPrefix

integer

 

22.1.24. .spec.defaultNetwork.ovnKubernetesConfig.ipsecConfig

Description
ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
Type
object
PropertyTypeDescription

mode

string

mode defines the behaviour of the ipsec configuration within the platform. Valid values are Disabled, External and Full. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with Full, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.

22.1.25. .spec.defaultNetwork.ovnKubernetesConfig.ipv4

Description
ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
Type
object
PropertyTypeDescription

internalJoinSubnet

string

internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The current default value is 100.64.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format

internalTransitSwitchSubnet

string

internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format

22.1.26. .spec.defaultNetwork.ovnKubernetesConfig.ipv6

Description
ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
Type
object
PropertyTypeDescription

internalJoinSubnet

string

internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/48 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted

internalTransitSwitchSubnet

string

internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted

22.1.27. .spec.defaultNetwork.ovnKubernetesConfig.policyAuditConfig

Description
policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.
Type
object
PropertyTypeDescription

destination

string

destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - "libc" → to use the libc syslog() function of the host node’s journdald process - "udp:host:port" → for sending syslog over UDP - "unix:file" → for using the UNIX domain socket directly - "null" → to discard all messages logged to syslog The default is "null"

maxFileSize

integer

maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB

maxLogFiles

integer

maxLogFiles specifies the maximum number of ACL_audit log files that can be present.

rateLimit

integer

rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.

syslogFacility

string

syslogFacility the RFC5424 facility for generated messages, e.g. "kern". Default is "local0"

22.1.28. .spec.exportNetworkFlows

Description
exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.
Type
object
PropertyTypeDescription

ipfix

object

ipfix defines IPFIX configuration.

netFlow

object

netFlow defines the NetFlow configuration.

sFlow

object

sFlow defines the SFlow configuration.

22.1.29. .spec.exportNetworkFlows.ipfix

Description
ipfix defines IPFIX configuration.
Type
object
PropertyTypeDescription

collectors

array (string)

ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items

22.1.30. .spec.exportNetworkFlows.netFlow

Description
netFlow defines the NetFlow configuration.
Type
object
PropertyTypeDescription

collectors

array (string)

netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items

22.1.31. .spec.exportNetworkFlows.sFlow

Description
sFlow defines the SFlow configuration.
Type
object
PropertyTypeDescription

collectors

array (string)

sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items

22.1.32. .spec.kubeProxyConfig

Description
kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn.
Type
object
PropertyTypeDescription

bindAddress

string

The address to "bind" on Defaults to 0.0.0.0

iptablesSyncPeriod

string

An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s

proxyArguments

object

Any additional arguments to pass to the kubeproxy process

proxyArguments{}

array (string)

ProxyArgumentList is a list of arguments to pass to the kubeproxy process

22.1.33. .spec.kubeProxyConfig.proxyArguments

Description
Any additional arguments to pass to the kubeproxy process
Type
object

22.1.34. .spec.migration

Description
migration enables and configures the cluster network migration. The migration procedure allows to change the network type and the MTU.
Type
object
PropertyTypeDescription

features

object

features contains the features migration configuration. Set this to migrate feature configuration when changing the cluster default network provider. if unset, the default operation is to migrate all the configuration of supported features.

mode

string

mode indicates the mode of network migration. The supported values are "Live", "Offline" and omitted. A "Live" migration operation will not cause service interruption by migrating the CNI of each node one by one. The cluster network will work as normal during the network migration. An "Offline" migration operation will cause service interruption. During an "Offline" migration, two rounds of node reboots are required. The cluster network will be malfunctioning during the network migration. When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default value is "Offline".

mtu

object

mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.

networkType

string

networkType is the target type of network migration. Set this to the target network type to allow changing the default network. If unset, the operation of changing cluster default network plugin will be rejected. The supported values are OpenShiftSDN, OVNKubernetes

22.1.35. .spec.migration.features

Description
features contains the features migration configuration. Set this to migrate feature configuration when changing the cluster default network provider. if unset, the default operation is to migrate all the configuration of supported features.
Type
object
PropertyTypeDescription

egressFirewall

boolean

egressFirewall specifies whether or not the Egress Firewall configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and Egress Firewall configure is migrated.

egressIP

boolean

egressIP specifies whether or not the Egress IP configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and Egress IP configure is migrated.

multicast

boolean

multicast specifies whether or not the multicast configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and multicast configure is migrated.

22.1.36. .spec.migration.mtu

Description
mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.
Type
object
PropertyTypeDescription

machine

object

machine contains MTU migration configuration for the machine’s uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.

network

object

network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine’s uplink MTU by the minimum appropriate offset.

22.1.37. .spec.migration.mtu.machine

Description
machine contains MTU migration configuration for the machine’s uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.
Type
object
PropertyTypeDescription

from

integer

from is the MTU to migrate from.

to

integer

to is the MTU to migrate to.

22.1.38. .spec.migration.mtu.network

Description
network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine’s uplink MTU by the minimum appropriate offset.
Type
object
PropertyTypeDescription

from

integer

from is the MTU to migrate from.

to

integer

to is the MTU to migrate to.

22.1.39. .status

Description
NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

22.1.40. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

22.1.41. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

22.1.42. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

22.1.43. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

22.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/networks

    • DELETE: delete collection of Network
    • GET: list objects of kind Network
    • POST: create a Network
  • /apis/operator.openshift.io/v1/networks/{name}

    • DELETE: delete a Network
    • GET: read the specified Network
    • PATCH: partially update the specified Network
    • PUT: replace the specified Network

22.2.1. /apis/operator.openshift.io/v1/networks

HTTP method
DELETE
Description
delete collection of Network
Table 22.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind Network
Table 22.2. HTTP responses
HTTP codeReponse body

200 - OK

NetworkList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a Network
Table 22.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 22.4. Body parameters
ParameterTypeDescription

body

Network schema

 
Table 22.5. HTTP responses
HTTP codeReponse body

200 - OK

Network schema

201 - Created

Network schema

202 - Accepted

Network schema

401 - Unauthorized

Empty

22.2.2. /apis/operator.openshift.io/v1/networks/{name}

Table 22.6. Global path parameters
ParameterTypeDescription

name

string

name of the Network

HTTP method
DELETE
Description
delete a Network
Table 22.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 22.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified Network
Table 22.9. HTTP responses
HTTP codeReponse body

200 - OK

Network schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified Network
Table 22.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 22.11. HTTP responses
HTTP codeReponse body

200 - OK

Network schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified Network
Table 22.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 22.13. Body parameters
ParameterTypeDescription

body

Network schema

 
Table 22.14. HTTP responses
HTTP codeReponse body

200 - OK

Network schema

201 - Created

Network schema

401 - Unauthorized

Empty

Chapter 23. OpenShiftAPIServer [operator.openshift.io/v1]

Description
OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

23.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the OpenShift API Server.

status

object

status defines the observed status of the OpenShift API Server.

23.1.1. .spec

Description
spec is the specification of the desired behavior of the OpenShift API Server.
Type
object
PropertyTypeDescription

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

23.1.2. .status

Description
status defines the observed status of the OpenShift API Server.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

latestAvailableRevision

integer

latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

23.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

23.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

23.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

23.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

23.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/openshiftapiservers

    • DELETE: delete collection of OpenShiftAPIServer
    • GET: list objects of kind OpenShiftAPIServer
    • POST: create an OpenShiftAPIServer
  • /apis/operator.openshift.io/v1/openshiftapiservers/{name}

    • DELETE: delete an OpenShiftAPIServer
    • GET: read the specified OpenShiftAPIServer
    • PATCH: partially update the specified OpenShiftAPIServer
    • PUT: replace the specified OpenShiftAPIServer
  • /apis/operator.openshift.io/v1/openshiftapiservers/{name}/status

    • GET: read status of the specified OpenShiftAPIServer
    • PATCH: partially update status of the specified OpenShiftAPIServer
    • PUT: replace status of the specified OpenShiftAPIServer

23.2.1. /apis/operator.openshift.io/v1/openshiftapiservers

HTTP method
DELETE
Description
delete collection of OpenShiftAPIServer
Table 23.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind OpenShiftAPIServer
Table 23.2. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftAPIServerList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create an OpenShiftAPIServer
Table 23.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 23.4. Body parameters
ParameterTypeDescription

body

OpenShiftAPIServer schema

 
Table 23.5. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftAPIServer schema

201 - Created

OpenShiftAPIServer schema

202 - Accepted

OpenShiftAPIServer schema

401 - Unauthorized

Empty

23.2.2. /apis/operator.openshift.io/v1/openshiftapiservers/{name}

Table 23.6. Global path parameters
ParameterTypeDescription

name

string

name of the OpenShiftAPIServer

HTTP method
DELETE
Description
delete an OpenShiftAPIServer
Table 23.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 23.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified OpenShiftAPIServer
Table 23.9. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftAPIServer schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified OpenShiftAPIServer
Table 23.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 23.11. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftAPIServer schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified OpenShiftAPIServer
Table 23.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 23.13. Body parameters
ParameterTypeDescription

body

OpenShiftAPIServer schema

 
Table 23.14. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftAPIServer schema

201 - Created

OpenShiftAPIServer schema

401 - Unauthorized

Empty

23.2.3. /apis/operator.openshift.io/v1/openshiftapiservers/{name}/status

Table 23.15. Global path parameters
ParameterTypeDescription

name

string

name of the OpenShiftAPIServer

HTTP method
GET
Description
read status of the specified OpenShiftAPIServer
Table 23.16. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftAPIServer schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified OpenShiftAPIServer
Table 23.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 23.18. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftAPIServer schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified OpenShiftAPIServer
Table 23.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 23.20. Body parameters
ParameterTypeDescription

body

OpenShiftAPIServer schema

 
Table 23.21. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftAPIServer schema

201 - Created

OpenShiftAPIServer schema

401 - Unauthorized

Empty

Chapter 24. OpenShiftControllerManager [operator.openshift.io/v1]

Description
OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

24.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

 

status

object

 

24.1.1. .spec

Description
Type
object
PropertyTypeDescription

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

24.1.2. .status

Description
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

24.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

24.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

24.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

24.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

24.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/openshiftcontrollermanagers

    • DELETE: delete collection of OpenShiftControllerManager
    • GET: list objects of kind OpenShiftControllerManager
    • POST: create an OpenShiftControllerManager
  • /apis/operator.openshift.io/v1/openshiftcontrollermanagers/{name}

    • DELETE: delete an OpenShiftControllerManager
    • GET: read the specified OpenShiftControllerManager
    • PATCH: partially update the specified OpenShiftControllerManager
    • PUT: replace the specified OpenShiftControllerManager
  • /apis/operator.openshift.io/v1/openshiftcontrollermanagers/{name}/status

    • GET: read status of the specified OpenShiftControllerManager
    • PATCH: partially update status of the specified OpenShiftControllerManager
    • PUT: replace status of the specified OpenShiftControllerManager

24.2.1. /apis/operator.openshift.io/v1/openshiftcontrollermanagers

HTTP method
DELETE
Description
delete collection of OpenShiftControllerManager
Table 24.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind OpenShiftControllerManager
Table 24.2. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftControllerManagerList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create an OpenShiftControllerManager
Table 24.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 24.4. Body parameters
ParameterTypeDescription

body

OpenShiftControllerManager schema

 
Table 24.5. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftControllerManager schema

201 - Created

OpenShiftControllerManager schema

202 - Accepted

OpenShiftControllerManager schema

401 - Unauthorized

Empty

24.2.2. /apis/operator.openshift.io/v1/openshiftcontrollermanagers/{name}

Table 24.6. Global path parameters
ParameterTypeDescription

name

string

name of the OpenShiftControllerManager

HTTP method
DELETE
Description
delete an OpenShiftControllerManager
Table 24.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 24.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified OpenShiftControllerManager
Table 24.9. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftControllerManager schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified OpenShiftControllerManager
Table 24.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 24.11. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftControllerManager schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified OpenShiftControllerManager
Table 24.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 24.13. Body parameters
ParameterTypeDescription

body

OpenShiftControllerManager schema

 
Table 24.14. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftControllerManager schema

201 - Created

OpenShiftControllerManager schema

401 - Unauthorized

Empty

24.2.3. /apis/operator.openshift.io/v1/openshiftcontrollermanagers/{name}/status

Table 24.15. Global path parameters
ParameterTypeDescription

name

string

name of the OpenShiftControllerManager

HTTP method
GET
Description
read status of the specified OpenShiftControllerManager
Table 24.16. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftControllerManager schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified OpenShiftControllerManager
Table 24.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 24.18. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftControllerManager schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified OpenShiftControllerManager
Table 24.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 24.20. Body parameters
ParameterTypeDescription

body

OpenShiftControllerManager schema

 
Table 24.21. HTTP responses
HTTP codeReponse body

200 - OK

OpenShiftControllerManager schema

201 - Created

OpenShiftControllerManager schema

401 - Unauthorized

Empty

Chapter 25. OperatorPKI [network.operator.openshift.io/v1]

Description

OperatorPKI is a simple certificate authority. It is not intended for external use - rather, it is internal to the network operator. The CNO creates a CA and a certificate signed by that CA. The certificate has both ClientAuth and ServerAuth extended usages enabled.

More specifically, given an OperatorPKI with <name>, the CNO will manage:
  • A Secret called <name>-ca with two data keys:
  • tls.key - the private key
  • tls.crt - the CA certificate
  • A ConfigMap called <name>-ca with a single data key:
  • cabundle.crt - the CA certificate(s)
  • A Secret called <name>-cert with two data keys:
  • tls.key - the private key
  • tls.crt - the certificate, signed by the CA

The CA certificate will have a validity of 10 years, rotated after 9. The target certificate will have a validity of 6 months, rotated after 3

The CA certificate will have a CommonName of "<namespace>_<name>-ca@<timestamp>", where <timestamp> is the last rotation time.

Type
object
Required
  • spec

25.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

OperatorPKISpec is the PKI configuration.

status

object

OperatorPKIStatus is not implemented.

25.1.1. .spec

Description
OperatorPKISpec is the PKI configuration.
Type
object
Required
  • targetCert
PropertyTypeDescription

targetCert

object

targetCert configures the certificate signed by the CA. It will have both ClientAuth and ServerAuth enabled

25.1.2. .spec.targetCert

Description
targetCert configures the certificate signed by the CA. It will have both ClientAuth and ServerAuth enabled
Type
object
Required
  • commonName
PropertyTypeDescription

commonName

string

commonName is the value in the certificate’s CN

25.1.3. .status

Description
OperatorPKIStatus is not implemented.
Type
object

25.2. API endpoints

The following API endpoints are available:

  • /apis/network.operator.openshift.io/v1/operatorpkis

    • GET: list objects of kind OperatorPKI
  • /apis/network.operator.openshift.io/v1/namespaces/{namespace}/operatorpkis

    • DELETE: delete collection of OperatorPKI
    • GET: list objects of kind OperatorPKI
    • POST: create an OperatorPKI
  • /apis/network.operator.openshift.io/v1/namespaces/{namespace}/operatorpkis/{name}

    • DELETE: delete an OperatorPKI
    • GET: read the specified OperatorPKI
    • PATCH: partially update the specified OperatorPKI
    • PUT: replace the specified OperatorPKI

25.2.1. /apis/network.operator.openshift.io/v1/operatorpkis

HTTP method
GET
Description
list objects of kind OperatorPKI
Table 25.1. HTTP responses
HTTP codeReponse body

200 - OK

OperatorPKIList schema

401 - Unauthorized

Empty

25.2.2. /apis/network.operator.openshift.io/v1/namespaces/{namespace}/operatorpkis

HTTP method
DELETE
Description
delete collection of OperatorPKI
Table 25.2. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind OperatorPKI
Table 25.3. HTTP responses
HTTP codeReponse body

200 - OK

OperatorPKIList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create an OperatorPKI
Table 25.4. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 25.5. Body parameters
ParameterTypeDescription

body

OperatorPKI schema

 
Table 25.6. HTTP responses
HTTP codeReponse body

200 - OK

OperatorPKI schema

201 - Created

OperatorPKI schema

202 - Accepted

OperatorPKI schema

401 - Unauthorized

Empty

25.2.3. /apis/network.operator.openshift.io/v1/namespaces/{namespace}/operatorpkis/{name}

Table 25.7. Global path parameters
ParameterTypeDescription

name

string

name of the OperatorPKI

HTTP method
DELETE
Description
delete an OperatorPKI
Table 25.8. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 25.9. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified OperatorPKI
Table 25.10. HTTP responses
HTTP codeReponse body

200 - OK

OperatorPKI schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified OperatorPKI
Table 25.11. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 25.12. HTTP responses
HTTP codeReponse body

200 - OK

OperatorPKI schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified OperatorPKI
Table 25.13. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 25.14. Body parameters
ParameterTypeDescription

body

OperatorPKI schema

 
Table 25.15. HTTP responses
HTTP codeReponse body

200 - OK

OperatorPKI schema

201 - Created

OperatorPKI schema

401 - Unauthorized

Empty

Chapter 26. ServiceCA [operator.openshift.io/v1]

Description
ServiceCA provides information to configure an operator to manage the service cert controllers Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

26.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

26.1.1. .spec

Description
spec holds user settable values for configuration
Type
object
PropertyTypeDescription

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

26.1.2. .status

Description
status holds observed values from the cluster. They may not be overridden.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

26.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

26.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

26.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

26.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

26.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/servicecas

    • DELETE: delete collection of ServiceCA
    • GET: list objects of kind ServiceCA
    • POST: create a ServiceCA
  • /apis/operator.openshift.io/v1/servicecas/{name}

    • DELETE: delete a ServiceCA
    • GET: read the specified ServiceCA
    • PATCH: partially update the specified ServiceCA
    • PUT: replace the specified ServiceCA
  • /apis/operator.openshift.io/v1/servicecas/{name}/status

    • GET: read status of the specified ServiceCA
    • PATCH: partially update status of the specified ServiceCA
    • PUT: replace status of the specified ServiceCA

26.2.1. /apis/operator.openshift.io/v1/servicecas

HTTP method
DELETE
Description
delete collection of ServiceCA
Table 26.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind ServiceCA
Table 26.2. HTTP responses
HTTP codeReponse body

200 - OK

ServiceCAList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a ServiceCA
Table 26.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 26.4. Body parameters
ParameterTypeDescription

body

ServiceCA schema

 
Table 26.5. HTTP responses
HTTP codeReponse body

200 - OK

ServiceCA schema

201 - Created

ServiceCA schema

202 - Accepted

ServiceCA schema

401 - Unauthorized

Empty

26.2.2. /apis/operator.openshift.io/v1/servicecas/{name}

Table 26.6. Global path parameters
ParameterTypeDescription

name

string

name of the ServiceCA

HTTP method
DELETE
Description
delete a ServiceCA
Table 26.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 26.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified ServiceCA
Table 26.9. HTTP responses
HTTP codeReponse body

200 - OK

ServiceCA schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified ServiceCA
Table 26.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 26.11. HTTP responses
HTTP codeReponse body

200 - OK

ServiceCA schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified ServiceCA
Table 26.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 26.13. Body parameters
ParameterTypeDescription

body

ServiceCA schema

 
Table 26.14. HTTP responses
HTTP codeReponse body

200 - OK

ServiceCA schema

201 - Created

ServiceCA schema

401 - Unauthorized

Empty

26.2.3. /apis/operator.openshift.io/v1/servicecas/{name}/status

Table 26.15. Global path parameters
ParameterTypeDescription

name

string

name of the ServiceCA

HTTP method
GET
Description
read status of the specified ServiceCA
Table 26.16. HTTP responses
HTTP codeReponse body

200 - OK

ServiceCA schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified ServiceCA
Table 26.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 26.18. HTTP responses
HTTP codeReponse body

200 - OK

ServiceCA schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified ServiceCA
Table 26.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 26.20. Body parameters
ParameterTypeDescription

body

ServiceCA schema

 
Table 26.21. HTTP responses
HTTP codeReponse body

200 - OK

ServiceCA schema

201 - Created

ServiceCA schema

401 - Unauthorized

Empty

Chapter 27. Storage [operator.openshift.io/v1]

Description
Storage provides a means to configure an operator to manage the cluster storage operator. cluster is the canonical name. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
  • spec

27.1. Specification

PropertyTypeDescription

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

27.1.1. .spec

Description
spec holds user settable values for configuration
Type
object
PropertyTypeDescription

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

vsphereStorageDriver

string

VSphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is CSIWithMigrationDriver and may not be changed. DEPRECATED: This field will be removed in a future release.

27.1.2. .status

Description
status holds observed values from the cluster. They may not be overridden.
Type
object
PropertyTypeDescription

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

27.1.3. .status.conditions

Description
conditions is a list of conditions and their status
Type
array

27.1.4. .status.conditions[]

Description
OperatorCondition is just the standard condition fields.
Type
object
Required
  • type
PropertyTypeDescription

lastTransitionTime

string

 

message

string

 

reason

string

 

status

string

 

type

string

 

27.1.5. .status.generations

Description
generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
Type
array

27.1.6. .status.generations[]

Description
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
Type
object
PropertyTypeDescription

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

27.2. API endpoints

The following API endpoints are available:

  • /apis/operator.openshift.io/v1/storages

    • DELETE: delete collection of Storage
    • GET: list objects of kind Storage
    • POST: create a Storage
  • /apis/operator.openshift.io/v1/storages/{name}

    • DELETE: delete a Storage
    • GET: read the specified Storage
    • PATCH: partially update the specified Storage
    • PUT: replace the specified Storage
  • /apis/operator.openshift.io/v1/storages/{name}/status

    • GET: read status of the specified Storage
    • PATCH: partially update status of the specified Storage
    • PUT: replace status of the specified Storage

27.2.1. /apis/operator.openshift.io/v1/storages

HTTP method
DELETE
Description
delete collection of Storage
Table 27.1. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
list objects of kind Storage
Table 27.2. HTTP responses
HTTP codeReponse body

200 - OK

StorageList schema

401 - Unauthorized

Empty

HTTP method
POST
Description
create a Storage
Table 27.3. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 27.4. Body parameters
ParameterTypeDescription

body

Storage schema

 
Table 27.5. HTTP responses
HTTP codeReponse body

200 - OK

Storage schema

201 - Created

Storage schema

202 - Accepted

Storage schema

401 - Unauthorized

Empty

27.2.2. /apis/operator.openshift.io/v1/storages/{name}

Table 27.6. Global path parameters
ParameterTypeDescription

name

string

name of the Storage

HTTP method
DELETE
Description
delete a Storage
Table 27.7. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

Table 27.8. HTTP responses
HTTP codeReponse body

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

HTTP method
GET
Description
read the specified Storage
Table 27.9. HTTP responses
HTTP codeReponse body

200 - OK

Storage schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update the specified Storage
Table 27.10. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 27.11. HTTP responses
HTTP codeReponse body

200 - OK

Storage schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace the specified Storage
Table 27.12. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 27.13. Body parameters
ParameterTypeDescription

body

Storage schema

 
Table 27.14. HTTP responses
HTTP codeReponse body

200 - OK

Storage schema

201 - Created

Storage schema

401 - Unauthorized

Empty

27.2.3. /apis/operator.openshift.io/v1/storages/{name}/status

Table 27.15. Global path parameters
ParameterTypeDescription

name

string

name of the Storage

HTTP method
GET
Description
read status of the specified Storage
Table 27.16. HTTP responses
HTTP codeReponse body

200 - OK

Storage schema

401 - Unauthorized

Empty

HTTP method
PATCH
Description
partially update status of the specified Storage
Table 27.17. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 27.18. HTTP responses
HTTP codeReponse body

200 - OK

Storage schema

401 - Unauthorized

Empty

HTTP method
PUT
Description
replace status of the specified Storage
Table 27.19. Query parameters
ParameterTypeDescription

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

Table 27.20. Body parameters
ParameterTypeDescription

body

Storage schema

 
Table 27.21. HTTP responses
HTTP codeReponse body

200 - OK

Storage schema

201 - Created

Storage schema

401 - Unauthorized

Empty

Legal Notice

Copyright © 2024 Red Hat, Inc.

OpenShift documentation is licensed under the Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0).

Modified versions must remove all Red Hat trademarks.

Portions adapted from https://github.com/kubernetes-incubator/service-catalog/ with modifications by Red Hat.

Red Hat, Red Hat Enterprise Linux, the Red Hat logo, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.