Config APIs
Reference guide for config APIs
Abstract
Chapter 1. Config APIs
1.1. APIServer [config.openshift.io/v1]
- Description
- APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.2. Authentication [config.openshift.io/v1]
- Description
-
Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is
cluster
. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.3. Build [config.openshift.io/v1]
- Description
- Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. The canonical name is "cluster" Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.4. ClusterOperator [config.openshift.io/v1]
- Description
- ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.5. ClusterVersion [config.openshift.io/v1]
- Description
- ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.6. Console [config.openshift.io/v1]
- Description
-
Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is
cluster
. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.7. DNS [config.openshift.io/v1]
- Description
-
DNS holds cluster-wide information about DNS. The canonical name is
cluster
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.8. FeatureGate [config.openshift.io/v1]
- Description
-
Feature holds cluster-wide information about feature gates. The canonical name is
cluster
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.9. HelmChartRepository [helm.openshift.io/v1beta1]
- Description
- HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
- Type
-
object
1.10. Image [config.openshift.io/v1]
- Description
- Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift’s image registry to the public, this also lets cluster admins specify the external hostname. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.11. ImageContentPolicy [config.openshift.io/v1]
- Description
- ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.12. Infrastructure [config.openshift.io/v1]
- Description
-
Infrastructure holds cluster-wide information about Infrastructure. The canonical name is
cluster
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.13. Ingress [config.openshift.io/v1]
- Description
-
Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is
cluster
. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.14. Network [config.openshift.io/v1]
- Description
-
Network holds cluster-wide information about Network. The canonical name is
cluster
. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.15. Node [config.openshift.io/v1]
- Description
- Node holds cluster-wide information about node specific features. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.16. OAuth [config.openshift.io/v1]
- Description
-
OAuth holds cluster-wide information about OAuth. The canonical name is
cluster
. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.17. OperatorHub [config.openshift.io/v1]
- Description
- OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.18. Project [config.openshift.io/v1]
- Description
-
Project holds cluster-wide information about Project. The canonical name is
cluster
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.19. ProjectHelmChartRepository [helm.openshift.io/v1beta1]
- Description
- ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
- Type
-
object
1.20. Proxy [config.openshift.io/v1]
- Description
-
Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is
cluster
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.21. Scheduler [config.openshift.io/v1]
- Description
-
Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is
cluster
. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
Chapter 2. APIServer [config.openshift.io/v1]
- Description
- APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
2.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec holds user settable values for configuration |
|
| status holds observed values from the cluster. They may not be overridden. |
2.1.1. .spec
- Description
- spec holds user settable values for configuration
- Type
-
object
Property | Type | Description |
---|---|---|
|
| additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language. |
|
| audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster. |
|
| clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle. |
|
| encryption allows the configuration of encryption of resources at the datastore layer. |
|
| servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic. |
|
| tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12. |
2.1.2. .spec.audit
- Description
- audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies. |
|
| AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile. |
|
|
profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. Warning: It is not recommended to disable audit logging by using the |
2.1.3. .spec.audit.customRules
- Description
- customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.
- Type
-
array
2.1.4. .spec.audit.customRules[]
- Description
- AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.
- Type
-
object
- Required
-
group
-
profile
-
Property | Type | Description |
---|---|---|
|
| group is a name of group a request user must be member of in order to this profile to apply. |
|
| profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. If unset, the 'Default' profile is used as the default. |
2.1.5. .spec.clientCA
- Description
- clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
2.1.6. .spec.encryption
- Description
- encryption allows the configuration of encryption of resources at the datastore layer.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io |
2.1.7. .spec.servingCerts
- Description
- servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used. |
|
| APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate. |
2.1.8. .spec.servingCerts.namedCertificates
- Description
- namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
- Type
-
array
2.1.9. .spec.servingCerts.namedCertificates[]
- Description
- APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. |
|
| servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate. |
2.1.10. .spec.servingCerts.namedCertificates[].servingCertificate
- Description
- servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced secret |
2.1.11. .spec.tlsSecurityProfile
- Description
- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.
- Type
-
object
Property | Type | Description |
---|---|---|
| `` | custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1 |
| `` | intermediate is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2 |
| `` | modern is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 NOTE: Currently unsupported. |
| `` | old is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0 |
|
| type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries. |
2.1.12. .status
- Description
- status holds observed values from the cluster. They may not be overridden.
- Type
-
object
2.2. API endpoints
The following API endpoints are available:
/apis/config.openshift.io/v1/apiservers
-
DELETE
: delete collection of APIServer -
GET
: list objects of kind APIServer -
POST
: create an APIServer
-
/apis/config.openshift.io/v1/apiservers/{name}
-
DELETE
: delete an APIServer -
GET
: read the specified APIServer -
PATCH
: partially update the specified APIServer -
PUT
: replace the specified APIServer
-
/apis/config.openshift.io/v1/apiservers/{name}/status
-
GET
: read status of the specified APIServer -
PATCH
: partially update status of the specified APIServer -
PUT
: replace status of the specified APIServer
-
2.2.1. /apis/config.openshift.io/v1/apiservers
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
DELETE
- Description
- delete collection of APIServer
Parameter | Type | Description |
---|---|---|
|
| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. |
|
| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
| A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
| A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind APIServer
Parameter | Type | Description |
---|---|---|
|
| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. |
|
| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
| A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
| A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an APIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
2.2.2. /apis/config.openshift.io/v1/apiservers/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the APIServer |
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
DELETE
- Description
- delete an APIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. |
|
| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both. |
|
| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified APIServer
Parameter | Type | Description |
---|---|---|
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified APIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified APIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
2.2.3. /apis/config.openshift.io/v1/apiservers/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the APIServer |
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
GET
- Description
- read status of the specified APIServer
Parameter | Type | Description |
---|---|---|
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified APIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified APIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 3. Authentication [config.openshift.io/v1]
- Description
-
Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is
cluster
. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
- Required
-
spec
-
3.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec holds user settable values for configuration |
|
| status holds observed values from the cluster. They may not be overridden. |
3.1.1. .spec
- Description
- spec holds user settable values for configuration
- Type
-
object
Property | Type | Description |
---|---|---|
|
| oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config. |
|
| serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption. |
|
| type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth. |
|
| webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. |
|
| webhookTokenAuthenticators is DEPRECATED, setting it has no effect. |
|
| deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It’s the same as WebhookTokenAuthenticator but it’s missing the 'required' validation on KubeConfig field. |
3.1.2. .spec.oauthMetadata
- Description
- oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
3.1.3. .spec.webhookTokenAuthenticator
- Description
- webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.
- Type
-
object
- Required
-
kubeConfig
-
Property | Type | Description |
---|---|---|
|
| kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. |
3.1.4. .spec.webhookTokenAuthenticator.kubeConfig
- Description
- kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced secret |
3.1.5. .spec.webhookTokenAuthenticators
- Description
- webhookTokenAuthenticators is DEPRECATED, setting it has no effect.
- Type
-
array
3.1.6. .spec.webhookTokenAuthenticators[]
- Description
- deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It’s the same as WebhookTokenAuthenticator but it’s missing the 'required' validation on KubeConfig field.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use. |
3.1.7. .spec.webhookTokenAuthenticators[].kubeConfig
- Description
- kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced secret |
3.1.8. .status
- Description
- status holds observed values from the cluster. They may not be overridden.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed. |
3.1.9. .status.integratedOAuthMetadata
- Description
- integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
3.2. API endpoints
The following API endpoints are available:
/apis/config.openshift.io/v1/authentications
-
DELETE
: delete collection of Authentication -
GET
: list objects of kind Authentication -
POST
: create an Authentication
-
/apis/config.openshift.io/v1/authentications/{name}
-
DELETE
: delete an Authentication -
GET
: read the specified Authentication -
PATCH
: partially update the specified Authentication -
PUT
: replace the specified Authentication
-
/apis/config.openshift.io/v1/authentications/{name}/status
-
GET
: read status of the specified Authentication -
PATCH
: partially update status of the specified Authentication -
PUT
: replace status of the specified Authentication
-
3.2.1. /apis/config.openshift.io/v1/authentications
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
DELETE
- Description
- delete collection of Authentication
Parameter | Type | Description |
---|---|---|
|
| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. |
|
| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
| A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
| A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Authentication
Parameter | Type | Description |
---|---|---|
|
| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. |
|
| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
| A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
| A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
3.2.2. /apis/config.openshift.io/v1/authentications/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Authentication |
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
DELETE
- Description
- delete an Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. |
|
| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both. |
|
| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
3.2.3. /apis/config.openshift.io/v1/authentications/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the Authentication |
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
GET
- Description
- read status of the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 4. Build [config.openshift.io/v1]
- Description
- Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. The canonical name is "cluster" Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
4.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| Spec holds user-settable values for the build controller configuration |
4.1.1. .spec
- Description
- Spec holds user-settable values for the build controller configuration
- Type
-
object
Property | Type | Description |
---|---|---|
|
| AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config. DEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead. |
|
| BuildDefaults controls the default information for Builds |
|
| BuildOverrides controls override settings for builds |
4.1.2. .spec.additionalTrustedCA
- Description
- AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config. DEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
4.1.3. .spec.buildDefaults
- Description
- BuildDefaults controls the default information for Builds
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download. Values can be overrode by setting the |
|
| Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build |
|
| EnvVar represents an environment variable present in a Container. |
|
| GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone. Values that are not set here will be inherited from DefaultProxy. |
|
| ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig. |
|
| |
|
| Resources defines resource requirements to execute the build. |
4.1.4. .spec.buildDefaults.defaultProxy
- Description
-
DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download. Values can be overrode by setting the
HTTP_PROXY
,HTTPS_PROXY
, andNO_PROXY
environment variables in the build config’s strategy. - Type
-
object
Property | Type | Description |
---|---|---|
|
| httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. |
|
| httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. |
|
| noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var. |
|
| readinessEndpoints is a list of endpoints used to verify readiness of the proxy. |
|
| trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE----- |
4.1.5. .spec.buildDefaults.defaultProxy.trustedCA
- Description
- trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
4.1.6. .spec.buildDefaults.env
- Description
- Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build
- Type
-
array
4.1.7. .spec.buildDefaults.env[]
- Description
- EnvVar represents an environment variable present in a Container.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| Name of the environment variable. Must be a C_IDENTIFIER. |
|
| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". |
|
| Source for the environment variable’s value. Cannot be used if value is not empty. |
4.1.8. .spec.buildDefaults.env[].valueFrom
- Description
- Source for the environment variable’s value. Cannot be used if value is not empty.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Selects a key of a ConfigMap. |
|
|
Selects a field of the pod: supports metadata.name, metadata.namespace, |
|
| Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. |
|
| Selects a key of a secret in the pod’s namespace |
4.1.9. .spec.buildDefaults.env[].valueFrom.configMapKeyRef
- Description
- Selects a key of a ConfigMap.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key to select. |
|
| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
| Specify whether the ConfigMap or its key must be defined |
4.1.10. .spec.buildDefaults.env[].valueFrom.fieldRef
- Description
-
Selects a field of the pod: supports metadata.name, metadata.namespace,
metadata.labels['<KEY>']
,metadata.annotations['<KEY>']
, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - Type
-
object
- Required
-
fieldPath
-
Property | Type | Description |
---|---|---|
|
| Version of the schema the FieldPath is written in terms of, defaults to "v1". |
|
| Path of the field to select in the specified API version. |
4.1.11. .spec.buildDefaults.env[].valueFrom.resourceFieldRef
- Description
- Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- Type
-
object
- Required
-
resource
-
Property | Type | Description |
---|---|---|
|
| Container name: required for volumes, optional for env vars |
|
| Specifies the output format of the exposed resources, defaults to "1" |
|
| Required: resource to select |
4.1.12. .spec.buildDefaults.env[].valueFrom.secretKeyRef
- Description
- Selects a key of a secret in the pod’s namespace
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
| Specify whether the Secret or its key must be defined |
4.1.13. .spec.buildDefaults.gitProxy
- Description
- GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone. Values that are not set here will be inherited from DefaultProxy.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. |
|
| httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. |
|
| noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var. |
|
| readinessEndpoints is a list of endpoints used to verify readiness of the proxy. |
|
| trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE----- |
4.1.14. .spec.buildDefaults.gitProxy.trustedCA
- Description
- trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
4.1.15. .spec.buildDefaults.imageLabels
- Description
- ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.
- Type
-
array
4.1.16. .spec.buildDefaults.imageLabels[]
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Name defines the name of the label. It must have non-zero length. |
|
| Value defines the literal value of the label. |
4.1.17. .spec.buildDefaults.resources
- Description
- Resources defines resource requirements to execute the build.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
4.1.18. .spec.buildOverrides
- Description
- BuildOverrides controls override settings for builds
- Type
-
object
Property | Type | Description |
---|---|---|
|
| ForcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself |
|
| ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user’s label will be overwritten. |
|
| |
|
| NodeSelector is a selector which must be true for the build pod to fit on a node |
|
| Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod. |
|
| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. |
4.1.19. .spec.buildOverrides.imageLabels
- Description
- ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user’s label will be overwritten.
- Type
-
array
4.1.20. .spec.buildOverrides.imageLabels[]
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Name defines the name of the label. It must have non-zero length. |
|
| Value defines the literal value of the label. |
4.1.21. .spec.buildOverrides.tolerations
- Description
- Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.
- Type
-
array
4.1.22. .spec.buildOverrides.tolerations[]
- Description
- The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. |
|
| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. |
|
| Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. |
|
| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. |
|
| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. |
4.2. API endpoints
The following API endpoints are available:
/apis/config.openshift.io/v1/builds
-
DELETE
: delete collection of Build -
GET
: list objects of kind Build -
POST
: create a Build
-
/apis/config.openshift.io/v1/builds/{name}
-
DELETE
: delete a Build -
GET
: read the specified Build -
PATCH
: partially update the specified Build -
PUT
: replace the specified Build
-
/apis/config.openshift.io/v1/builds/{name}/status
-
GET
: read status of the specified Build -
PATCH
: partially update status of the specified Build -
PUT
: replace status of the specified Build
-
4.2.1. /apis/config.openshift.io/v1/builds
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
DELETE
- Description
- delete collection of Build
Parameter | Type | Description |
---|---|---|
|
| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. |
|
| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
| A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
| A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Build
Parameter | Type | Description |
---|---|---|
|
| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. |
|
| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
| A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
| A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a Build
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
4.2.2. /apis/config.openshift.io/v1/builds/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Build |
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
DELETE
- Description
- delete a Build
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. |
|
| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both. |
|
| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Build
Parameter | Type | Description |
---|---|---|
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Build
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Build
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
4.2.3. /apis/config.openshift.io/v1/builds/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the Build |
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
GET
- Description
- read status of the specified Build
Parameter | Type | Description |
---|---|---|
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified Build
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified Build
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 5. ClusterOperator [config.openshift.io/v1]
- Description
- ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
5.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec holds configuration that could apply to any operator. |
|
| status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem. |
5.1.1. .spec
- Description
- spec holds configuration that could apply to any operator.
- Type
-
object
5.1.2. .status
- Description
- status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions describes the state of the operator’s managed and monitored components. |
|
| ClusterOperatorStatusCondition represents the state of the operator’s managed and monitored components. |
| `` | extension contains any additional status information specific to the operator which owns this status object. |
|
| relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces |
|
| ObjectReference contains enough information to let you inspect or modify the referred object. |
|
| versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name "operator". An operator reports a new "operator" version when it has rolled out the new version to all of its operands. |
|
|
5.1.3. .status.conditions
- Description
- conditions describes the state of the operator’s managed and monitored components.
- Type
-
array
5.1.4. .status.conditions[]
- Description
- ClusterOperatorStatusCondition represents the state of the operator’s managed and monitored components.
- Type
-
object
- Required
-
lastTransitionTime
-
status
-
type
-
Property | Type | Description |
---|---|---|
|
| lastTransitionTime is the time of the last update to the current status property. |
|
| message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. |
|
| reason is the CamelCase reason for the condition’s current status. |
|
| status of the condition, one of True, False, Unknown. |
|
| type specifies the aspect reported by this condition. |
5.1.7. .status.versions
- Description
- versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name "operator". An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
- Type
-
array
5.1.8. .status.versions[]
- Description
- Type
-
object
- Required
-
name
-
version
-
Property | Type | Description |
---|---|---|
|
| name is the name of the particular operand this version is for. It usually matches container images, not operators. |
|
| version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0 |
5.2. API endpoints
The following API endpoints are available:
/apis/config.openshift.io/v1/clusteroperators
-
DELETE
: delete collection of ClusterOperator -
GET
: list objects of kind ClusterOperator -
POST
: create a ClusterOperator
-
/apis/config.openshift.io/v1/clusteroperators/{name}
-
DELETE
: delete a ClusterOperator -
GET
: read the specified ClusterOperator -
PATCH
: partially update the specified ClusterOperator -
PUT
: replace the specified ClusterOperator
-
/apis/config.openshift.io/v1/clusteroperators/{name}/status
-
GET
: read status of the specified ClusterOperator -
PATCH
: partially update status of the specified ClusterOperator -
PUT
: replace status of the specified ClusterOperator
-
5.2.1. /apis/config.openshift.io/v1/clusteroperators
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
DELETE
- Description
- delete collection of ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. |
|
| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
| A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
| A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. |
|
| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. |
|
| A selector to restrict the list of returned objects by their fields. Defaults to everything. |
|
| A selector to restrict the list of returned objects by their labels. Defaults to everything. |
|
|
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. |
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
|
| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. |
|
| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
5.2.2. /apis/config.openshift.io/v1/clusteroperators/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the ClusterOperator |
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
DELETE
- Description
- delete a ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. |
|
| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both. |
|
| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
5.2.3. /apis/config.openshift.io/v1/clusteroperators/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the ClusterOperator |
Parameter | Type | Description |
---|---|---|
|
| If 'true', then the output is pretty printed. |
- HTTP method
-
GET
- Description
- read status of the specified ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified ClusterOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
|
|
fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 6. ClusterVersion [config.openshift.io/v1]
- Description
- ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
6.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster. |
|
| status contains information about the available updates and any in-progress updates. |
6.1.1. .spec
- Description
- spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.
- Type
-
object
- Required
-
clusterID
-
Property | Type | Description |
---|---|---|
|
| capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics. |
|
| channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters. |
|
| clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field. |
|
| desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. You may specify the version field without setting image if an update exists with that version in the availableUpdates or history. If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed. |
|
| overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object. |
|
| ComponentOverride allows overriding cluster version operator’s behavior for a component. |
|
| upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region. |
6.1.2. .spec.capabilities
- Description
- capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set. |
|
| baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent. |
6.1.3. .spec.desiredUpdate
- Description
- desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. You may specify the version field without setting image if an update exists with that version in the availableUpdates or history. If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. |
|
| image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. |
|
| version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified. |
6.1.4. .spec.overrides
- Description
- overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.
- Type
-
array
6.1.5. .spec.overrides[]
- Description
- ComponentOverride allows overriding cluster version operator’s behavior for a component.
- Type
-
object
- Required
-
group
-
kind
-
name
-
namespace
-
unmanaged
-
Property | Type | Description |
---|---|---|
|
| group identifies the API group that the kind is in. |
|
| kind indentifies which object to override. |
|
| name is the component’s name. |
|
| namespace is the component’s namespace. If the resource is cluster scoped, the namespace should be empty. |
|
| unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false |
6.1.6. .status
- Description
- status contains information about the available updates and any in-progress updates.
- Type
-
object
- Required
-
desired
-
observedGeneration
-
versionHash
-
Property | Type | Description |
---|---|---|
| `` | availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified. |
|
| capabilities describes the state of optional, core cluster components. |
|
| conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified. |
|
| ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster. |
|
| conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation. |
|
| ClusterOperatorStatusCondition represents the state of the operator’s managed and monitored components. |
|
| desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag. |
|
| history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved. |
|
| UpdateHistory is a single attempted update to the cluster. |
|
| observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version. |
|
| versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only. |
6.1.7. .status.capabilities
- Description
- capabilities describes the state of optional, core cluster components.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| enabledCapabilities lists all the capabilities that are currently managed. |
|
| knownCapabilities lists all the capabilities known to the current cluster. |
6.1.8. .status.conditionalUpdates
- Description
- conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.
- Type
-
array
6.1.9. .status.conditionalUpdates[]
- Description
- ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.
- Type
-
object
- Required
-
release
-
risks
-
Property | Type | Description |
---|---|---|
|
| conditions represents the observations of the conditional update’s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster. |
|
|
Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo’s current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition |
|
| release is the target of the update. |
|
| risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update. |
|
| ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update. |
6.1.10. .status.conditionalUpdates[].conditions
- Description
- conditions represents the observations of the conditional update’s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.
- Type
-
array
6.1.11. .status.conditionalUpdates[].conditions[]
- Description
-
Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo’s current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition
json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"
// other fields } - Type
-
object
- Required
-
lastTransitionTime
-
message
-
reason
-
status
-
type
-
Property | Type | Description |
---|---|---|
|
| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. |
|
| message is a human readable message indicating details about the transition. This may be an empty string. |
|
| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. |
|
| reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
|
| status of the condition, one of True, False, Unknown. |
|
| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
6.1.12. .status.conditionalUpdates[].release
- Description
- release is the target of the update.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| channels is the set of Cincinnati channels to which the release currently belongs. |
|
| image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. |
|
| url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases. |
|
| version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified. |
6.1.13. .status.conditionalUpdates[].risks
- Description
- risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.
- Type
-
array
6.1.14. .status.conditionalUpdates[].risks[]
- Description
- ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.
- Type
-
object
- Required
-
matchingRules
-
message
-
name
-
url
-
Property | Type | Description |
---|---|---|
|
| matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended. |
|
| ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate. |
|
| message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. |
|
| name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state. |
|
| url contains information about this risk. |
6.1.15. .status.conditionalUpdates[].risks[].matchingRules
- Description
- matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.
- Type
-
array
6.1.16. .status.conditionalUpdates[].risks[].matchingRules[]
- Description