Operator APIs
Reference guide for Operator APIs
Abstract
Chapter 1. Operator APIs
1.1. Authentication [operator.openshift.io/v1]
- Description
- Authentication provides information to configure an operator to manage authentication. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.2. CloudCredential [operator.openshift.io/v1]
- Description
- CloudCredential provides a means to configure an operator to manage CredentialsRequests. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.3. ClusterCSIDriver [operator.openshift.io/v1]
- Description
- ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.4. Console [operator.openshift.io/v1]
- Description
- Console provides a means to configure an operator to manage the console. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.5. Config [operator.openshift.io/v1]
- Description
- Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.6. Config [imageregistry.operator.openshift.io/v1]
- Description
- Config is the configuration object for a registry instance managed by the registry operator Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.7. Config [samples.operator.openshift.io/v1]
- Description
- Config contains the configuration and detailed condition status for the Samples Operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.8. CSISnapshotController [operator.openshift.io/v1]
- Description
-
CSISnapshotController provides a means to configure an operator to manage the CSI snapshots.
cluster
is the canonical name. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
1.9. DNS [operator.openshift.io/v1]
- Description
- DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster. This supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.10. DNSRecord [ingress.operator.openshift.io/v1]
- Description
- DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. Cluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators. If DNSManagementPolicy is "Unmanaged", the operator will not be responsible for managing the DNS records on the cloud provider. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.11. Etcd [operator.openshift.io/v1]
- Description
- Etcd provides information to configure an operator to manage etcd. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.12. ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
- Description
- ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
- Type
-
object
1.13. ImagePruner [imageregistry.operator.openshift.io/v1]
- Description
- ImagePruner is the configuration object for an image registry pruner managed by the registry operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.14. IngressController [operator.openshift.io/v1]
- Description
- IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources. When an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out. https://kubernetes.io/docs/concepts/services-networking/ingress-controllers Whenever possible, sensible defaults for the platform are used. See each field for more details. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.15. InsightsOperator [operator.openshift.io/v1]
- Description
- InsightsOperator holds cluster-wide information about the Insights Operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.16. KubeAPIServer [operator.openshift.io/v1]
- Description
- KubeAPIServer provides information to configure an operator to manage kube-apiserver. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.17. KubeControllerManager [operator.openshift.io/v1]
- Description
- KubeControllerManager provides information to configure an operator to manage kube-controller-manager. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.18. KubeScheduler [operator.openshift.io/v1]
- Description
- KubeScheduler provides information to configure an operator to manage scheduler. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.19. KubeStorageVersionMigrator [operator.openshift.io/v1]
- Description
- KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.20. MachineConfiguration [operator.openshift.io/v1]
- Description
- MachineConfiguration provides information to configure an operator to manage Machine Configuration. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.21. Network [operator.openshift.io/v1]
- Description
- Network describes the cluster’s desired network configuration. It is consumed by the cluster-network-operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.22. OpenShiftAPIServer [operator.openshift.io/v1]
- Description
- OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.23. OpenShiftControllerManager [operator.openshift.io/v1]
- Description
- OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.24. OperatorPKI [network.operator.openshift.io/v1]
- Description
OperatorPKI is a simple certificate authority. It is not intended for external use - rather, it is internal to the network operator. The CNO creates a CA and a certificate signed by that CA. The certificate has both ClientAuth and ServerAuth extended usages enabled.
More specifically, given an OperatorPKI with <name>, the CNO will manage:
- A Secret called <name>-ca with two data keys:
- tls.key - the private key
- tls.crt - the CA certificate
- A ConfigMap called <name>-ca with a single data key:
- cabundle.crt - the CA certificate(s)
- A Secret called <name>-cert with two data keys:
- tls.key - the private key
- tls.crt - the certificate, signed by the CA
The CA certificate will have a validity of 10 years, rotated after 9. The target certificate will have a validity of 6 months, rotated after 3
The CA certificate will have a CommonName of "<namespace>_<name>-ca@<timestamp>", where <timestamp> is the last rotation time.
- Type
-
object
1.25. ServiceCA [operator.openshift.io/v1]
- Description
- ServiceCA provides information to configure an operator to manage the service cert controllers Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.26. Storage [operator.openshift.io/v1]
- Description
-
Storage provides a means to configure an operator to manage the cluster storage operator.
cluster
is the canonical name. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
Chapter 2. Authentication [operator.openshift.io/v1]
- Description
- Authentication provides information to configure an operator to manage authentication. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
2.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| |
|
|
2.1.1. .spec
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
2.1.2. .status
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| OAuthAPIServer holds status specific only to oauth-apiserver |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
2.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
2.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
2.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
2.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
2.1.7. .status.oauthAPIServer
- Description
- OAuthAPIServer holds status specific only to oauth-apiserver
- Type
-
object
Property | Type | Description |
---|---|---|
|
| LatestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods. |
2.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/authentications
-
DELETE
: delete collection of Authentication -
GET
: list objects of kind Authentication -
POST
: create an Authentication
-
/apis/operator.openshift.io/v1/authentications/{name}
-
DELETE
: delete an Authentication -
GET
: read the specified Authentication -
PATCH
: partially update the specified Authentication -
PUT
: replace the specified Authentication
-
/apis/operator.openshift.io/v1/authentications/{name}/status
-
GET
: read status of the specified Authentication -
PATCH
: partially update status of the specified Authentication -
PUT
: replace status of the specified Authentication
-
2.2.1. /apis/operator.openshift.io/v1/authentications
- HTTP method
-
DELETE
- Description
- delete collection of Authentication
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Authentication
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
2.2.2. /apis/operator.openshift.io/v1/authentications/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Authentication |
- HTTP method
-
DELETE
- Description
- delete an Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Authentication
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
2.2.3. /apis/operator.openshift.io/v1/authentications/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the Authentication |
- HTTP method
-
GET
- Description
- read status of the specified Authentication
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified Authentication
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 3. CloudCredential [operator.openshift.io/v1]
- Description
- CloudCredential provides a means to configure an operator to manage CredentialsRequests. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
3.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator. |
|
| CloudCredentialStatus defines the observed status of the cloud-credential-operator. |
3.1.1. .spec
- Description
- CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into "manual" mode if desired. Leaving the field in default mode runs CCO so that the cluster’s cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" Others: Do not set value as other platforms only support running in "Passthrough" |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
3.1.2. .status
- Description
- CloudCredentialStatus defines the observed status of the cloud-credential-operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
3.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
3.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
3.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
3.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
3.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/cloudcredentials
-
DELETE
: delete collection of CloudCredential -
GET
: list objects of kind CloudCredential -
POST
: create a CloudCredential
-
/apis/operator.openshift.io/v1/cloudcredentials/{name}
-
DELETE
: delete a CloudCredential -
GET
: read the specified CloudCredential -
PATCH
: partially update the specified CloudCredential -
PUT
: replace the specified CloudCredential
-
/apis/operator.openshift.io/v1/cloudcredentials/{name}/status
-
GET
: read status of the specified CloudCredential -
PATCH
: partially update status of the specified CloudCredential -
PUT
: replace status of the specified CloudCredential
-
3.2.1. /apis/operator.openshift.io/v1/cloudcredentials
- HTTP method
-
DELETE
- Description
- delete collection of CloudCredential
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind CloudCredential
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a CloudCredential
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
3.2.2. /apis/operator.openshift.io/v1/cloudcredentials/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the CloudCredential |
- HTTP method
-
DELETE
- Description
- delete a CloudCredential
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified CloudCredential
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified CloudCredential
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified CloudCredential
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
3.2.3. /apis/operator.openshift.io/v1/cloudcredentials/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the CloudCredential |
- HTTP method
-
GET
- Description
- read status of the specified CloudCredential
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified CloudCredential
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified CloudCredential
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 4. ClusterCSIDriver [operator.openshift.io/v1]
- Description
- ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
4.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec holds user settable values for configuration |
|
| status holds observed values from the cluster. They may not be overridden. |
4.1.1. .spec
- Description
- spec holds user settable values for configuration
- Type
-
object
Property | Type | Description |
---|---|---|
|
| driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| StorageClassState determines if CSI operator should create and manage storage classes. If this field value is empty or Managed - CSI operator will continuously reconcile storage class and create if necessary. If this field value is Unmanaged - CSI operator will not reconcile any previously created storage class. If this field value is Removed - CSI operator will delete the storage class it created previously. When omitted, this means the user has no opinion and the platform chooses a reasonable default, which is subject to change over time. The current default behaviour is Managed. |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
4.1.2. .spec.driverConfig
- Description
- driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
- Type
-
object
- Required
-
driverType
-
Property | Type | Description |
---|---|---|
|
| aws is used to configure the AWS CSI driver. |
|
| azure is used to configure the Azure CSI driver. |
|
| driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP. |
|
| gcp is used to configure the GCP CSI driver. |
|
| ibmcloud is used to configure the IBM Cloud CSI driver. |
|
| vsphere is used to configure the vsphere CSI driver. |
4.1.3. .spec.driverConfig.aws
- Description
- aws is used to configure the AWS CSI driver.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key. |
4.1.4. .spec.driverConfig.azure
- Description
- azure is used to configure the Azure CSI driver.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys. |
4.1.5. .spec.driverConfig.azure.diskEncryptionSet
- Description
- diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.
- Type
-
object
- Required
-
name
-
resourceGroup
-
subscriptionID
-
Property | Type | Description |
---|---|---|
|
| name is the name of the disk encryption set that will be set on the default storage class. The value should consist of only alphanumberic characters, underscores (_), hyphens, and be at most 80 characters in length. |
|
| resourceGroup defines the Azure resource group that contains the disk encryption set. The value should consist of only alphanumberic characters, underscores (_), parentheses, hyphens and periods. The value should not end in a period and be at most 90 characters in length. |
|
| subscriptionID defines the Azure subscription that contains the disk encryption set. The value should meet the following conditions: 1. It should be a 128-bit number. 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. 3. It should be displayed in five groups separated by hyphens (-). 4. The first group should be 8 characters long. 5. The second, third, and fourth groups should be 4 characters long. 6. The fifth group should be 12 characters long. An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378 |
4.1.6. .spec.driverConfig.gcp
- Description
- gcp is used to configure the GCP CSI driver.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP. |
4.1.7. .spec.driverConfig.gcp.kmsKey
- Description
- kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.
- Type
-
object
- Required
-
keyRing
-
name
-
projectID
-
Property | Type | Description |
---|---|---|
|
| keyRing is the name of the KMS Key Ring which the KMS Key belongs to. The value should correspond to an existing KMS key ring and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length. |
|
| location is the GCP location in which the Key Ring exists. The value must match an existing GCP location, or "global". Defaults to global, if not set. |
|
| name is the name of the customer-managed encryption key to be used for disk encryption. The value should correspond to an existing KMS key and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length. |
|
| projectID is the ID of the Project in which the KMS Key Ring exists. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. |
4.1.8. .spec.driverConfig.ibmcloud
- Description
- ibmcloud is used to configure the IBM Cloud CSI driver.
- Type
-
object
- Required
-
encryptionKeyCRN
-
Property | Type | Description |
---|---|---|
|
| encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes. |
4.1.9. .spec.driverConfig.vSphere
- Description
- vsphere is used to configure the vsphere CSI driver.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected. |
4.1.10. .status
- Description
- status holds observed values from the cluster. They may not be overridden.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
4.1.11. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
4.1.12. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
4.1.13. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
4.1.14. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
4.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/clustercsidrivers
-
DELETE
: delete collection of ClusterCSIDriver -
GET
: list objects of kind ClusterCSIDriver -
POST
: create a ClusterCSIDriver
-
/apis/operator.openshift.io/v1/clustercsidrivers/{name}
-
DELETE
: delete a ClusterCSIDriver -
GET
: read the specified ClusterCSIDriver -
PATCH
: partially update the specified ClusterCSIDriver -
PUT
: replace the specified ClusterCSIDriver
-
/apis/operator.openshift.io/v1/clustercsidrivers/{name}/status
-
GET
: read status of the specified ClusterCSIDriver -
PATCH
: partially update status of the specified ClusterCSIDriver -
PUT
: replace status of the specified ClusterCSIDriver
-
4.2.1. /apis/operator.openshift.io/v1/clustercsidrivers
- HTTP method
-
DELETE
- Description
- delete collection of ClusterCSIDriver
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind ClusterCSIDriver
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a ClusterCSIDriver
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
4.2.2. /apis/operator.openshift.io/v1/clustercsidrivers/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the ClusterCSIDriver |
- HTTP method
-
DELETE
- Description
- delete a ClusterCSIDriver
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified ClusterCSIDriver
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified ClusterCSIDriver
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified ClusterCSIDriver
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
4.2.3. /apis/operator.openshift.io/v1/clustercsidrivers/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the ClusterCSIDriver |
- HTTP method
-
GET
- Description
- read status of the specified ClusterCSIDriver
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified ClusterCSIDriver
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified ClusterCSIDriver
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 5. Console [operator.openshift.io/v1]
- Description
- Console provides a means to configure an operator to manage the console. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
5.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| ConsoleSpec is the specification of the desired behavior of the Console. |
|
| ConsoleStatus defines the observed status of the Console. |
5.1.1. .spec
- Description
- ConsoleSpec is the specification of the desired behavior of the Console.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| customization is used to optionally provide a small set of customization options to the web console. |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| plugins defines a list of enabled console plugin names. |
|
| providers contains configuration for using specific service providers. |
|
| route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
5.1.2. .spec.customization
- Description
- customization is used to optionally provide a small set of customization options to the web console.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| addPage allows customizing actions on the Add page in developer perspective. |
|
| brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout. |
|
| customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred |
|
| customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name. |
|
| developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs). |
|
| documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout. |
|
| perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown. |
|
| Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown |
|
| projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options. |
|
| quickStarts allows customization of available ConsoleQuickStart resources in console. |
5.1.3. .spec.customization.addPage
- Description
- addPage allows customizing actions on the Add page in developer perspective.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID. |
5.1.4. .spec.customization.customLogoFile
- Description
- customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. |
|
|
5.1.5. .spec.customization.developerCatalog
- Description
- developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).
- Type
-
object
Property | Type | Description |
---|---|---|
|
| categories which are shown in the developer catalog. |
|
| DeveloperConsoleCatalogCategory for the developer console catalog. |
|
| types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown. |
5.1.6. .spec.customization.developerCatalog.categories
- Description
- categories which are shown in the developer catalog.
- Type
-
array
5.1.7. .spec.customization.developerCatalog.categories[]
- Description
- DeveloperConsoleCatalogCategory for the developer console catalog.
- Type
-
object
- Required
-
id
-
label
-
Property | Type | Description |
---|---|---|
|
| ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. |
|
| label defines a category display label. It is required and must have 1-64 characters. |
|
| subcategories defines a list of child categories. |
|
| DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category. |
|
| tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item. |
5.1.8. .spec.customization.developerCatalog.categories[].subcategories
- Description
- subcategories defines a list of child categories.
- Type
-
array
5.1.9. .spec.customization.developerCatalog.categories[].subcategories[]
- Description
- DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.
- Type
-
object
- Required
-
id
-
label
-
Property | Type | Description |
---|---|---|
|
| ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. |
|
| label defines a category display label. It is required and must have 1-64 characters. |
|
| tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item. |
5.1.10. .spec.customization.developerCatalog.types
- Description
- types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.
- Type
-
object
- Required
-
state
-
Property | Type | Description |
---|---|---|
|
| disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden. |
|
| enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown. |
|
| state defines if a list of catalog types should be enabled or disabled. |
5.1.11. .spec.customization.perspectives
- Description
- perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.
- Type
-
array
5.1.12. .spec.customization.perspectives[]
- Description
- Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown
- Type
-
object
- Required
-
id
-
visibility
-
Property | Type | Description |
---|---|---|
|
| id defines the id of the perspective. Example: "dev", "admin". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored. |
|
|
pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via |
|
| PinnedResourceReference includes the group, version and type of resource |
|
| visibility defines the state of perspective along with access review checks if needed for that perspective. |
5.1.13. .spec.customization.perspectives[].pinnedResources
- Description
-
pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via
kubectl api-resources
. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored. - Type
-
array
5.1.14. .spec.customization.perspectives[].pinnedResources[]
- Description
- PinnedResourceReference includes the group, version and type of resource
- Type
-
object
- Required
-
group
-
resource
-
version
-
Property | Type | Description |
---|---|---|
|
| group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: "", "apps", "build.openshift.io", etc. |
|
| resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: "deployments", "deploymentconfigs", "pods", etc. |
|
| version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: "v1", "v1beta1", etc. |
5.1.15. .spec.customization.perspectives[].visibility
- Description
- visibility defines the state of perspective along with access review checks if needed for that perspective.
- Type
-
object
- Required
-
state
-
Property | Type | Description |
---|---|---|
|
| accessReview defines required and missing access review checks. |
|
| state defines the perspective is enabled or disabled or access review check is required. |
5.1.16. .spec.customization.perspectives[].visibility.accessReview
- Description
- accessReview defines required and missing access review checks.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list. |
|
| ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface |
|
| required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list. |
|
| ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface |
5.1.17. .spec.customization.perspectives[].visibility.accessReview.missing
- Description
- missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.
- Type
-
array
5.1.18. .spec.customization.perspectives[].visibility.accessReview.missing[]
- Description
- ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Group is the API Group of the Resource. "*" means all. |
|
| Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. |
|
| Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview |
|
| Resource is one of the existing resource types. "*" means all. |
|
| Subresource is one of the existing resource types. "" means none. |
|
| Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. |
|
| Version is the API Version of the Resource. "*" means all. |
5.1.19. .spec.customization.perspectives[].visibility.accessReview.required
- Description
- required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.
- Type
-
array
5.1.20. .spec.customization.perspectives[].visibility.accessReview.required[]
- Description
- ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Group is the API Group of the Resource. "*" means all. |
|
| Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. |
|
| Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview |
|
| Resource is one of the existing resource types. "*" means all. |
|
| Subresource is one of the existing resource types. "" means none. |
|
| Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. |
|
| Version is the API Version of the Resource. "*" means all. |
5.1.21. .spec.customization.projectAccess
- Description
- projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab. |
5.1.22. .spec.customization.quickStarts
- Description
- quickStarts allows customization of available ConsoleQuickStart resources in console.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| disabled is a list of ConsoleQuickStart resource names that are not shown to users. |
5.1.23. .spec.providers
- Description
- providers contains configuration for using specific service providers.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| statuspage contains ID for statuspage.io page that provides status info about. |
5.1.24. .spec.providers.statuspage
- Description
- statuspage contains ID for statuspage.io page that provides status info about.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| pageID is the unique ID assigned by Statuspage for your page. This must be a public page. |
5.1.25. .spec.route
- Description
- route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED
- Type
-
object
Property | Type | Description |
---|---|---|
|
| hostname is the desired custom domain under which console will be available. |
|
| secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - "tls.crt" - to specifies custom certificate - "tls.key" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. |
5.1.26. .spec.route.secret
- Description
- secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - "tls.crt" - to specifies custom certificate - "tls.key" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced secret |
5.1.27. .status
- Description
- ConsoleStatus defines the observed status of the Console.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
5.1.28. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
5.1.29. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
5.1.30. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
5.1.31. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
5.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/consoles
-
DELETE
: delete collection of Console -
GET
: list objects of kind Console -
POST
: create a Console
-
/apis/operator.openshift.io/v1/consoles/{name}
-
DELETE
: delete a Console -
GET
: read the specified Console -
PATCH
: partially update the specified Console -
PUT
: replace the specified Console
-
/apis/operator.openshift.io/v1/consoles/{name}/status
-
GET
: read status of the specified Console -
PATCH
: partially update status of the specified Console -
PUT
: replace status of the specified Console
-
5.2.1. /apis/operator.openshift.io/v1/consoles
- HTTP method
-
DELETE
- Description
- delete collection of Console
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Console
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a Console
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
5.2.2. /apis/operator.openshift.io/v1/consoles/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Console |
- HTTP method
-
DELETE
- Description
- delete a Console
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Console
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Console
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Console
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
5.2.3. /apis/operator.openshift.io/v1/consoles/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the Console |
- HTTP method
-
GET
- Description
- read status of the specified Console
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified Console
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified Console
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 6. Config [operator.openshift.io/v1]
- Description
- Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
6.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the Config Operator. |
|
| status defines the observed status of the Config Operator. |
6.1.1. .spec
- Description
- spec is the specification of the desired behavior of the Config Operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
6.1.2. .status
- Description
- status defines the observed status of the Config Operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
6.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
6.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
6.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
6.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
6.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/configs
-
DELETE
: delete collection of Config -
GET
: list objects of kind Config -
POST
: create a Config
-
/apis/operator.openshift.io/v1/configs/{name}
-
DELETE
: delete a Config -
GET
: read the specified Config -
PATCH
: partially update the specified Config -
PUT
: replace the specified Config
-
/apis/operator.openshift.io/v1/configs/{name}/status
-
GET
: read status of the specified Config -
PATCH
: partially update status of the specified Config -
PUT
: replace status of the specified Config
-
6.2.1. /apis/operator.openshift.io/v1/configs
- HTTP method
-
DELETE
- Description
- delete collection of Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
6.2.2. /apis/operator.openshift.io/v1/configs/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Config |
- HTTP method
-
DELETE
- Description
- delete a Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
6.2.3. /apis/operator.openshift.io/v1/configs/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the Config |
- HTTP method
-
GET
- Description
- read status of the specified Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 7. Config [imageregistry.operator.openshift.io/v1]
- Description
- Config is the configuration object for a registry instance managed by the registry operator Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
metadata
-
spec
-
7.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| ImageRegistrySpec defines the specs for the running registry. |
|
| ImageRegistryStatus reports image registry operational status. |
7.1.1. .spec
- Description
- ImageRegistrySpec defines the specs for the running registry.
- Type
-
object
- Required
-
replicas
-
Property | Type | Description |
---|---|---|
|
| affinity is a group of node affinity scheduling rules for the image registry pod(s). |
|
| defaultRoute indicates whether an external facing route for the registry should be created using the default generated hostname. |
|
| disableRedirect controls whether to route all data through the Registry, rather than redirecting to the backend. |
|
| httpSecret is the value needed by the registry to secure uploads, generated by default. |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| logging is deprecated, use logLevel instead. |
|
| managementState indicates whether and how the operator should manage the component |
|
| nodeSelector defines the node selection constraints for the registry pod. |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| proxy defines the proxy to be used when calling master api, upstream registries, etc. |
|
| readOnly indicates whether the registry instance should reject attempts to push new images or delete existing ones. |
|
| replicas determines the number of registry instances to run. |
|
| requests controls how many parallel requests a given registry instance will handle before queuing additional requests. |
|
| resources defines the resource requests+limits for the registry pod. |
|
| rolloutStrategy defines rollout strategy for the image registry deployment. |
|
| routes defines additional external facing routes which should be created for the registry. |
|
| ImageRegistryConfigRoute holds information on external route access to image registry. |
|
| storage details for configuring registry storage, e.g. S3 bucket coordinates. |
|
| tolerations defines the tolerations for the registry pod. |
|
| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. |
|
| topologySpreadConstraints specify how to spread matching pods among the given topology. |
|
| TopologySpreadConstraint specifies how to spread matching pods among the given topology. |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
7.1.2. .spec.affinity
- Description
- affinity is a group of node affinity scheduling rules for the image registry pod(s).
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Describes node affinity scheduling rules for the pod. |
|
| Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). |
|
| Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). |
7.1.3. .spec.affinity.nodeAffinity
- Description
- Describes node affinity scheduling rules for the pod.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. |
|
| An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). |
|
| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. |
7.1.4. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution
- Description
- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
- Type
-
array
7.1.5. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
- Description
- An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- Type
-
object
- Required
-
preference
-
weight
-
Property | Type | Description |
---|---|---|
|
| A node selector term, associated with the corresponding weight. |
|
| Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. |
7.1.6. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference
- Description
- A node selector term, associated with the corresponding weight.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| A list of node selector requirements by node’s labels. |
|
| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| A list of node selector requirements by node’s fields. |
|
| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
7.1.7. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions
- Description
- A list of node selector requirements by node’s labels.
- Type
-
array
7.1.8. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[]
- Description
- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| The label key that the selector applies to. |
|
| Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
7.1.9. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields
- Description
- A list of node selector requirements by node’s fields.
- Type
-
array
7.1.10. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields[]
- Description
- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| The label key that the selector applies to. |
|
| Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
7.1.11. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
- Description
- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
- Type
-
object
- Required
-
nodeSelectorTerms
-
Property | Type | Description |
---|---|---|
|
| Required. A list of node selector terms. The terms are ORed. |
|
| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. |
7.1.12. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms
- Description
- Required. A list of node selector terms. The terms are ORed.
- Type
-
array
7.1.13. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[]
- Description
- A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| A list of node selector requirements by node’s labels. |
|
| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| A list of node selector requirements by node’s fields. |
|
| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
7.1.14. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions
- Description
- A list of node selector requirements by node’s labels.
- Type
-
array
7.1.15. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[]
- Description
- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| The label key that the selector applies to. |
|
| Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
7.1.16. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields
- Description
- A list of node selector requirements by node’s fields.
- Type
-
array
7.1.17. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields[]
- Description
- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| The label key that the selector applies to. |
|
| Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
7.1.18. .spec.affinity.podAffinity
- Description
- Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
- Type
-
object
Property | Type | Description |
---|---|---|
|
| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. |
|
| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) |
|
| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. |
|
| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running |
7.1.19. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution
- Description
- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
- Type
-
array
7.1.20. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
- Description
- The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
- Type
-
object
- Required
-
podAffinityTerm
-
weight
-
Property | Type | Description |
---|---|---|
|
| Required. A pod affinity term, associated with the corresponding weight. |
|
| weight associated with matching the corresponding podAffinityTerm, in the range 1-100. |
7.1.21. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
- Description
- Required. A pod affinity term, associated with the corresponding weight.
- Type
-
object
- Required
-
topologyKey
-
Property | Type | Description |
---|---|---|
|
| A label query over a set of resources, in this case pods. |
|
| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
7.1.22. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector
- Description
- A label query over a set of resources, in this case pods.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
7.1.23. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
7.1.24. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
7.1.25. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector
- Description
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
7.1.26. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
7.1.27. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
7.1.28. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution
- Description
- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
- Type
-
array
7.1.29. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
- Description
- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
- Type
-
object
- Required
-
topologyKey
-
Property | Type | Description |
---|---|---|
|
| A label query over a set of resources, in this case pods. |
|
| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
7.1.30. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector
- Description
- A label query over a set of resources, in this case pods.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
7.1.31. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
7.1.32. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
7.1.33. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector
- Description
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
7.1.34. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
7.1.35. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
7.1.36. .spec.affinity.podAntiAffinity
- Description
- Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
- Type
-
object
Property | Type | Description |
---|---|---|
|
| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. |
|
| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) |
|
| If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. |
|
| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running |
7.1.37. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution
- Description
- The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
- Type
-
array
7.1.38. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
- Description
- The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
- Type
-
object
- Required
-
podAffinityTerm
-
weight
-
Property | Type | Description |
---|---|---|
|
| Required. A pod affinity term, associated with the corresponding weight. |
|
| weight associated with matching the corresponding podAffinityTerm, in the range 1-100. |
7.1.39. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
- Description
- Required. A pod affinity term, associated with the corresponding weight.
- Type
-
object
- Required
-
topologyKey
-
Property | Type | Description |
---|---|---|
|
| A label query over a set of resources, in this case pods. |
|
| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
7.1.40. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector
- Description
- A label query over a set of resources, in this case pods.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
7.1.41. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
7.1.42. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
7.1.43. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector
- Description
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
7.1.44. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
7.1.45. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
7.1.46. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution
- Description
- If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
- Type
-
array
7.1.47. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
- Description
- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
- Type
-
object
- Required
-
topologyKey
-
Property | Type | Description |
---|---|---|
|
| A label query over a set of resources, in this case pods. |
|
| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
7.1.48. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector
- Description
- A label query over a set of resources, in this case pods.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
7.1.49. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
7.1.50. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
7.1.51. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector
- Description
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
7.1.52. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
7.1.53. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
7.1.54. .spec.proxy
- Description
- proxy defines the proxy to be used when calling master api, upstream registries, etc.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| http defines the proxy to be used by the image registry when accessing HTTP endpoints. |
|
| https defines the proxy to be used by the image registry when accessing HTTPS endpoints. |
|
| noProxy defines a comma-separated list of host names that shouldn’t go through any proxy. |
7.1.55. .spec.requests
- Description
- requests controls how many parallel requests a given registry instance will handle before queuing additional requests.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| read defines limits for image registry’s reads. |
|
| write defines limits for image registry’s writes. |
7.1.56. .spec.requests.read
- Description
- read defines limits for image registry’s reads.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| maxInQueue sets the maximum queued api requests to the registry. |
|
| maxRunning sets the maximum in flight api requests to the registry. |
|
| maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected. |
7.1.57. .spec.requests.write
- Description
- write defines limits for image registry’s writes.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| maxInQueue sets the maximum queued api requests to the registry. |
|
| maxRunning sets the maximum in flight api requests to the registry. |
|
| maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected. |
7.1.58. .spec.resources
- Description
- resources defines the resource requests+limits for the registry pod.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
|
| ResourceClaim references one entry in PodSpec.ResourceClaims. |
|
| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
7.1.59. .spec.resources.claims
- Description
- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
- Type
-
array
7.1.60. .spec.resources.claims[]
- Description
- ResourceClaim references one entry in PodSpec.ResourceClaims.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
7.1.61. .spec.routes
- Description
- routes defines additional external facing routes which should be created for the registry.
- Type
-
array
7.1.62. .spec.routes[]
- Description
- ImageRegistryConfigRoute holds information on external route access to image registry.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| hostname for the route. |
|
| name of the route to be created. |
|
| secretName points to secret containing the certificates to be used by the route. |
7.1.63. .spec.storage
- Description
- storage details for configuring registry storage, e.g. S3 bucket coordinates.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| azure represents configuration that uses Azure Blob Storage. |
|
| emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever. |
|
| gcs represents configuration that uses Google Cloud Storage. |
|
| ibmcos represents configuration that uses IBM Cloud Object Storage. |
|
| managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed. |
|
| Oss represents configuration that uses Alibaba Cloud Object Storage Service. |
|
| pvc represents configuration that uses a PersistentVolumeClaim. |
|
| s3 represents configuration that uses Amazon Simple Storage Service. |
|
| swift represents configuration that uses OpenStack Object Storage. |
7.1.64. .spec.storage.azure
- Description
- azure represents configuration that uses Azure Blob Storage.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| accountName defines the account to be used by the registry. |
|
| cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object. |
|
| container defines Azure’s container to be used by registry. |
|
| networkAccess defines the network access properties for the storage account. Defaults to type: External. |
7.1.65. .spec.storage.azure.networkAccess
- Description
- networkAccess defines the network access properties for the storage account. Defaults to type: External.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name. |
|
| type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: External means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster’s vnet. External storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateEndpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateEndpointName. Defaults to "External". |
7.1.66. .spec.storage.azure.networkAccess.internal
- Description
- internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| networkResourceGroupName is the resource group name where the cluster’s vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period. |
|
| privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore. |
|
|
subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the |
|
|
vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the |
7.1.67. .spec.storage.emptyDir
- Description
- emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.
- Type
-
object
7.1.68. .spec.storage.gcs
- Description
- gcs represents configuration that uses Google Cloud Storage.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided. |
|
| keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key. |
|
| projectID is the Project ID of the GCP project that this bucket should be associated with. |
|
| region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region. |
7.1.69. .spec.storage.ibmcos
- Description
- ibmcos represents configuration that uses IBM Cloud Object Storage.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided. |
|
| location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location. |
|
| resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group. |
|
| resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided. |
|
| serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided. |
7.1.70. .spec.storage.oss
- Description
- Oss represents configuration that uses Alibaba Cloud Object Storage Service.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Bucket is the bucket name in which you want to store the registry’s data. About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be autogenerated in the form of <clusterid>-image-registry-<region>-<random string 27 chars> |
|
| Encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm) |
|
|
EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is |
|
| Region is the Alibaba Cloud Region in which your bucket exists. For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be based on the installed Alibaba Cloud Region. |
7.1.71. .spec.storage.oss.encryption
- Description
- Encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)
- Type
-
object
Property | Type | Description |
---|---|---|
|
| KMS (key management service) is an encryption type that holds the struct for KMS KeyID |
|
|
Method defines the different encrytion modes available Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is |
7.1.72. .spec.storage.oss.encryption.kms
- Description
- KMS (key management service) is an encryption type that holds the struct for KMS KeyID
- Type
-
object
- Required
-
keyID
-
Property | Type | Description |
---|---|---|
|
| KeyID holds the KMS encryption key ID |
7.1.73. .spec.storage.pvc
- Description
- pvc represents configuration that uses a PersistentVolumeClaim.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| claim defines the Persisent Volume Claim’s name to be used. |
7.1.74. .spec.storage.s3
- Description
- s3 represents configuration that uses Amazon Simple Storage Service.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided. |
|
| cloudFront configures Amazon Cloudfront as the storage middleware in a registry. |
|
| encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false. |
|
| keyID is the KMS key ID to use for encryption. Optional, Encrypt must be true, or this parameter is ignored. |
|
| region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region. |
|
| regionEndpoint is the endpoint for S3 compatible storage services. It should be a valid URL with scheme, e.g. https://s3.example.com. Optional, defaults based on the Region that is provided. |
|
| trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt". |
|
| virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom RegionEndpoint Optional, defaults to false. |
7.1.75. .spec.storage.s3.cloudFront
- Description
- cloudFront configures Amazon Cloudfront as the storage middleware in a registry.
- Type
-
object
- Required
-
baseURL
-
keypairID
-
privateKey
-
Property | Type | Description |
---|---|---|
|
| baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served. |
|
| duration is the duration of the Cloudfront session. |
|
| keypairID is key pair ID provided by AWS. |
|
| privateKey points to secret containing the private key, provided by AWS. |
7.1.76. .spec.storage.s3.cloudFront.privateKey
- Description
- privateKey points to secret containing the private key, provided by AWS.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
| Specify whether the Secret or its key must be defined |
7.1.77. .spec.storage.s3.trustedCA
- Description
- trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".
- Type
-
object
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map. This field must adhere to standard config map naming restrictions. The name must consist solely of alphanumeric characters, hyphens (-) and periods (.). It has a maximum length of 253 characters. If this field is not specified or is empty string, the default trust bundle will be used. |
7.1.78. .spec.storage.swift
- Description
- swift represents configuration that uses OpenStack Object Storage.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| authURL defines the URL for obtaining an authentication token. |
|
| authVersion specifies the OpenStack Auth’s version. |
|
| container defines the name of Swift container where to store the registry’s data. |
|
| domain specifies Openstack’s domain name for Identity v3 API. |
|
| domainID specifies Openstack’s domain id for Identity v3 API. |
|
| regionName defines Openstack’s region in which container exists. |
|
| tenant defines Openstack tenant name to be used by registry. |
|
| tenant defines Openstack tenant id to be used by registry. |
7.1.79. .spec.tolerations
- Description
- tolerations defines the tolerations for the registry pod.
- Type
-
array
7.1.80. .spec.tolerations[]
- Description
- The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. |
|
| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. |
|
| Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. |
|
| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. |
|
| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. |
7.1.81. .spec.topologySpreadConstraints
- Description
- topologySpreadConstraints specify how to spread matching pods among the given topology.
- Type
-
array
7.1.82. .spec.topologySpreadConstraints[]
- Description
- TopologySpreadConstraint specifies how to spread matching pods among the given topology.
- Type
-
object
- Required
-
maxSkew
-
topologyKey
-
whenUnsatisfiable
-
Property | Type | Description |
---|---|---|
|
| LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. |
|
| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn’t set. Keys that don’t exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). |
|
|
MaxSkew describes the degree to which pods may be unevenly distributed. When |
|
| MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won’t schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). |
|
| NodeAffinityPolicy indicates how we will treat Pod’s nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. |
|
| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. |
|
| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It’s a required field. |
|
| WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won’t make it more imbalanced. It’s a required field. |
7.1.83. .spec.topologySpreadConstraints[].labelSelector
- Description
- LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
7.1.84. .spec.topologySpreadConstraints[].labelSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
7.1.85. .spec.topologySpreadConstraints[].labelSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
7.1.86. .status
- Description
- ImageRegistryStatus reports image registry operational status.
- Type
-
object
- Required
-
storage
-
storageManaged
-
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| storage indicates the current applied storage configuration of the registry. |
|
| storageManaged is deprecated, please refer to Storage.managementState |
|
| version is the level this availability applies to |
7.1.87. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
7.1.88. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
7.1.89. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
7.1.90. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
7.1.91. .status.storage
- Description
- storage indicates the current applied storage configuration of the registry.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| azure represents configuration that uses Azure Blob Storage. |
|
| emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever. |
|
| gcs represents configuration that uses Google Cloud Storage. |
|
| ibmcos represents configuration that uses IBM Cloud Object Storage. |
|
| managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed. |
|
| Oss represents configuration that uses Alibaba Cloud Object Storage Service. |
|
| pvc represents configuration that uses a PersistentVolumeClaim. |
|
| s3 represents configuration that uses Amazon Simple Storage Service. |
|
| swift represents configuration that uses OpenStack Object Storage. |
7.1.92. .status.storage.azure
- Description
- azure represents configuration that uses Azure Blob Storage.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| accountName defines the account to be used by the registry. |
|
| cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object. |
|
| container defines Azure’s container to be used by registry. |
|
| networkAccess defines the network access properties for the storage account. Defaults to type: External. |
7.1.93. .status.storage.azure.networkAccess
- Description
- networkAccess defines the network access properties for the storage account. Defaults to type: External.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name. |
|
| type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: External means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster’s vnet. External storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateEndpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateEndpointName. Defaults to "External". |
7.1.94. .status.storage.azure.networkAccess.internal
- Description
- internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| networkResourceGroupName is the resource group name where the cluster’s vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period. |
|
| privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore. |
|
|
subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the |
|
|
vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the |
7.1.95. .status.storage.emptyDir
- Description
- emptyDir represents ephemeral storage on the pod’s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.
- Type
-
object
7.1.96. .status.storage.gcs
- Description
- gcs represents configuration that uses Google Cloud Storage.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided. |
|
| keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key. |
|
| projectID is the Project ID of the GCP project that this bucket should be associated with. |
|
| region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region. |
7.1.97. .status.storage.ibmcos
- Description
- ibmcos represents configuration that uses IBM Cloud Object Storage.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided. |
|
| location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location. |
|
| resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group. |
|
| resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided. |
|
| serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided. |
7.1.98. .status.storage.oss
- Description
- Oss represents configuration that uses Alibaba Cloud Object Storage Service.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Bucket is the bucket name in which you want to store the registry’s data. About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be autogenerated in the form of <clusterid>-image-registry-<region>-<random string 27 chars> |
|
| Encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm) |
|
|
EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is |
|
| Region is the Alibaba Cloud Region in which your bucket exists. For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default will be based on the installed Alibaba Cloud Region. |
7.1.99. .status.storage.oss.encryption
- Description
- Encryption specifies whether you would like your data encrypted on the server side. More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)
- Type
-
object
Property | Type | Description |
---|---|---|
|
| KMS (key management service) is an encryption type that holds the struct for KMS KeyID |
|
|
Method defines the different encrytion modes available Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is |
7.1.100. .status.storage.oss.encryption.kms
- Description
- KMS (key management service) is an encryption type that holds the struct for KMS KeyID
- Type
-
object
- Required
-
keyID
-
Property | Type | Description |
---|---|---|
|
| KeyID holds the KMS encryption key ID |
7.1.101. .status.storage.pvc
- Description
- pvc represents configuration that uses a PersistentVolumeClaim.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| claim defines the Persisent Volume Claim’s name to be used. |
7.1.102. .status.storage.s3
- Description
- s3 represents configuration that uses Amazon Simple Storage Service.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| bucket is the bucket name in which you want to store the registry’s data. Optional, will be generated if not provided. |
|
| cloudFront configures Amazon Cloudfront as the storage middleware in a registry. |
|
| encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false. |
|
| keyID is the KMS key ID to use for encryption. Optional, Encrypt must be true, or this parameter is ignored. |
|
| region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region. |
|
| regionEndpoint is the endpoint for S3 compatible storage services. It should be a valid URL with scheme, e.g. https://s3.example.com. Optional, defaults based on the Region that is provided. |
|
| trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt". |
|
| virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom RegionEndpoint Optional, defaults to false. |
7.1.103. .status.storage.s3.cloudFront
- Description
- cloudFront configures Amazon Cloudfront as the storage middleware in a registry.
- Type
-
object
- Required
-
baseURL
-
keypairID
-
privateKey
-
Property | Type | Description |
---|---|---|
|
| baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served. |
|
| duration is the duration of the Cloudfront session. |
|
| keypairID is key pair ID provided by AWS. |
|
| privateKey points to secret containing the private key, provided by AWS. |
7.1.104. .status.storage.s3.cloudFront.privateKey
- Description
- privateKey points to secret containing the private key, provided by AWS.
- Type
-
object
- Required
-
key
-
Property | Type | Description |
---|---|---|
|
| The key of the secret to select from. Must be a valid secret key. |
|
| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
|
| Specify whether the Secret or its key must be defined |
7.1.105. .status.storage.s3.trustedCA
- Description
- trustedCA is a reference to a config map containing a CA bundle. The image registry and its operator use certificates from this bundle to verify S3 server certificates. The namespace for the config map referenced by trustedCA is "openshift-config". The key for the bundle in the config map is "ca-bundle.crt".
- Type
-
object
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map. This field must adhere to standard config map naming restrictions. The name must consist solely of alphanumeric characters, hyphens (-) and periods (.). It has a maximum length of 253 characters. If this field is not specified or is empty string, the default trust bundle will be used. |
7.1.106. .status.storage.swift
- Description
- swift represents configuration that uses OpenStack Object Storage.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| authURL defines the URL for obtaining an authentication token. |
|
| authVersion specifies the OpenStack Auth’s version. |
|
| container defines the name of Swift container where to store the registry’s data. |
|
| domain specifies Openstack’s domain name for Identity v3 API. |
|
| domainID specifies Openstack’s domain id for Identity v3 API. |
|
| regionName defines Openstack’s region in which container exists. |
|
| tenant defines Openstack tenant name to be used by registry. |
|
| tenant defines Openstack tenant id to be used by registry. |
7.2. API endpoints
The following API endpoints are available:
/apis/imageregistry.operator.openshift.io/v1/configs
-
DELETE
: delete collection of Config -
GET
: list objects of kind Config -
POST
: create a Config
-
/apis/imageregistry.operator.openshift.io/v1/configs/{name}
-
DELETE
: delete a Config -
GET
: read the specified Config -
PATCH
: partially update the specified Config -
PUT
: replace the specified Config
-
/apis/imageregistry.operator.openshift.io/v1/configs/{name}/status
-
GET
: read status of the specified Config -
PATCH
: partially update status of the specified Config -
PUT
: replace status of the specified Config
-
7.2.1. /apis/imageregistry.operator.openshift.io/v1/configs
- HTTP method
-
DELETE
- Description
- delete collection of Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
7.2.2. /apis/imageregistry.operator.openshift.io/v1/configs/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Config |
- HTTP method
-
DELETE
- Description
- delete a Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
7.2.3. /apis/imageregistry.operator.openshift.io/v1/configs/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the Config |
- HTTP method
-
GET
- Description
- read status of the specified Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 8. Config [samples.operator.openshift.io/v1]
- Description
- Config contains the configuration and detailed condition status for the Samples Operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
metadata
-
spec
-
8.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace. |
|
| ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator. |
8.1.1. .spec
- Description
- ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently. |
|
| managementState is top level on/off type of switch for all operators. When "Managed", this operator processes config and manipulates the samples accordingly. When "Unmanaged", this operator ignores any updates to the resources it watches. When "Removed", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator’s namespace that represents the last config used to manipulate the samples, |
|
| samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io. |
|
| skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here. |
|
| skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here. |
8.1.2. .status
- Description
- ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| architectures determine which hardware architecture(s) to install, where x86_64 and ppc64le are the supported choices. |
|
| conditions represents the available maintenance status of the sample imagestreams and templates. |
|
| ConfigCondition captures various conditions of the Config as entries are processed. |
|
| managementState reflects the current operational status of the on/off switch for the operator. This operator compares the ManagementState as part of determining that we are turning the operator back on (i.e. "Managed") when it was previously "Unmanaged". |
|
| samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io. |
|
| skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here. |
|
| skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here. |
|
| version is the value of the operator’s payload based version indicator when it was last successfully processed |
8.1.3. .status.conditions
- Description
- conditions represents the available maintenance status of the sample imagestreams and templates.
- Type
-
array
8.1.4. .status.conditions[]
- Description
- ConfigCondition captures various conditions of the Config as entries are processed.
- Type
-
object
- Required
-
status
-
type
-
Property | Type | Description |
---|---|---|
|
| lastTransitionTime is the last time the condition transitioned from one status to another. |
|
| lastUpdateTime is the last time this condition was updated. |
|
| message is a human readable message indicating details about the transition. |
|
| reason is what caused the condition’s last transition. |
|
| status of the condition, one of True, False, Unknown. |
|
| type of condition. |
8.2. API endpoints
The following API endpoints are available:
/apis/samples.operator.openshift.io/v1/configs
-
DELETE
: delete collection of Config -
GET
: list objects of kind Config -
POST
: create a Config
-
/apis/samples.operator.openshift.io/v1/configs/{name}
-
DELETE
: delete a Config -
GET
: read the specified Config -
PATCH
: partially update the specified Config -
PUT
: replace the specified Config
-
/apis/samples.operator.openshift.io/v1/configs/{name}/status
-
GET
: read status of the specified Config -
PATCH
: partially update status of the specified Config -
PUT
: replace status of the specified Config
-
8.2.1. /apis/samples.operator.openshift.io/v1/configs
- HTTP method
-
DELETE
- Description
- delete collection of Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
8.2.2. /apis/samples.operator.openshift.io/v1/configs/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Config |
- HTTP method
-
DELETE
- Description
- delete a Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
8.2.3. /apis/samples.operator.openshift.io/v1/configs/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the Config |
- HTTP method
-
GET
- Description
- read status of the specified Config
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified Config
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 9. CSISnapshotController [operator.openshift.io/v1]
- Description
-
CSISnapshotController provides a means to configure an operator to manage the CSI snapshots.
cluster
is the canonical name. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
- Required
-
spec
-
9.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec holds user settable values for configuration |
|
| status holds observed values from the cluster. They may not be overridden. |
9.1.1. .spec
- Description
- spec holds user settable values for configuration
- Type
-
object
Property | Type | Description |
---|---|---|
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
9.1.2. .status
- Description
- status holds observed values from the cluster. They may not be overridden.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
9.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
9.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
9.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
9.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
9.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/csisnapshotcontrollers
-
DELETE
: delete collection of CSISnapshotController -
GET
: list objects of kind CSISnapshotController -
POST
: create a CSISnapshotController
-
/apis/operator.openshift.io/v1/csisnapshotcontrollers/{name}
-
DELETE
: delete a CSISnapshotController -
GET
: read the specified CSISnapshotController -
PATCH
: partially update the specified CSISnapshotController -
PUT
: replace the specified CSISnapshotController
-
/apis/operator.openshift.io/v1/csisnapshotcontrollers/{name}/status
-
GET
: read status of the specified CSISnapshotController -
PATCH
: partially update status of the specified CSISnapshotController -
PUT
: replace status of the specified CSISnapshotController
-
9.2.1. /apis/operator.openshift.io/v1/csisnapshotcontrollers
- HTTP method
-
DELETE
- Description
- delete collection of CSISnapshotController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind CSISnapshotController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a CSISnapshotController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
9.2.2. /apis/operator.openshift.io/v1/csisnapshotcontrollers/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the CSISnapshotController |
- HTTP method
-
DELETE
- Description
- delete a CSISnapshotController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified CSISnapshotController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified CSISnapshotController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified CSISnapshotController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
9.2.3. /apis/operator.openshift.io/v1/csisnapshotcontrollers/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the CSISnapshotController |
- HTTP method
-
GET
- Description
- read status of the specified CSISnapshotController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified CSISnapshotController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified CSISnapshotController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 10. DNS [operator.openshift.io/v1]
- Description
- DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster. This supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
10.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the DNS. |
|
| status is the most recently observed status of the DNS. |
10.1.1. .spec
- Description
- spec is the specification of the desired behavior of the DNS.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift. |
|
| logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses. Setting logLevel: Trace will produce extremely verbose logs. Valid values are: "Normal", "Debug", "Trace". Defaults to "Normal". |
|
| managementState indicates whether the DNS operator should manage cluster DNS |
|
| nodePlacement provides explicit control over the scheduling of DNS pods. Generally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint. If unset, defaults are used. See nodePlacement for more details. |
|
| operatorLogLevel controls the logging level of the DNS Operator. Valid values are: "Normal", "Debug", "Trace". Defaults to "Normal". setting operatorLogLevel: Trace will produce extremely verbose logs. |
|
| servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server. For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", and the name query is for "www.a.foo.com", it will be routed to the Server with Zone "a.foo.com". If this field is nil, no servers are created. |
|
| Server defines the schema for a server that runs per instance of CoreDNS. |
|
| upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (".") server If this field is not specified, the upstream used will default to /etc/resolv.conf, with policy "sequential" |
10.1.2. .spec.cache
- Description
- cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| negativeTTL is optional and specifies the amount of time that a negative response should be cached. If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change. |
|
| positiveTTL is optional and specifies the amount of time that a positive response should be cached. If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change. |
10.1.3. .spec.nodePlacement
- Description
- nodePlacement provides explicit control over the scheduling of DNS pods. Generally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint. If unset, defaults are used. See nodePlacement for more details.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| nodeSelector is the node selector applied to DNS pods. If empty, the default is used, which is currently the following: kubernetes.io/os: linux This default is subject to change. If set, the specified selector is used and replaces the default. |
|
| tolerations is a list of tolerations applied to DNS pods. If empty, the DNS operator sets a toleration for the "node-role.kubernetes.io/master" taint. This default is subject to change. Specifying tolerations without including a toleration for the "node-role.kubernetes.io/master" taint may be risky as it could lead to an outage if all worker nodes become unavailable. Note that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
|
| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. |
10.1.4. .spec.nodePlacement.tolerations
- Description
- tolerations is a list of tolerations applied to DNS pods. If empty, the DNS operator sets a toleration for the "node-role.kubernetes.io/master" taint. This default is subject to change. Specifying tolerations without including a toleration for the "node-role.kubernetes.io/master" taint may be risky as it could lead to an outage if all worker nodes become unavailable. Note that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
- Type
-
array
10.1.5. .spec.nodePlacement.tolerations[]
- Description
- The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. |
|
| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. |
|
| Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. |
|
| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. |
|
| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. |
10.1.6. .spec.servers
- Description
- servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server. For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", and the name query is for "www.a.foo.com", it will be routed to the Server with Zone "a.foo.com". If this field is nil, no servers are created.
- Type
-
array
10.1.7. .spec.servers[]
- Description
- Server defines the schema for a server that runs per instance of CoreDNS.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers. |
|
| name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335. |
|
| zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., "cluster.local") is invalid. |
10.1.8. .spec.servers[].forwardPlugin
- Description
- forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: * "Random" picks a random upstream server for each query. * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. The default value is "Random" |
|
| protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are "TCP" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. "TCP" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. "TCP" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS. |
|
| transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver. |
|
| upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53. A maximum of 15 upstreams is allowed per ForwardPlugin. |
10.1.9. .spec.servers[].forwardPlugin.transportConfig
- Description
- transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| tls contains the additional configuration options to use when Transport is set to "TLS". |
|
| transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). Possible values: "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is "Cleartext". "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from "TLS" to "Cleartext" explicitly. "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. |
10.1.10. .spec.servers[].forwardPlugin.transportConfig.tls
- Description
- tls contains the additional configuration options to use when Transport is set to "TLS".
- Type
-
object
- Required
-
serverName
-
Property | Type | Description |
---|---|---|
|
|
caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. 1. The configmap must contain a |
|
| serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s). |
10.1.11. .spec.servers[].forwardPlugin.transportConfig.tls.caBundle
- Description
-
caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. 1. The configmap must contain a
ca-bundle.crt
key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. - Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
10.1.12. .spec.upstreamResolvers
- Description
- upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (".") server If this field is not specified, the upstream used will default to /etc/resolv.conf, with policy "sequential"
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: * "Random" picks a random upstream server for each query. * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. The default value is "Sequential" |
|
| protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are "TCP" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. "TCP" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. "TCP" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS. |
|
| transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver. |
|
| Upstreams is a list of resolvers to forward name queries for the "." domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. A maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default |
|
| Upstream can either be of type SystemResolvConf, or of type Network. * For an Upstream of type SystemResolvConf, no further fields are necessary: The upstream will be configured to use /etc/resolv.conf. * For an Upstream of type Network, a NetworkResolver field needs to be defined with an IP address or IP:port if the upstream listens on a port other than 53. |
10.1.13. .spec.upstreamResolvers.transportConfig
- Description
- transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| tls contains the additional configuration options to use when Transport is set to "TLS". |
|
| transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). Possible values: "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is "Cleartext". "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from "TLS" to "Cleartext" explicitly. "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. |
10.1.14. .spec.upstreamResolvers.transportConfig.tls
- Description
- tls contains the additional configuration options to use when Transport is set to "TLS".
- Type
-
object
- Required
-
serverName
-
Property | Type | Description |
---|---|---|
|
|
caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. 1. The configmap must contain a |
|
| serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s). |
10.1.15. .spec.upstreamResolvers.transportConfig.tls.caBundle
- Description
-
caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. 1. The configmap must contain a
ca-bundle.crt
key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. - Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
10.1.16. .spec.upstreamResolvers.upstreams
- Description
- Upstreams is a list of resolvers to forward name queries for the "." domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. A maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default
- Type
-
array
10.1.17. .spec.upstreamResolvers.upstreams[]
- Description
- Upstream can either be of type SystemResolvConf, or of type Network. * For an Upstream of type SystemResolvConf, no further fields are necessary: The upstream will be configured to use /etc/resolv.conf. * For an Upstream of type Network, a NetworkResolver field needs to be defined with an IP address or IP:port if the upstream listens on a port other than 53.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| Address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address. |
|
| Port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535 |
|
| Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network. * When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: /etc/resolv.conf will be used * When Network is used, the Upstream structure must contain at least an Address |
10.1.18. .status
- Description
- status is the most recently observed status of the DNS.
- Type
-
object
- Required
-
clusterDomain
-
clusterIP
-
Property | Type | Description |
---|---|---|
|
| clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: "cluster.local" More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service |
|
| clusterIP is the service IP through which this DNS is made available. In the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy. In general, this IP can be specified in a pod’s spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @<service IP> More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies |
|
| conditions provide information about the state of the DNS on the cluster. These are the supported DNS conditions: * Available - True if the following conditions are met: * DNS controller daemonset is available. - False if any of those conditions are unsatisfied. |
|
| OperatorCondition is just the standard condition fields. |
10.1.19. .status.conditions
- Description
- conditions provide information about the state of the DNS on the cluster. These are the supported DNS conditions: * Available - True if the following conditions are met: * DNS controller daemonset is available. - False if any of those conditions are unsatisfied.
- Type
-
array
10.1.20. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
10.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/dnses
-
DELETE
: delete collection of DNS -
GET
: list objects of kind DNS -
POST
: create a DNS
-
/apis/operator.openshift.io/v1/dnses/{name}
-
DELETE
: delete a DNS -
GET
: read the specified DNS -
PATCH
: partially update the specified DNS -
PUT
: replace the specified DNS
-
/apis/operator.openshift.io/v1/dnses/{name}/status
-
GET
: read status of the specified DNS -
PATCH
: partially update status of the specified DNS -
PUT
: replace status of the specified DNS
-
10.2.1. /apis/operator.openshift.io/v1/dnses
- HTTP method
-
DELETE
- Description
- delete collection of DNS
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind DNS
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a DNS
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
10.2.2. /apis/operator.openshift.io/v1/dnses/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the DNS |
- HTTP method
-
DELETE
- Description
- delete a DNS
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified DNS
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified DNS
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified DNS
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
10.2.3. /apis/operator.openshift.io/v1/dnses/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the DNS |
- HTTP method
-
GET
- Description
- read status of the specified DNS
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified DNS
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified DNS
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 11. DNSRecord [ingress.operator.openshift.io/v1]
- Description
- DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. Cluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators. If DNSManagementPolicy is "Unmanaged", the operator will not be responsible for managing the DNS records on the cloud provider. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
11.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the dnsRecord. |
|
| status is the most recently observed status of the dnsRecord. |
11.1.1. .spec
- Description
- spec is the specification of the desired behavior of the dnsRecord.
- Type
-
object
- Required
-
dnsManagementPolicy
-
dnsName
-
recordTTL
-
recordType
-
targets
-
Property | Type | Description |
---|---|---|
|
| dnsManagementPolicy denotes the current policy applied on the DNS record. Records that have policy set as "Unmanaged" are ignored by the ingress operator. This means that the DNS record on the cloud provider is not managed by the operator, and the "Published" status condition will be updated to "Unknown" status, since it is externally managed. Any existing record on the cloud provider can be deleted at the discretion of the cluster admin. This field defaults to Managed. Valid values are "Managed" and "Unmanaged". |
|
| dnsName is the hostname of the DNS record |
|
| recordTTL is the record TTL in seconds. If zero, the default is 30. RecordTTL will not be used in AWS regions Alias targets, but will be used in CNAME targets, per AWS API contract. |
|
| recordType is the DNS record type. For example, "A" or "CNAME". |
|
| targets are record targets. |
11.1.2. .status
- Description
- status is the most recently observed status of the dnsRecord.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| observedGeneration is the most recently observed generation of the DNSRecord. When the DNSRecord is updated, the controller updates the corresponding record in each managed zone. If an update for a particular zone fails, that failure is recorded in the status condition for the zone so that the controller can determine that it needs to retry the update for that specific zone. |
|
| zones are the status of the record in each zone. |
|
| DNSZoneStatus is the status of a record within a specific zone. |
11.1.3. .status.zones
- Description
- zones are the status of the record in each zone.
- Type
-
array
11.1.4. .status.zones[]
- Description
- DNSZoneStatus is the status of a record within a specific zone.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions are any conditions associated with the record in the zone. If publishing the record succeeds, the "Published" condition will be set with status "True" and upon failure it will be set to "False" along with the reason and message describing the cause of the failure. |
|
| DNSZoneCondition is just the standard condition fields. |
|
| dnsZone is the zone where the record is published. |
11.1.5. .status.zones[].conditions
- Description
- conditions are any conditions associated with the record in the zone. If publishing the record succeeds, the "Published" condition will be set with status "True" and upon failure it will be set to "False" along with the reason and message describing the cause of the failure.
- Type
-
array
11.1.6. .status.zones[].conditions[]
- Description
- DNSZoneCondition is just the standard condition fields.
- Type
-
object
- Required
-
status
-
type
-
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
11.1.7. .status.zones[].dnsZone
- Description
- dnsZone is the zone where the record is published.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
id is the identifier that can be used to find the DNS hosted zone. on AWS zone can be fetched using |
|
|
tags can be used to query the DNS hosted zone. on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using |
11.2. API endpoints
The following API endpoints are available:
/apis/ingress.operator.openshift.io/v1/dnsrecords
-
GET
: list objects of kind DNSRecord
-
/apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords
-
DELETE
: delete collection of DNSRecord -
GET
: list objects of kind DNSRecord -
POST
: create a DNSRecord
-
/apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords/{name}
-
DELETE
: delete a DNSRecord -
GET
: read the specified DNSRecord -
PATCH
: partially update the specified DNSRecord -
PUT
: replace the specified DNSRecord
-
/apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords/{name}/status
-
GET
: read status of the specified DNSRecord -
PATCH
: partially update status of the specified DNSRecord -
PUT
: replace status of the specified DNSRecord
-
11.2.1. /apis/ingress.operator.openshift.io/v1/dnsrecords
- HTTP method
-
GET
- Description
- list objects of kind DNSRecord
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
11.2.2. /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords
- HTTP method
-
DELETE
- Description
- delete collection of DNSRecord
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind DNSRecord
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a DNSRecord
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
11.2.3. /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the DNSRecord |
- HTTP method
-
DELETE
- Description
- delete a DNSRecord
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified DNSRecord
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified DNSRecord
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified DNSRecord
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
11.2.4. /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the DNSRecord |
- HTTP method
-
GET
- Description
- read status of the specified DNSRecord
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified DNSRecord
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified DNSRecord
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 12. Etcd [operator.openshift.io/v1]
- Description
- Etcd provides information to configure an operator to manage etcd. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
12.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| |
|
|
12.1.1. .spec
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
|
| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
12.1.2. .status
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| latestAvailableRevision is the deploymentID of the most recent deployment |
|
| latestAvailableRevisionReason describe the detailed reason for the most recent deployment |
|
| nodeStatuses track the deployment values and errors across individual nodes |
|
| NodeStatus provides information about the current state of a particular node managed by this operator. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
12.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
12.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
12.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
12.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
12.1.7. .status.nodeStatuses
- Description
- nodeStatuses track the deployment values and errors across individual nodes
- Type
-
array
12.1.8. .status.nodeStatuses[]
- Description
- NodeStatus provides information about the current state of a particular node managed by this operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| currentRevision is the generation of the most recently successful deployment |
|
| lastFailedCount is how often the installer pod of the last failed revision failed. |
|
| lastFailedReason is a machine readable failure reason string. |
|
| lastFailedRevision is the generation of the deployment we tried and failed to deploy. |
|
| lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. |
|
| lastFailedTime is the time the last failed revision failed the last time. |
|
| lastFallbackCount is how often a fallback to a previous revision happened. |
|
| nodeName is the name of the node |
|
| targetRevision is the generation of the deployment we’re trying to apply |
12.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/etcds
-
DELETE
: delete collection of Etcd -
GET
: list objects of kind Etcd -
POST
: create an Etcd
-
/apis/operator.openshift.io/v1/etcds/{name}
-
DELETE
: delete an Etcd -
GET
: read the specified Etcd -
PATCH
: partially update the specified Etcd -
PUT
: replace the specified Etcd
-
/apis/operator.openshift.io/v1/etcds/{name}/status
-
GET
: read status of the specified Etcd -
PATCH
: partially update status of the specified Etcd -
PUT
: replace status of the specified Etcd
-
12.2.1. /apis/operator.openshift.io/v1/etcds
- HTTP method
-
DELETE
- Description
- delete collection of Etcd
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Etcd
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an Etcd
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
12.2.2. /apis/operator.openshift.io/v1/etcds/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Etcd |
- HTTP method
-
DELETE
- Description
- delete an Etcd
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Etcd
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Etcd
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Etcd
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
12.2.3. /apis/operator.openshift.io/v1/etcds/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the Etcd |
- HTTP method
-
GET
- Description
- read status of the specified Etcd
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified Etcd
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified Etcd
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 13. ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
- Description
- ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
- Type
-
object
- Required
-
spec
-
13.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec holds user settable values for configuration |
13.1.1. .spec
- Description
- spec holds user settable values for configuration
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors |
|
| RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests. |
13.1.2. .spec.repositoryDigestMirrors
- Description
-
repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors
a, b, c
and policy B has mirrorsc, d, e
, the mirrors will be used in the ordera, b, c, d, e
. If the orders of mirror entries conflict (e.g.a, b
vs.b, a
) the configuration is not rejected but the resulting order is unspecified. - Type
-
array
13.1.3. .spec.repositoryDigestMirrors[]
- Description
- RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.
- Type
-
object
- Required
-
source
-
Property | Type | Description |
---|---|---|
|
| mirrors is one or more repositories that may also contain the same images. The order of mirrors in this list is treated as the user’s desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. |
|
| source is the repository that users refer to, e.g. in image pull specifications. |
13.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies
-
DELETE
: delete collection of ImageContentSourcePolicy -
GET
: list objects of kind ImageContentSourcePolicy -
POST
: create an ImageContentSourcePolicy
-
/apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies/{name}
-
DELETE
: delete an ImageContentSourcePolicy -
GET
: read the specified ImageContentSourcePolicy -
PATCH
: partially update the specified ImageContentSourcePolicy -
PUT
: replace the specified ImageContentSourcePolicy
-
/apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies/{name}/status
-
GET
: read status of the specified ImageContentSourcePolicy -
PATCH
: partially update status of the specified ImageContentSourcePolicy -
PUT
: replace status of the specified ImageContentSourcePolicy
-
13.2.1. /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies
- HTTP method
-
DELETE
- Description
- delete collection of ImageContentSourcePolicy
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind ImageContentSourcePolicy
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an ImageContentSourcePolicy
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
13.2.2. /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the ImageContentSourcePolicy |
- HTTP method
-
DELETE
- Description
- delete an ImageContentSourcePolicy
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified ImageContentSourcePolicy
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified ImageContentSourcePolicy
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified ImageContentSourcePolicy
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
13.2.3. /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the ImageContentSourcePolicy |
- HTTP method
-
GET
- Description
- read status of the specified ImageContentSourcePolicy
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified ImageContentSourcePolicy
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified ImageContentSourcePolicy
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 14. ImagePruner [imageregistry.operator.openshift.io/v1]
- Description
- ImagePruner is the configuration object for an image registry pruner managed by the registry operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
metadata
-
spec
-
14.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| ImagePrunerSpec defines the specs for the running image pruner. |
|
| ImagePrunerStatus reports image pruner operational status. |
14.1.1. .spec
- Description
- ImagePrunerSpec defines the specs for the running image pruner.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| affinity is a group of node affinity scheduling rules for the image pruner pod. |
|
| failedJobsHistoryLimit specifies how many failed image pruner jobs to retain. Defaults to 3 if not set. |
|
| ignoreInvalidImageReferences indicates whether the pruner can ignore errors while parsing image references. |
|
| keepTagRevisions specifies the number of image revisions for a tag in an image stream that will be preserved. Defaults to 3. |
|
| keepYoungerThan specifies the minimum age in nanoseconds of an image and its referrers for it to be considered a candidate for pruning. DEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. If both are set, this field is ignored and keepYoungerThanDuration takes precedence. |
|
| keepYoungerThanDuration specifies the minimum age of an image and its referrers for it to be considered a candidate for pruning. Defaults to 60m (60 minutes). |
|
| logLevel sets the level of log output for the pruner job. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| nodeSelector defines the node selection constraints for the image pruner pod. |
|
| resources defines the resource requests and limits for the image pruner pod. |
|
|
schedule specifies when to execute the job using standard cronjob syntax: https://wikipedia.org/wiki/Cron. Defaults to |
|
| successfulJobsHistoryLimit specifies how many successful image pruner jobs to retain. Defaults to 3 if not set. |
|
| suspend specifies whether or not to suspend subsequent executions of this cronjob. Defaults to false. |
|
| tolerations defines the node tolerations for the image pruner pod. |
|
| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. |
14.1.2. .spec.affinity
- Description
- affinity is a group of node affinity scheduling rules for the image pruner pod.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Describes node affinity scheduling rules for the pod. |
|
| Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). |
|
| Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). |
14.1.3. .spec.affinity.nodeAffinity
- Description
- Describes node affinity scheduling rules for the pod.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. |
|
| An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). |
|
| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. |
14.1.4. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution
- Description
- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
- Type
-
array
14.1.5. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
- Description
- An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it’s a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
- Type
-
object
- Required
-
preference
-
weight
-
Property | Type | Description |
---|---|---|
|
| A node selector term, associated with the corresponding weight. |
|
| Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. |
14.1.6. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference
- Description
- A node selector term, associated with the corresponding weight.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| A list of node selector requirements by node’s labels. |
|
| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| A list of node selector requirements by node’s fields. |
|
| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
14.1.7. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions
- Description
- A list of node selector requirements by node’s labels.
- Type
-
array
14.1.8. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[]
- Description
- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| The label key that the selector applies to. |
|
| Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
14.1.9. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields
- Description
- A list of node selector requirements by node’s fields.
- Type
-
array
14.1.10. .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields[]
- Description
- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| The label key that the selector applies to. |
|
| Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
14.1.11. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
- Description
- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
- Type
-
object
- Required
-
nodeSelectorTerms
-
Property | Type | Description |
---|---|---|
|
| Required. A list of node selector terms. The terms are ORed. |
|
| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. |
14.1.12. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms
- Description
- Required. A list of node selector terms. The terms are ORed.
- Type
-
array
14.1.13. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[]
- Description
- A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| A list of node selector requirements by node’s labels. |
|
| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| A list of node selector requirements by node’s fields. |
|
| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
14.1.14. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions
- Description
- A list of node selector requirements by node’s labels.
- Type
-
array
14.1.15. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[]
- Description
- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| The label key that the selector applies to. |
|
| Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
14.1.16. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields
- Description
- A list of node selector requirements by node’s fields.
- Type
-
array
14.1.17. .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields[]
- Description
- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| The label key that the selector applies to. |
|
| Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. |
|
| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. |
14.1.18. .spec.affinity.podAffinity
- Description
- Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
- Type
-
object
Property | Type | Description |
---|---|---|
|
| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. |
|
| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) |
|
| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. |
|
| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running |
14.1.19. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution
- Description
- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
- Type
-
array
14.1.20. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
- Description
- The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
- Type
-
object
- Required
-
podAffinityTerm
-
weight
-
Property | Type | Description |
---|---|---|
|
| Required. A pod affinity term, associated with the corresponding weight. |
|
| weight associated with matching the corresponding podAffinityTerm, in the range 1-100. |
14.1.21. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
- Description
- Required. A pod affinity term, associated with the corresponding weight.
- Type
-
object
- Required
-
topologyKey
-
Property | Type | Description |
---|---|---|
|
| A label query over a set of resources, in this case pods. |
|
| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
14.1.22. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector
- Description
- A label query over a set of resources, in this case pods.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
14.1.23. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
14.1.24. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
14.1.25. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector
- Description
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
14.1.26. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
14.1.27. .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
14.1.28. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution
- Description
- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
- Type
-
array
14.1.29. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
- Description
- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
- Type
-
object
- Required
-
topologyKey
-
Property | Type | Description |
---|---|---|
|
| A label query over a set of resources, in this case pods. |
|
| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
14.1.30. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector
- Description
- A label query over a set of resources, in this case pods.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
14.1.31. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
14.1.32. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
14.1.33. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector
- Description
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
14.1.34. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
14.1.35. .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
14.1.36. .spec.affinity.podAntiAffinity
- Description
- Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
- Type
-
object
Property | Type | Description |
---|---|---|
|
| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. |
|
| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) |
|
| If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. |
|
| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running |
14.1.37. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution
- Description
- The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
- Type
-
array
14.1.38. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
- Description
- The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
- Type
-
object
- Required
-
podAffinityTerm
-
weight
-
Property | Type | Description |
---|---|---|
|
| Required. A pod affinity term, associated with the corresponding weight. |
|
| weight associated with matching the corresponding podAffinityTerm, in the range 1-100. |
14.1.39. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
- Description
- Required. A pod affinity term, associated with the corresponding weight.
- Type
-
object
- Required
-
topologyKey
-
Property | Type | Description |
---|---|---|
|
| A label query over a set of resources, in this case pods. |
|
| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
14.1.40. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector
- Description
- A label query over a set of resources, in this case pods.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
14.1.41. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
14.1.42. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
14.1.43. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector
- Description
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
14.1.44. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
14.1.45. .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
14.1.46. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution
- Description
- If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
- Type
-
array
14.1.47. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
- Description
- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
- Type
-
object
- Required
-
topologyKey
-
Property | Type | Description |
---|---|---|
|
| A label query over a set of resources, in this case pods. |
|
| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces. |
|
| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod’s namespace". |
|
| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. |
14.1.48. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector
- Description
- A label query over a set of resources, in this case pods.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
14.1.49. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
14.1.50. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
14.1.51. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector
- Description
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod’s namespace". An empty selector ({}) matches all namespaces.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
14.1.52. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
14.1.53. .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
14.1.54. .spec.resources
- Description
- resources defines the resource requests and limits for the image pruner pod.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
|
| ResourceClaim references one entry in PodSpec.ResourceClaims. |
|
| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
14.1.55. .spec.resources.claims
- Description
- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
- Type
-
array
14.1.56. .spec.resources.claims[]
- Description
- ResourceClaim references one entry in PodSpec.ResourceClaims.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
14.1.57. .spec.tolerations
- Description
- tolerations defines the node tolerations for the image pruner pod.
- Type
-
array
14.1.58. .spec.tolerations[]
- Description
- The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. |
|
| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. |
|
| Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. |
|
| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. |
|
| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. |
14.1.59. .status
- Description
- ImagePrunerStatus reports image pruner operational status.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status. |
|
| OperatorCondition is just the standard condition fields. |
|
| observedGeneration is the last generation change that has been applied. |
14.1.60. .status.conditions
- Description
- conditions is a list of conditions and their status.
- Type
-
array
14.1.61. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
14.2. API endpoints
The following API endpoints are available:
/apis/imageregistry.operator.openshift.io/v1/imagepruners
-
DELETE
: delete collection of ImagePruner -
GET
: list objects of kind ImagePruner -
POST
: create an ImagePruner
-
/apis/imageregistry.operator.openshift.io/v1/imagepruners/{name}
-
DELETE
: delete an ImagePruner -
GET
: read the specified ImagePruner -
PATCH
: partially update the specified ImagePruner -
PUT
: replace the specified ImagePruner
-
/apis/imageregistry.operator.openshift.io/v1/imagepruners/{name}/status
-
GET
: read status of the specified ImagePruner -
PATCH
: partially update status of the specified ImagePruner -
PUT
: replace status of the specified ImagePruner
-
14.2.1. /apis/imageregistry.operator.openshift.io/v1/imagepruners
- HTTP method
-
DELETE
- Description
- delete collection of ImagePruner
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind ImagePruner
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an ImagePruner
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
14.2.2. /apis/imageregistry.operator.openshift.io/v1/imagepruners/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the ImagePruner |
- HTTP method
-
DELETE
- Description
- delete an ImagePruner
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified ImagePruner
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified ImagePruner
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified ImagePruner
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
14.2.3. /apis/imageregistry.operator.openshift.io/v1/imagepruners/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the ImagePruner |
- HTTP method
-
GET
- Description
- read status of the specified ImagePruner
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified ImagePruner
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified ImagePruner
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 15. IngressController [operator.openshift.io/v1]
- Description
- IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources. When an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out. https://kubernetes.io/docs/concepts/services-networking/ingress-controllers Whenever possible, sensible defaults for the platform are used. See each field for more details. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
15.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the IngressController. |
|
| status is the most recently observed status of the IngressController. |
15.1.1. .spec
- Description
- spec is the specification of the desired behavior of the IngressController.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes. |
|
| defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don’t specify their own certificate, defaultCertificate is used. The secret must contain the following keys and data: tls.crt: certificate file contents tls.key: key file contents If unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate’s CA will be automatically integrated with the cluster’s trust store. If a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing. The in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift’s built-in OAuth server. |
|
| domain is a DNS name serviced by the ingress controller and is used to configure multiple features: * For the LoadBalancerService endpoint publishing strategy, domain is used to configure DNS records. See endpointPublishingStrategy. * When using a generated default certificate, the certificate will be valid for domain and its subdomains. See defaultCertificate. * The value is published to individual Route statuses so that end-users know where to target external DNS records. domain must be unique among all IngressControllers, and cannot be updated. If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. |
|
| endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc. If unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform: AWS: LoadBalancerService (with External scope) Azure: LoadBalancerService (with External scope) GCP: LoadBalancerService (with External scope) IBMCloud: LoadBalancerService (with External scope) AlibabaCloud: LoadBalancerService (with External scope) Libvirt: HostNetwork Any other platform types (including None) default to HostNetwork. endpointPublishingStrategy cannot be updated. |
|
| httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression. |
|
| httpEmptyRequestsPolicy describes how HTTP connections should be handled if the connection times out before a request is received. Allowed values for this field are "Respond" and "Ignore". If the field is set to "Respond", the ingress controller sends an HTTP 400 or 408 response, logs the connection (if access logging is enabled), and counts the connection in the appropriate metrics. If the field is set to "Ignore", the ingress controller closes the connection without sending a response, logging the connection, or incrementing metrics. The default value is "Respond". Typically, these connections come from load balancers' health probes or Web browsers' speculative connections ("preconnect") and can be safely ignored. However, these requests may also be caused by network errors, and so setting this field to "Ignore" may impede detection and diagnosis of problems. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts. |
|
| httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format "error-page-<error code>.http", where <error code> is an HTTP error code. For example, "error-page-503.http" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages. |
|
| httpHeaders defines policy for HTTP headers. If this field is empty, the default values are used. |
|
| logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled. |
|
| namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards. If unset, the default is no filtering. |
|
| nodePlacement enables explicit control over the scheduling of the ingress controller. If unset, defaults are used. See NodePlacement for more details. |
|
| replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. The value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field’s value is SingleReplica or HighlyAvailable, respectively. These defaults are subject to change. |
|
| routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces). If empty, defaults will be applied. See specific routeAdmission fields for details about their defaults. |
|
| routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards. If unset, the default is no filtering. |
|
| tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout. |
|
| tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details. Setting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations. |
| `` | unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported. |
15.1.2. .spec.clientTLS
- Description
- clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.
- Type
-
object
- Required
-
clientCA
-
clientCertificatePolicy
-
Property | Type | Description |
---|---|---|
|
| allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate’s distinguished name or else the ingress controller rejects the certificate and denies the connection. |
|
| clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client’s certificate. The administrator must create this configmap in the openshift-config namespace. |
|
| clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values "Required" or "Optional". Note that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes. |
15.1.3. .spec.clientTLS.clientCA
- Description
- clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client’s certificate. The administrator must create this configmap in the openshift-config namespace.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
15.1.4. .spec.defaultCertificate
- Description
- defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don’t specify their own certificate, defaultCertificate is used. The secret must contain the following keys and data: tls.crt: certificate file contents tls.key: key file contents If unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate’s CA will be automatically integrated with the cluster’s trust store. If a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing. The in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift’s built-in OAuth server.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? |
15.1.5. .spec.endpointPublishingStrategy
- Description
- endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc. If unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform: AWS: LoadBalancerService (with External scope) Azure: LoadBalancerService (with External scope) GCP: LoadBalancerService (with External scope) IBMCloud: LoadBalancerService (with External scope) AlibabaCloud: LoadBalancerService (with External scope) Libvirt: HostNetwork Any other platform types (including None) default to HostNetwork. endpointPublishingStrategy cannot be updated.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork. |
|
| loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService. |
|
| nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService. |
|
| private holds parameters for the Private endpoint publishing strategy. Present only if type is Private. |
|
| type is the publishing strategy to use. Valid values are: * LoadBalancerService Publishes the ingress controller using a Kubernetes LoadBalancer Service. In this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment. See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer If domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service’s external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. Wildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms. * HostNetwork Publishes the ingress controller on node ports where the ingress controller is deployed. In this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports. * Private Does not publish the ingress controller. In this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller. * NodePortService Publishes the ingress controller using a Kubernetes NodePort Service. In this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved. |
15.1.6. .spec.endpointPublishingStrategy.hostNetwork
- Description
- hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80. |
|
| httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443. |
|
| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change. |
|
| statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936. |
15.1.7. .spec.endpointPublishingStrategy.loadBalancer
- Description
- loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.
- Type
-
object
- Required
-
dnsManagementPolicy
-
scope
-
Property | Type | Description |
---|---|---|
| `` | allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted. Each range must be specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, which allows all source addresses. To facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the "router-<ingresscontroller name>" service in the "openshift-ingress" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12. |
|
| dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged. |
|
| providerParameters holds desired load balancer information specific to the underlying infrastructure provider. If empty, defaults will be applied. See specific providerParameters fields for details about their defaults. |
|
| scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal". |
15.1.8. .spec.endpointPublishingStrategy.loadBalancer.providerParameters
- Description
- providerParameters holds desired load balancer information specific to the underlying infrastructure provider. If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| aws provides configuration settings that are specific to AWS load balancers. If empty, defaults will be applied. See specific aws fields for details about their defaults. |
|
| gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults. |
|
| ibm provides configuration settings that are specific to IBM Cloud load balancers. If empty, defaults will be applied. See specific ibm fields for details about their defaults. |
|
| type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and "VSphere". |
15.1.9. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws
- Description
- aws provides configuration settings that are specific to AWS load balancers. If empty, defaults will be applied. See specific aws fields for details about their defaults.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic. |
|
| networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB. |
|
| type is the type of AWS load balancer to instantiate for an ingresscontroller. Valid values are: * "Classic": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb * "NLB": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb |
15.1.10. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer
- Description
- classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see https://pkg.go.dev/time#ParseDuration. A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change. |
15.1.11. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer
- Description
- networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.
- Type
-
object
15.1.12. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.gcp
- Description
- gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| clientAccess describes how client access is restricted for internal load balancers. Valid values are: * "Global": Specifying an internal load balancer with Global client access allows clients from any region within the VPC to communicate with the load balancer. https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access * "Local": Specifying an internal load balancer with Local client access means only clients within the same region (and VPC) as the GCP load balancer can communicate with the load balancer. Note that this is the default behavior. https://cloud.google.com/load-balancing/docs/internal#client_access |
15.1.13. .spec.endpointPublishingStrategy.loadBalancer.providerParameters.ibm
- Description
- ibm provides configuration settings that are specific to IBM Cloud load balancers. If empty, defaults will be applied. See specific ibm fields for details about their defaults.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. Valid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled. |
15.1.14. .spec.endpointPublishingStrategy.nodePort
- Description
- nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change. |
15.1.15. .spec.endpointPublishingStrategy.private
- Description
- private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change. |
15.1.16. .spec.httpCompression
- Description
- httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| mimeTypes is a list of MIME types that should have compression applied. This list can be empty, in which case the ingress controller does not apply compression. Note: Not all MIME types benefit from compression, but HAProxy will still use resources to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) formats benefit from compression, but formats that are already compressed (image, audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2 |
15.1.17. .spec.httpErrorCodePages
- Description
- httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format "error-page-<error code>.http", where <error code> is an HTTP error code. For example, "error-page-503.http" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.
- Type
-
object
- Required
-
name
-
Property | Type | Description |
---|---|---|
|
| name is the metadata.name of the referenced config map |
15.1.18. .spec.httpHeaders
- Description
- httpHeaders defines policy for HTTP headers. If this field is empty, the default values are used.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS ( |
|
| forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following: * "Append", which specifies that the IngressController appends the headers, preserving existing headers. * "Replace", which specifies that the IngressController sets the headers, replacing any existing Forwarded or X-Forwarded-* headers. * "IfNone", which specifies that the IngressController sets the headers if they are not already set. * "Never", which specifies that the IngressController never sets the headers, preserving any existing headers. By default, the policy is "Append". |
| `` | headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying "X-Forwarded-For" indicates that the "x-forwarded-for" HTTP header should be adjusted to have the specified capitalization. These adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1. For request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses. If this field is empty, no request headers are adjusted. |
|
| uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests. If this field is empty, no such header is injected into requests. |
15.1.19. .spec.httpHeaders.actions
- Description
-
actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (
Strict-Transport-Security
) header is not supported via actions.Strict-Transport-Security
may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController’s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route’s spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers after interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details. - Type
-
object
Property | Type | Description |
---|---|---|
|
|
request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either |
|
| IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. |
|
|
response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either |
|
| IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. |
15.1.20. .spec.httpHeaders.actions.request
- Description
-
request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either
Set
orDelete
headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Type
-
array
15.1.21. .spec.httpHeaders.actions.request[]
- Description
- IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.
- Type
-
object
- Required
-
action
-
name
-
Property | Type | Description |
---|---|---|
|
| action specifies actions to perform on headers, such as setting or deleting headers. |
|
| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique. |
15.1.22. .spec.httpHeaders.actions.request[].action
- Description
- action specifies actions to perform on headers, such as setting or deleting headers.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise. |
|
| type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. |
15.1.23. .spec.httpHeaders.actions.request[].action.set
- Description
- set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
- Type
-
object
- Required
-
value
-
Property | Type | Description |
---|---|---|
|
| value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy’s %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers after interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. |
15.1.24. .spec.httpHeaders.actions.response
- Description
-
response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either
Set
orDelete
headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Type
-
array
15.1.25. .spec.httpHeaders.actions.response[]
- Description
- IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.
- Type
-
object
- Required
-
action
-
name
-
Property | Type | Description |
---|---|---|
|
| action specifies actions to perform on headers, such as setting or deleting headers. |
|
| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique. |
15.1.26. .spec.httpHeaders.actions.response[].action
- Description
- action specifies actions to perform on headers, such as setting or deleting headers.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise. |
|
| type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. |
15.1.27. .spec.httpHeaders.actions.response[].action.set
- Description
- set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
- Type
-
object
- Required
-
value
-
Property | Type | Description |
---|---|---|
|
| value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy’s %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers after interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. |
15.1.28. .spec.httpHeaders.uniqueId
- Description
- uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests. If this field is empty, no such header is injected into requests.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| format specifies the format for the injected HTTP header’s value. This field has no effect unless name is specified. For the HAProxy-based ingress controller implementation, this format uses the same syntax as the HTTP log format. If the field is empty, the default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the corresponding HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 |
|
| name specifies the name of the HTTP header (for example, "unique-id") that the ingress controller should inject into HTTP requests. The field’s value must be a valid HTTP header name as defined in RFC 2616 section 4.2. If the field is empty, no header is injected. |
15.1.29. .spec.logging
- Description
- logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| access describes how the client requests should be logged. If this field is empty, access logging is disabled. |
15.1.30. .spec.logging.access
- Description
- access describes how the client requests should be logged. If this field is empty, access logging is disabled.
- Type
-
object
- Required
-
destination
-
Property | Type | Description |
---|---|---|
|
| destination is where access logs go. |
| `` | httpCaptureCookies specifies HTTP cookies that should be captured in access logs. If this field is empty, no cookies are captured. |
|
| httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections. |
|
| httpLogFormat specifies the format of the log message for an HTTP request. If this field is empty, log messages use the implementation’s default HTTP log format. For HAProxy’s default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 Note that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). It does not affect the log format for TLS passthrough connections. |
|
| logEmptyRequests specifies how connections on which no request is received should be logged. Typically, these empty requests come from load balancers' health probes or Web browsers' speculative connections ("preconnect"), in which case logging these requests may be undesirable. However, these requests may also be caused by network errors, in which case logging empty requests may be useful for diagnosing the errors. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts. Allowed values for this field are "Log" and "Ignore". The default value is "Log". |
15.1.31. .spec.logging.access.destination
- Description
- destination is where access logs go.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| container holds parameters for the Container logging destination. Present only if type is Container. |
|
| syslog holds parameters for a syslog endpoint. Present only if type is Syslog. |
|
| type is the type of destination for logs. It must be one of the following: * Container The ingress operator configures the sidecar container named "logs" on the ingress controller pod and configures the ingress controller to write logs to the sidecar. The logs are then available as container logs. The expectation is that the administrator configures a custom logging solution that reads logs from this sidecar. Note that using container logs means that logs may be dropped if the rate of logs exceeds the container runtime’s or the custom logging solution’s capacity. * Syslog Logs are sent to a syslog endpoint. The administrator must specify an endpoint that can receive syslog messages. The expectation is that the administrator has configured a custom syslog instance. |
15.1.32. .spec.logging.access.destination.container
- Description
- container holds parameters for the Container logging destination. Present only if type is Container.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| maxLength is the maximum length of the log message. Valid values are integers in the range 480 to 8192, inclusive. When omitted, the default value is 1024. |
15.1.33. .spec.logging.access.destination.syslog
- Description
- syslog holds parameters for a syslog endpoint. Present only if type is Syslog.
- Type
-
object
- Required
-
address
-
port
-
Property | Type | Description |
---|---|---|
|
| address is the IP address of the syslog endpoint that receives log messages. |
|
| facility specifies the syslog facility of log messages. If this field is empty, the facility is "local1". |
|
| maxLength is the maximum length of the log message. Valid values are integers in the range 480 to 4096, inclusive. When omitted, the default value is 1024. |
|
| port is the UDP port number of the syslog endpoint that receives log messages. |
15.1.34. .spec.logging.access.httpCaptureHeaders
- Description
- httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.
- Type
-
object
Property | Type | Description |
---|---|---|
| `` | request specifies which HTTP request headers to capture. If this field is empty, no request headers are captured. |
| `` | response specifies which HTTP response headers to capture. If this field is empty, no response headers are captured. |
15.1.35. .spec.namespaceSelector
- Description
- namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards. If unset, the default is no filtering.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
15.1.36. .spec.namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
15.1.37. .spec.namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
15.1.38. .spec.nodePlacement
- Description
- nodePlacement enables explicit control over the scheduling of the ingress controller. If unset, defaults are used. See NodePlacement for more details.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| nodeSelector is the node selector applied to ingress controller deployments. If set, the specified selector is used and replaces the default. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. When defaultPlacement is Workers, the default is: kubernetes.io/os: linux node-role.kubernetes.io/worker: '' When defaultPlacement is ControlPlane, the default is: kubernetes.io/os: linux node-role.kubernetes.io/master: '' These defaults are subject to change. Note that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors. |
|
| tolerations is a list of tolerations applied to ingress controller deployments. The default is an empty list. See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
|
| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. |
15.1.39. .spec.nodePlacement.nodeSelector
- Description
- nodeSelector is the node selector applied to ingress controller deployments. If set, the specified selector is used and replaces the default. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. When defaultPlacement is Workers, the default is: kubernetes.io/os: linux node-role.kubernetes.io/worker: '' When defaultPlacement is ControlPlane, the default is: kubernetes.io/os: linux node-role.kubernetes.io/master: '' These defaults are subject to change. Note that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
15.1.40. .spec.nodePlacement.nodeSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
15.1.41. .spec.nodePlacement.nodeSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
15.1.42. .spec.nodePlacement.tolerations
- Description
- tolerations is a list of tolerations applied to ingress controller deployments. The default is an empty list. See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
- Type
-
array
15.1.43. .spec.nodePlacement.tolerations[]
- Description
- The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. |
|
| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. |
|
| Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. |
|
| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. |
|
| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. |
15.1.44. .spec.routeAdmission
- Description
- routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces). If empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| namespaceOwnership describes how host name claims across namespaces should be handled. Value must be one of: - Strict: Do not allow routes in different namespaces to claim the same host. - InterNamespaceAllowed: Allow routes to claim different paths of the same host name across namespaces. If empty, the default is Strict. |
|
| wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route’s wildcard policy. [1] https://github.com/openshift/api/blob/master/route/v1/types.go Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller. WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. If empty, defaults to "WildcardsDisallowed". |
15.1.45. .spec.routeSelector
- Description
- routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards. If unset, the default is no filtering.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
15.1.46. .spec.routeSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
15.1.47. .spec.routeSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
15.1.48. .spec.tlsSecurityProfile
- Description
- tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.
- Type
-
object
Property | Type | Description |
---|---|---|
| `` | custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11 |
| `` | intermediate is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12 |
| `` | modern is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 NOTE: Currently unsupported. |
| `` | old is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10 |
|
| type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries. |
15.1.49. .spec.tuningOptions
- Description
- tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details. Setting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection. If unset, the default timeout is 1s |
|
| clientTimeout defines how long a connection will be held open while waiting for a client response. If unset, the default timeout is 30s |
|
| ConnectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". When omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s. |
|
| headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes. Setting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary. |
|
| headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes. Setting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary. |
|
| healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation "router.openshift.io/haproxy.health.check.interval". Expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". Setting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven’t yet been detected as such. An empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s. Currently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time. |
|
| maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed. Permitted values are: empty, 0, -1, and the range 2000-2000000. If this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases. If the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000. Setting a value that is greater than the current operating system limit will prevent the HAProxy process from starting. If you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there’s no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime. You can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. You can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. |
|
| reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend’s servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy’s configuration can take effect more quickly. The value must be a time duration value; see https://pkg.go.dev/time#ParseDuration. Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default). A zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". Note: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy’s configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload. |
|
| serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection. If unset, the default timeout is 1s |
|
| serverTimeout defines how long a connection will be held open while waiting for a server/backend response. If unset, the default timeout is 30s |
|
| threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases. Setting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly. |
|
| tlsInspectDelay defines how long the router can hold data to find a matching route. Setting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used. If unset, the default inspect delay is 5s |
|
| tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle. If unset, the default timeout is 1h |
15.1.50. .status
- Description
- status is the most recently observed status of the IngressController.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| availableReplicas is number of observed available replicas according to the ingress controller deployment. |
|
| conditions is a list of conditions and their status. Available means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas) There are additional conditions which indicate the status of other ingress controller features and capabilities. * LoadBalancerManaged - True if the following conditions are met: * The endpoint publishing strategy requires a service load balancer. - False if any of those conditions are unsatisfied. * LoadBalancerReady - True if the following conditions are met: * A load balancer is managed. * The load balancer is ready. - False if any of those conditions are unsatisfied. * DNSManaged - True if the following conditions are met: * The endpoint publishing strategy and platform support DNS. * The ingress controller domain is set. * dns.config.openshift.io/cluster configures DNS zones. - False if any of those conditions are unsatisfied. * DNSReady - True if the following conditions are met: * DNS is managed. * DNS records have been successfully created. - False if any of those conditions are unsatisfied. |
|
| OperatorCondition is just the standard condition fields. |
|
| domain is the actual domain in use. |
|
| endpointPublishingStrategy is the actual strategy in use. |
|
| namespaceSelector is the actual namespaceSelector in use. |
|
| observedGeneration is the most recent generation observed. |
|
| routeSelector is the actual routeSelector in use. |
|
| selector is a label selector, in string format, for ingress controller pods corresponding to the IngressController. The number of matching pods should equal the value of availableReplicas. |
|
| tlsProfile is the TLS connection configuration that is in effect. |
15.1.51. .status.conditions
- Description
- conditions is a list of conditions and their status. Available means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas) There are additional conditions which indicate the status of other ingress controller features and capabilities. * LoadBalancerManaged - True if the following conditions are met: * The endpoint publishing strategy requires a service load balancer. - False if any of those conditions are unsatisfied. * LoadBalancerReady - True if the following conditions are met: * A load balancer is managed. * The load balancer is ready. - False if any of those conditions are unsatisfied. * DNSManaged - True if the following conditions are met: * The endpoint publishing strategy and platform support DNS. * The ingress controller domain is set. * dns.config.openshift.io/cluster configures DNS zones. - False if any of those conditions are unsatisfied. * DNSReady - True if the following conditions are met: * DNS is managed. * DNS records have been successfully created. - False if any of those conditions are unsatisfied.
- Type
-
array
15.1.52. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
15.1.53. .status.endpointPublishingStrategy
- Description
- endpointPublishingStrategy is the actual strategy in use.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork. |
|
| loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService. |
|
| nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService. |
|
| private holds parameters for the Private endpoint publishing strategy. Present only if type is Private. |
|
| type is the publishing strategy to use. Valid values are: * LoadBalancerService Publishes the ingress controller using a Kubernetes LoadBalancer Service. In this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment. See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer If domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service’s external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. Wildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms. * HostNetwork Publishes the ingress controller on node ports where the ingress controller is deployed. In this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports. * Private Does not publish the ingress controller. In this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller. * NodePortService Publishes the ingress controller using a Kubernetes NodePort Service. In this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved. |
15.1.54. .status.endpointPublishingStrategy.hostNetwork
- Description
- hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80. |
|
| httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443. |
|
| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change. |
|
| statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936. |
15.1.55. .status.endpointPublishingStrategy.loadBalancer
- Description
- loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.
- Type
-
object
- Required
-
dnsManagementPolicy
-
scope
-
Property | Type | Description |
---|---|---|
| `` | allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted. Each range must be specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, which allows all source addresses. To facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the "router-<ingresscontroller name>" service in the "openshift-ingress" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12. |
|
| dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged. |
|
| providerParameters holds desired load balancer information specific to the underlying infrastructure provider. If empty, defaults will be applied. See specific providerParameters fields for details about their defaults. |
|
| scope indicates the scope at which the load balancer is exposed. Possible values are "External" and "Internal". |
15.1.56. .status.endpointPublishingStrategy.loadBalancer.providerParameters
- Description
- providerParameters holds desired load balancer information specific to the underlying infrastructure provider. If empty, defaults will be applied. See specific providerParameters fields for details about their defaults.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| aws provides configuration settings that are specific to AWS load balancers. If empty, defaults will be applied. See specific aws fields for details about their defaults. |
|
| gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults. |
|
| ibm provides configuration settings that are specific to IBM Cloud load balancers. If empty, defaults will be applied. See specific ibm fields for details about their defaults. |
|
| type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and "VSphere". |
15.1.57. .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws
- Description
- aws provides configuration settings that are specific to AWS load balancers. If empty, defaults will be applied. See specific aws fields for details about their defaults.
- Type
-
object
- Required
-
type
-
Property | Type | Description |
---|---|---|
|
| classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic. |
|
| networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB. |
|
| type is the type of AWS load balancer to instantiate for an ingresscontroller. Valid values are: * "Classic": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb * "NLB": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb |
15.1.58. .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer
- Description
- classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see https://pkg.go.dev/time#ParseDuration. A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change. |
15.1.59. .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer
- Description
- networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.
- Type
-
object
15.1.60. .status.endpointPublishingStrategy.loadBalancer.providerParameters.gcp
- Description
- gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| clientAccess describes how client access is restricted for internal load balancers. Valid values are: * "Global": Specifying an internal load balancer with Global client access allows clients from any region within the VPC to communicate with the load balancer. https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access * "Local": Specifying an internal load balancer with Local client access means only clients within the same region (and VPC) as the GCP load balancer can communicate with the load balancer. Note that this is the default behavior. https://cloud.google.com/load-balancing/docs/internal#client_access |
15.1.61. .status.endpointPublishingStrategy.loadBalancer.providerParameters.ibm
- Description
- ibm provides configuration settings that are specific to IBM Cloud load balancers. If empty, defaults will be applied. See specific ibm fields for details about their defaults.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. Valid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled. |
15.1.62. .status.endpointPublishingStrategy.nodePort
- Description
- nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change. |
15.1.63. .status.endpointPublishingStrategy.private
- Description
- private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer’s address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. The following values are valid for this field: * The empty string. * "TCP". * "PROXY". The empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change. |
15.1.64. .status.namespaceSelector
- Description
- namespaceSelector is the actual namespaceSelector in use.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
15.1.65. .status.namespaceSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
15.1.66. .status.namespaceSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
15.1.67. .status.routeSelector
- Description
- routeSelector is the actual routeSelector in use.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
15.1.68. .status.routeSelector.matchExpressions
- Description
- matchExpressions is a list of label selector requirements. The requirements are ANDed.
- Type
-
array
15.1.69. .status.routeSelector.matchExpressions[]
- Description
- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
- Type
-
object
- Required
-
key
-
operator
-
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
15.1.70. .status.tlsProfile
- Description
- tlsProfile is the TLS connection configuration that is in effect.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - DES-CBC3-SHA |
|
| minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): minTLSVersion: VersionTLS11 NOTE: currently the highest minTLSVersion allowed is VersionTLS12 |
15.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/ingresscontrollers
-
GET
: list objects of kind IngressController
-
/apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers
-
DELETE
: delete collection of IngressController -
GET
: list objects of kind IngressController -
POST
: create an IngressController
-
/apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}
-
DELETE
: delete an IngressController -
GET
: read the specified IngressController -
PATCH
: partially update the specified IngressController -
PUT
: replace the specified IngressController
-
/apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}/scale
-
GET
: read scale of the specified IngressController -
PATCH
: partially update scale of the specified IngressController -
PUT
: replace scale of the specified IngressController
-
/apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}/status
-
GET
: read status of the specified IngressController -
PATCH
: partially update status of the specified IngressController -
PUT
: replace status of the specified IngressController
-
15.2.1. /apis/operator.openshift.io/v1/ingresscontrollers
- HTTP method
-
GET
- Description
- list objects of kind IngressController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
15.2.2. /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers
- HTTP method
-
DELETE
- Description
- delete collection of IngressController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind IngressController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an IngressController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
15.2.3. /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the IngressController |
- HTTP method
-
DELETE
- Description
- delete an IngressController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified IngressController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified IngressController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified IngressController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
15.2.4. /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}/scale
Parameter | Type | Description |
---|---|---|
|
| name of the IngressController |
- HTTP method
-
GET
- Description
- read scale of the specified IngressController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update scale of the specified IngressController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace scale of the specified IngressController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
15.2.5. /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the IngressController |
- HTTP method
-
GET
- Description
- read status of the specified IngressController
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified IngressController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified IngressController
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 16. InsightsOperator [operator.openshift.io/v1]
- Description
- InsightsOperator holds cluster-wide information about the Insights Operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
16.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the Insights. |
|
| status is the most recently observed status of the Insights operator. |
16.1.1. .spec
- Description
- spec is the specification of the desired behavior of the Insights.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides |
16.1.2. .status
- Description
- status is the most recently observed status of the Insights operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
16.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
16.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
16.1.5. .status.gatherStatus
- Description
- gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| gatherers is a list of active gatherers (and their statuses) in the last gathering. |
|
| gathererStatus represents information about a particular data gatherer. |
|
| lastGatherDuration is the total time taken to process all gatherers during the last gather event. |
|
| lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet. |
16.1.6. .status.gatherStatus.gatherers
- Description
- gatherers is a list of active gatherers (and their statuses) in the last gathering.
- Type
-
array
16.1.7. .status.gatherStatus.gatherers[]
- Description
- gathererStatus represents information about a particular data gatherer.
- Type
-
object
- Required
-
conditions
-
lastGatherDuration
-
name
-
Property | Type | Description |
---|---|---|
|
| conditions provide details on the status of each gatherer. |
|
|
Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo’s current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition |
|
| lastGatherDuration represents the time spent gathering. |
|
| name is the name of the gatherer. |
16.1.8. .status.gatherStatus.gatherers[].conditions
- Description
- conditions provide details on the status of each gatherer.
- Type
-
array
16.1.9. .status.gatherStatus.gatherers[].conditions[]
- Description
-
Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo’s current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition
json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"
// other fields } - Type
-
object
- Required
-
lastTransitionTime
-
message
-
reason
-
status
-
type
-
Property | Type | Description |
---|---|---|
|
| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. |
|
| message is a human readable message indicating details about the transition. This may be an empty string. |
|
| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. |
|
| reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
|
| status of the condition, one of True, False, Unknown. |
|
| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
16.1.10. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
16.1.11. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
16.1.12. .status.insightsReport
- Description
- insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled). |
|
| healthChecks provides basic information about active Insights health checks in a cluster. |
|
| healthCheck represents an Insights health check attributes. |
16.1.13. .status.insightsReport.healthChecks
- Description
- healthChecks provides basic information about active Insights health checks in a cluster.
- Type
-
array
16.1.14. .status.insightsReport.healthChecks[]
- Description
- healthCheck represents an Insights health check attributes.
- Type
-
object
- Required
-
advisorURI
-
description
-
state
-
totalRisk
-
Property | Type | Description |
---|---|---|
|
| advisorURI provides the URL link to the Insights Advisor. |
|
| description provides basic description of the healtcheck. |
|
| state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface. |
|
| totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue. |
16.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/insightsoperators
-
DELETE
: delete collection of InsightsOperator -
GET
: list objects of kind InsightsOperator -
POST
: create an InsightsOperator
-
/apis/operator.openshift.io/v1/insightsoperators/{name}
-
DELETE
: delete an InsightsOperator -
GET
: read the specified InsightsOperator -
PATCH
: partially update the specified InsightsOperator -
PUT
: replace the specified InsightsOperator
-
/apis/operator.openshift.io/v1/insightsoperators/{name}/scale
-
GET
: read scale of the specified InsightsOperator -
PATCH
: partially update scale of the specified InsightsOperator -
PUT
: replace scale of the specified InsightsOperator
-
/apis/operator.openshift.io/v1/insightsoperators/{name}/status
-
GET
: read status of the specified InsightsOperator -
PATCH
: partially update status of the specified InsightsOperator -
PUT
: replace status of the specified InsightsOperator
-
16.2.1. /apis/operator.openshift.io/v1/insightsoperators
- HTTP method
-
DELETE
- Description
- delete collection of InsightsOperator
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind InsightsOperator
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an InsightsOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
16.2.2. /apis/operator.openshift.io/v1/insightsoperators/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the InsightsOperator |
- HTTP method
-
DELETE
- Description
- delete an InsightsOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified InsightsOperator
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified InsightsOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified InsightsOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
16.2.3. /apis/operator.openshift.io/v1/insightsoperators/{name}/scale
Parameter | Type | Description |
---|---|---|
|
| name of the InsightsOperator |
- HTTP method
-
GET
- Description
- read scale of the specified InsightsOperator
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update scale of the specified InsightsOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace scale of the specified InsightsOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
16.2.4. /apis/operator.openshift.io/v1/insightsoperators/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the InsightsOperator |
- HTTP method
-
GET
- Description
- read status of the specified InsightsOperator
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified InsightsOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified InsightsOperator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 17. KubeAPIServer [operator.openshift.io/v1]
- Description
- KubeAPIServer provides information to configure an operator to manage kube-apiserver. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
17.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the Kubernetes API Server |
|
| status is the most recently observed status of the Kubernetes API Server |
17.1.1. .spec
- Description
- spec is the specification of the desired behavior of the Kubernetes API Server
- Type
-
object
Property | Type | Description |
---|---|---|
|
| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
|
| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
17.1.2. .status
- Description
- status is the most recently observed status of the Kubernetes API Server
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| latestAvailableRevision is the deploymentID of the most recent deployment |
|
| latestAvailableRevisionReason describe the detailed reason for the most recent deployment |
|
| nodeStatuses track the deployment values and errors across individual nodes |
|
| NodeStatus provides information about the current state of a particular node managed by this operator. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection |
|
| |
|
| version is the level this availability applies to |
17.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
17.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
17.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
17.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
17.1.7. .status.nodeStatuses
- Description
- nodeStatuses track the deployment values and errors across individual nodes
- Type
-
array
17.1.8. .status.nodeStatuses[]
- Description
- NodeStatus provides information about the current state of a particular node managed by this operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| currentRevision is the generation of the most recently successful deployment |
|
| lastFailedCount is how often the installer pod of the last failed revision failed. |
|
| lastFailedReason is a machine readable failure reason string. |
|
| lastFailedRevision is the generation of the deployment we tried and failed to deploy. |
|
| lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. |
|
| lastFailedTime is the time the last failed revision failed the last time. |
|
| lastFallbackCount is how often a fallback to a previous revision happened. |
|
| nodeName is the name of the node |
|
| targetRevision is the generation of the deployment we’re trying to apply |
17.1.9. .status.serviceAccountIssuers
- Description
- serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
- Type
-
array
17.1.10. .status.serviceAccountIssuers[]
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers. |
|
| name is the name of the service account issuer --- |
17.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/kubeapiservers
-
DELETE
: delete collection of KubeAPIServer -
GET
: list objects of kind KubeAPIServer -
POST
: create a KubeAPIServer
-
/apis/operator.openshift.io/v1/kubeapiservers/{name}
-
DELETE
: delete a KubeAPIServer -
GET
: read the specified KubeAPIServer -
PATCH
: partially update the specified KubeAPIServer -
PUT
: replace the specified KubeAPIServer
-
/apis/operator.openshift.io/v1/kubeapiservers/{name}/status
-
GET
: read status of the specified KubeAPIServer -
PATCH
: partially update status of the specified KubeAPIServer -
PUT
: replace status of the specified KubeAPIServer
-
17.2.1. /apis/operator.openshift.io/v1/kubeapiservers
- HTTP method
-
DELETE
- Description
- delete collection of KubeAPIServer
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind KubeAPIServer
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a KubeAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
17.2.2. /apis/operator.openshift.io/v1/kubeapiservers/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the KubeAPIServer |
- HTTP method
-
DELETE
- Description
- delete a KubeAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified KubeAPIServer
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified KubeAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified KubeAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
17.2.3. /apis/operator.openshift.io/v1/kubeapiservers/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the KubeAPIServer |
- HTTP method
-
GET
- Description
- read status of the specified KubeAPIServer
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified KubeAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified KubeAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 18. KubeControllerManager [operator.openshift.io/v1]
- Description
- KubeControllerManager provides information to configure an operator to manage kube-controller-manager. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
18.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the Kubernetes Controller Manager |
|
| status is the most recently observed status of the Kubernetes Controller Manager |
18.1.1. .spec
- Description
- spec is the specification of the desired behavior of the Kubernetes Controller Manager
- Type
-
object
Property | Type | Description |
---|---|---|
|
| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
|
| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
|
| useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only enough certificates to validate service serving certificates. Once set to true, it cannot be set to false. Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will only have the more secure content. |
18.1.2. .status
- Description
- status is the most recently observed status of the Kubernetes Controller Manager
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| latestAvailableRevision is the deploymentID of the most recent deployment |
|
| latestAvailableRevisionReason describe the detailed reason for the most recent deployment |
|
| nodeStatuses track the deployment values and errors across individual nodes |
|
| NodeStatus provides information about the current state of a particular node managed by this operator. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
18.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
18.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
18.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
18.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
18.1.7. .status.nodeStatuses
- Description
- nodeStatuses track the deployment values and errors across individual nodes
- Type
-
array
18.1.8. .status.nodeStatuses[]
- Description
- NodeStatus provides information about the current state of a particular node managed by this operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| currentRevision is the generation of the most recently successful deployment |
|
| lastFailedCount is how often the installer pod of the last failed revision failed. |
|
| lastFailedReason is a machine readable failure reason string. |
|
| lastFailedRevision is the generation of the deployment we tried and failed to deploy. |
|
| lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. |
|
| lastFailedTime is the time the last failed revision failed the last time. |
|
| lastFallbackCount is how often a fallback to a previous revision happened. |
|
| nodeName is the name of the node |
|
| targetRevision is the generation of the deployment we’re trying to apply |
18.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/kubecontrollermanagers
-
DELETE
: delete collection of KubeControllerManager -
GET
: list objects of kind KubeControllerManager -
POST
: create a KubeControllerManager
-
/apis/operator.openshift.io/v1/kubecontrollermanagers/{name}
-
DELETE
: delete a KubeControllerManager -
GET
: read the specified KubeControllerManager -
PATCH
: partially update the specified KubeControllerManager -
PUT
: replace the specified KubeControllerManager
-
/apis/operator.openshift.io/v1/kubecontrollermanagers/{name}/status
-
GET
: read status of the specified KubeControllerManager -
PATCH
: partially update status of the specified KubeControllerManager -
PUT
: replace status of the specified KubeControllerManager
-
18.2.1. /apis/operator.openshift.io/v1/kubecontrollermanagers
- HTTP method
-
DELETE
- Description
- delete collection of KubeControllerManager
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind KubeControllerManager
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a KubeControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
18.2.2. /apis/operator.openshift.io/v1/kubecontrollermanagers/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the KubeControllerManager |
- HTTP method
-
DELETE
- Description
- delete a KubeControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified KubeControllerManager
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified KubeControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified KubeControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
18.2.3. /apis/operator.openshift.io/v1/kubecontrollermanagers/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the KubeControllerManager |
- HTTP method
-
GET
- Description
- read status of the specified KubeControllerManager
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified KubeControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified KubeControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 19. KubeScheduler [operator.openshift.io/v1]
- Description
- KubeScheduler provides information to configure an operator to manage scheduler. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
19.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the Kubernetes Scheduler |
|
| status is the most recently observed status of the Kubernetes Scheduler |
19.1.1. .spec
- Description
- spec is the specification of the desired behavior of the Kubernetes Scheduler
- Type
-
object
Property | Type | Description |
---|---|---|
|
| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
|
| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
19.1.2. .status
- Description
- status is the most recently observed status of the Kubernetes Scheduler
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| latestAvailableRevision is the deploymentID of the most recent deployment |
|
| latestAvailableRevisionReason describe the detailed reason for the most recent deployment |
|
| nodeStatuses track the deployment values and errors across individual nodes |
|
| NodeStatus provides information about the current state of a particular node managed by this operator. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
19.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
19.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
19.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
19.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
19.1.7. .status.nodeStatuses
- Description
- nodeStatuses track the deployment values and errors across individual nodes
- Type
-
array
19.1.8. .status.nodeStatuses[]
- Description
- NodeStatus provides information about the current state of a particular node managed by this operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| currentRevision is the generation of the most recently successful deployment |
|
| lastFailedCount is how often the installer pod of the last failed revision failed. |
|
| lastFailedReason is a machine readable failure reason string. |
|
| lastFailedRevision is the generation of the deployment we tried and failed to deploy. |
|
| lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. |
|
| lastFailedTime is the time the last failed revision failed the last time. |
|
| lastFallbackCount is how often a fallback to a previous revision happened. |
|
| nodeName is the name of the node |
|
| targetRevision is the generation of the deployment we’re trying to apply |
19.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/kubeschedulers
-
DELETE
: delete collection of KubeScheduler -
GET
: list objects of kind KubeScheduler -
POST
: create a KubeScheduler
-
/apis/operator.openshift.io/v1/kubeschedulers/{name}
-
DELETE
: delete a KubeScheduler -
GET
: read the specified KubeScheduler -
PATCH
: partially update the specified KubeScheduler -
PUT
: replace the specified KubeScheduler
-
/apis/operator.openshift.io/v1/kubeschedulers/{name}/status
-
GET
: read status of the specified KubeScheduler -
PATCH
: partially update status of the specified KubeScheduler -
PUT
: replace status of the specified KubeScheduler
-
19.2.1. /apis/operator.openshift.io/v1/kubeschedulers
- HTTP method
-
DELETE
- Description
- delete collection of KubeScheduler
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind KubeScheduler
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a KubeScheduler
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
19.2.2. /apis/operator.openshift.io/v1/kubeschedulers/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the KubeScheduler |
- HTTP method
-
DELETE
- Description
- delete a KubeScheduler
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified KubeScheduler
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified KubeScheduler
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified KubeScheduler
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
19.2.3. /apis/operator.openshift.io/v1/kubeschedulers/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the KubeScheduler |
- HTTP method
-
GET
- Description
- read status of the specified KubeScheduler
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified KubeScheduler
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified KubeScheduler
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 20. KubeStorageVersionMigrator [operator.openshift.io/v1]
- Description
- KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
20.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| |
|
|
20.1.1. .spec
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
20.1.2. .status
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
20.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
20.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
20.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
20.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
20.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/kubestorageversionmigrators
-
DELETE
: delete collection of KubeStorageVersionMigrator -
GET
: list objects of kind KubeStorageVersionMigrator -
POST
: create a KubeStorageVersionMigrator
-
/apis/operator.openshift.io/v1/kubestorageversionmigrators/{name}
-
DELETE
: delete a KubeStorageVersionMigrator -
GET
: read the specified KubeStorageVersionMigrator -
PATCH
: partially update the specified KubeStorageVersionMigrator -
PUT
: replace the specified KubeStorageVersionMigrator
-
/apis/operator.openshift.io/v1/kubestorageversionmigrators/{name}/status
-
GET
: read status of the specified KubeStorageVersionMigrator -
PATCH
: partially update status of the specified KubeStorageVersionMigrator -
PUT
: replace status of the specified KubeStorageVersionMigrator
-
20.2.1. /apis/operator.openshift.io/v1/kubestorageversionmigrators
- HTTP method
-
DELETE
- Description
- delete collection of KubeStorageVersionMigrator
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind KubeStorageVersionMigrator
HTTP code | Reponse body |
---|---|
200 - OK | |
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a KubeStorageVersionMigrator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
20.2.2. /apis/operator.openshift.io/v1/kubestorageversionmigrators/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the KubeStorageVersionMigrator |
- HTTP method
-
DELETE
- Description
- delete a KubeStorageVersionMigrator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified KubeStorageVersionMigrator
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified KubeStorageVersionMigrator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified KubeStorageVersionMigrator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
20.2.3. /apis/operator.openshift.io/v1/kubestorageversionmigrators/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the KubeStorageVersionMigrator |
- HTTP method
-
GET
- Description
- read status of the specified KubeStorageVersionMigrator
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified KubeStorageVersionMigrator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified KubeStorageVersionMigrator
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 21. MachineConfiguration [operator.openshift.io/v1]
- Description
- MachineConfiguration provides information to configure an operator to manage Machine Configuration. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
21.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the Machine Config Operator |
|
| status is the most recently observed status of the Machine Config Operator |
21.1.1. .spec
- Description
- spec is the specification of the desired behavior of the Machine Config Operator
- Type
-
object
Property | Type | Description |
---|---|---|
|
| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
|
| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
21.1.2. .status
- Description
- status is the most recently observed status of the Machine Config Operator
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| latestAvailableRevision is the deploymentID of the most recent deployment |
|
| latestAvailableRevisionReason describe the detailed reason for the most recent deployment |
|
| nodeStatuses track the deployment values and errors across individual nodes |
|
| NodeStatus provides information about the current state of a particular node managed by this operator. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
21.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
21.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
21.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
21.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
21.1.7. .status.nodeStatuses
- Description
- nodeStatuses track the deployment values and errors across individual nodes
- Type
-
array
21.1.8. .status.nodeStatuses[]
- Description
- NodeStatus provides information about the current state of a particular node managed by this operator.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| currentRevision is the generation of the most recently successful deployment |
|
| lastFailedCount is how often the installer pod of the last failed revision failed. |
|
| lastFailedReason is a machine readable failure reason string. |
|
| lastFailedRevision is the generation of the deployment we tried and failed to deploy. |
|
| lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. |
|
| lastFailedTime is the time the last failed revision failed the last time. |
|
| lastFallbackCount is how often a fallback to a previous revision happened. |
|
| nodeName is the name of the node |
|
| targetRevision is the generation of the deployment we’re trying to apply |
21.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/machineconfigurations
-
DELETE
: delete collection of MachineConfiguration -
GET
: list objects of kind MachineConfiguration -
POST
: create a MachineConfiguration
-
/apis/operator.openshift.io/v1/machineconfigurations/{name}
-
DELETE
: delete a MachineConfiguration -
GET
: read the specified MachineConfiguration -
PATCH
: partially update the specified MachineConfiguration -
PUT
: replace the specified MachineConfiguration
-
/apis/operator.openshift.io/v1/machineconfigurations/{name}/status
-
GET
: read status of the specified MachineConfiguration -
PATCH
: partially update status of the specified MachineConfiguration -
PUT
: replace status of the specified MachineConfiguration
-
21.2.1. /apis/operator.openshift.io/v1/machineconfigurations
- HTTP method
-
DELETE
- Description
- delete collection of MachineConfiguration
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind MachineConfiguration
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a MachineConfiguration
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
21.2.2. /apis/operator.openshift.io/v1/machineconfigurations/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the MachineConfiguration |
- HTTP method
-
DELETE
- Description
- delete a MachineConfiguration
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified MachineConfiguration
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified MachineConfiguration
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified MachineConfiguration
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
21.2.3. /apis/operator.openshift.io/v1/machineconfigurations/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the MachineConfiguration |
- HTTP method
-
GET
- Description
- read status of the specified MachineConfiguration
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified MachineConfiguration
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified MachineConfiguration
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 22. Network [operator.openshift.io/v1]
- Description
- Network describes the cluster’s desired network configuration. It is consumed by the cluster-network-operator. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
22.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| NetworkSpec is the top-level network configuration object. |
|
| NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object. |
22.1.1. .spec
- Description
- NetworkSpec is the top-level network configuration object.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled. |
|
| AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one "Config" that matches the type. |
|
| clusterNetwork is the IP address pool to use for pod IPs. Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr. |
|
| ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks |
|
| defaultNetwork is the "default" network that all pods will receive |
|
| deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when OpenShift SDN and ovn-kubernetes are used and true otherwise. |
|
| disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled. |
|
| disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks. |
|
| exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector. |
|
| kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn. |
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
|
| migration enables and configures the cluster network migration. The migration procedure allows to change the network type and the MTU. |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth. |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
|
| useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored. |
22.1.2. .spec.additionalNetworks
- Description
- additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.
- Type
-
array
22.1.3. .spec.additionalNetworks[]
- Description
- AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one "Config" that matches the type.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| name is the name of the network. This will be populated in the resulting CRD This must be unique. |
|
| namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace. |
|
| rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD |
|
| SimpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan |
|
| type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan |
22.1.4. .spec.additionalNetworks[].simpleMacvlanConfig
- Description
- SimpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan
- Type
-
object
Property | Type | Description |
---|---|---|
|
| IPAMConfig configures IPAM module will be used for IP Address Management (IPAM). |
|
| master is the host interface to create the macvlan interface from. If not specified, it will be default route interface |
|
| mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge |
|
| mtu is the mtu to use for the macvlan interface. if unset, host’s kernel will select the value. |
22.1.5. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig
- Description
- IPAMConfig configures IPAM module will be used for IP Address Management (IPAM).
- Type
-
object
Property | Type | Description |
---|---|---|
|
| StaticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic |
|
| Type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic |
22.1.6. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig
- Description
- StaticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Addresses configures IP address for the interface |
|
| StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses |
|
| DNS configures DNS for the interface |
|
| Routes configures IP routes for the interface |
|
| StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes |
22.1.7. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.addresses
- Description
- Addresses configures IP address for the interface
- Type
-
array
22.1.8. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.addresses[]
- Description
- StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Address is the IP address in CIDR format |
|
| Gateway is IP inside of subnet to designate as the gateway |
22.1.9. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.dns
- Description
- DNS configures DNS for the interface
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Domain configures the domainname the local domain used for short hostname lookups |
|
| Nameservers points DNS servers for IP lookup |
|
| Search configures priority ordered search domains for short hostname lookups |
22.1.10. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.routes
- Description
- Routes configures IP routes for the interface
- Type
-
array
22.1.11. .spec.additionalNetworks[].simpleMacvlanConfig.ipamConfig.staticIPAMConfig.routes[]
- Description
- StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes
- Type
-
object
Property | Type | Description |
---|---|---|
|
| Destination points the IP route destination |
|
| Gateway is the route’s next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin). |
22.1.12. .spec.clusterNetwork
- Description
- clusterNetwork is the IP address pool to use for pod IPs. Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.
- Type
-
array
22.1.13. .spec.clusterNetwork[]
- Description
- ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
|
22.1.14. .spec.defaultNetwork
- Description
- defaultNetwork is the "default" network that all pods will receive
- Type
-
object
Property | Type | Description |
---|---|---|
|
| openShiftSDNConfig configures the openshift-sdn plugin |
|
| ovnKubernetesConfig configures the ovn-kubernetes plugin. |
|
| type is the type of network All NetworkTypes are supported except for NetworkTypeRaw |
22.1.15. .spec.defaultNetwork.openshiftSDNConfig
- Description
- openShiftSDNConfig configures the openshift-sdn plugin
- Type
-
object
Property | Type | Description |
---|---|---|
|
| enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled. |
|
| mode is one of "Multitenant", "Subnet", or "NetworkPolicy" |
|
| mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine’s uplink. |
|
| useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored. DEPRECATED: non-functional as of 4.6 |
|
| vxlanPort is the port to use for all vxlan packets. The default is 4789. |
22.1.16. .spec.defaultNetwork.ovnKubernetesConfig
- Description
- ovnKubernetesConfig configures the ovn-kubernetes plugin.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| egressIPConfig holds the configuration for EgressIP options. |
|
| gatewayConfig holds the configuration for node gateway options. |
|
| geneve port is the UDP port to be used by geneve encapulation. Default is 6081 |
|
| HybridOverlayConfig configures an additional overlay network for peers that are not using OVN. |
|
| ipsecConfig enables and configures IPsec for pods on the pod network within the cluster. |
|
| ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values. |
|
| ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values. |
|
| mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400 |
|
| policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used. |
|
| v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is 100.64.0.0/16 |
|
| v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/48 |
22.1.17. .spec.defaultNetwork.ovnKubernetesConfig.egressIPConfig
- Description
- egressIPConfig holds the configuration for EgressIP options.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. If the EgressIP node cannot be reached within this timeout, the node is declared down. Setting a large value may cause the EgressIP feature to react slowly to node changes. In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 1 second. A value of 0 disables the EgressIP node’s reachability check. |
22.1.18. .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig
- Description
- gatewayConfig holds the configuration for node gateway options.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to "Global". The supported values are "Restricted" and "Global". |
|
| ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values. |
|
| ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values. |
|
| RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified. |
22.1.19. .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv4
- Description
- ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format |
22.1.20. .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6
- Description
- ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted |
22.1.21. .spec.defaultNetwork.ovnKubernetesConfig.hybridOverlayConfig
- Description
- HybridOverlayConfig configures an additional overlay network for peers that are not using OVN.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| HybridClusterNetwork defines a network space given to nodes on an additional overlay network. |
|
| ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks |
|
| HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789 |
22.1.22. .spec.defaultNetwork.ovnKubernetesConfig.hybridOverlayConfig.hybridClusterNetwork
- Description
- HybridClusterNetwork defines a network space given to nodes on an additional overlay network.
- Type
-
array
22.1.23. .spec.defaultNetwork.ovnKubernetesConfig.hybridOverlayConfig.hybridClusterNetwork[]
- Description
- ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
|
22.1.24. .spec.defaultNetwork.ovnKubernetesConfig.ipsecConfig
- Description
- ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
- Type
-
object
Property | Type | Description |
---|---|---|
|
|
mode defines the behaviour of the ipsec configuration within the platform. Valid values are |
22.1.25. .spec.defaultNetwork.ovnKubernetesConfig.ipv4
- Description
- ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The current default value is 100.64.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format |
|
| internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format |
22.1.26. .spec.defaultNetwork.ovnKubernetesConfig.ipv6
- Description
- ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/48 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted |
|
| internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted |
22.1.27. .spec.defaultNetwork.ovnKubernetesConfig.policyAuditConfig
- Description
- policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - "libc" → to use the libc syslog() function of the host node’s journdald process - "udp:host:port" → for sending syslog over UDP - "unix:file" → for using the UNIX domain socket directly - "null" → to discard all messages logged to syslog The default is "null" |
|
| maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB |
|
| maxLogFiles specifies the maximum number of ACL_audit log files that can be present. |
|
| rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used. |
|
| syslogFacility the RFC5424 facility for generated messages, e.g. "kern". Default is "local0" |
22.1.28. .spec.exportNetworkFlows
- Description
- exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| ipfix defines IPFIX configuration. |
|
| netFlow defines the NetFlow configuration. |
|
| sFlow defines the SFlow configuration. |
22.1.29. .spec.exportNetworkFlows.ipfix
- Description
- ipfix defines IPFIX configuration.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items |
22.1.30. .spec.exportNetworkFlows.netFlow
- Description
- netFlow defines the NetFlow configuration.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items |
22.1.31. .spec.exportNetworkFlows.sFlow
- Description
- sFlow defines the SFlow configuration.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items |
22.1.32. .spec.kubeProxyConfig
- Description
- kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| The address to "bind" on Defaults to 0.0.0.0 |
|
| An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s |
|
| Any additional arguments to pass to the kubeproxy process |
|
| ProxyArgumentList is a list of arguments to pass to the kubeproxy process |
22.1.33. .spec.kubeProxyConfig.proxyArguments
- Description
- Any additional arguments to pass to the kubeproxy process
- Type
-
object
22.1.34. .spec.migration
- Description
- migration enables and configures the cluster network migration. The migration procedure allows to change the network type and the MTU.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| features contains the features migration configuration. Set this to migrate feature configuration when changing the cluster default network provider. if unset, the default operation is to migrate all the configuration of supported features. |
|
| mode indicates the mode of network migration. The supported values are "Live", "Offline" and omitted. A "Live" migration operation will not cause service interruption by migrating the CNI of each node one by one. The cluster network will work as normal during the network migration. An "Offline" migration operation will cause service interruption. During an "Offline" migration, two rounds of node reboots are required. The cluster network will be malfunctioning during the network migration. When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default value is "Offline". |
|
| mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected. |
|
| networkType is the target type of network migration. Set this to the target network type to allow changing the default network. If unset, the operation of changing cluster default network plugin will be rejected. The supported values are OpenShiftSDN, OVNKubernetes |
22.1.35. .spec.migration.features
- Description
- features contains the features migration configuration. Set this to migrate feature configuration when changing the cluster default network provider. if unset, the default operation is to migrate all the configuration of supported features.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| egressFirewall specifies whether or not the Egress Firewall configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and Egress Firewall configure is migrated. |
|
| egressIP specifies whether or not the Egress IP configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and Egress IP configure is migrated. |
|
| multicast specifies whether or not the multicast configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and multicast configure is migrated. |
22.1.36. .spec.migration.mtu
- Description
- mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| machine contains MTU migration configuration for the machine’s uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU. |
|
| network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine’s uplink MTU by the minimum appropriate offset. |
22.1.37. .spec.migration.mtu.machine
- Description
- machine contains MTU migration configuration for the machine’s uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| from is the MTU to migrate from. |
|
| to is the MTU to migrate to. |
22.1.38. .spec.migration.mtu.network
- Description
- network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine’s uplink MTU by the minimum appropriate offset.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| from is the MTU to migrate from. |
|
| to is the MTU to migrate to. |
22.1.39. .status
- Description
- NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
22.1.40. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
22.1.41. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
22.1.42. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
22.1.43. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
22.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/networks
-
DELETE
: delete collection of Network -
GET
: list objects of kind Network -
POST
: create a Network
-
/apis/operator.openshift.io/v1/networks/{name}
-
DELETE
: delete a Network -
GET
: read the specified Network -
PATCH
: partially update the specified Network -
PUT
: replace the specified Network
-
22.2.1. /apis/operator.openshift.io/v1/networks
- HTTP method
-
DELETE
- Description
- delete collection of Network
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Network
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a Network
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
22.2.2. /apis/operator.openshift.io/v1/networks/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Network |
- HTTP method
-
DELETE
- Description
- delete a Network
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Network
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Network
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Network
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 23. OpenShiftAPIServer [operator.openshift.io/v1]
- Description
- OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
23.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec is the specification of the desired behavior of the OpenShift API Server. |
|
| status defines the observed status of the OpenShift API Server. |
23.1.1. .spec
- Description
- spec is the specification of the desired behavior of the OpenShift API Server.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
23.1.2. .status
- Description
- status defines the observed status of the OpenShift API Server.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
23.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
23.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
23.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
23.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
23.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/openshiftapiservers
-
DELETE
: delete collection of OpenShiftAPIServer -
GET
: list objects of kind OpenShiftAPIServer -
POST
: create an OpenShiftAPIServer
-
/apis/operator.openshift.io/v1/openshiftapiservers/{name}
-
DELETE
: delete an OpenShiftAPIServer -
GET
: read the specified OpenShiftAPIServer -
PATCH
: partially update the specified OpenShiftAPIServer -
PUT
: replace the specified OpenShiftAPIServer
-
/apis/operator.openshift.io/v1/openshiftapiservers/{name}/status
-
GET
: read status of the specified OpenShiftAPIServer -
PATCH
: partially update status of the specified OpenShiftAPIServer -
PUT
: replace status of the specified OpenShiftAPIServer
-
23.2.1. /apis/operator.openshift.io/v1/openshiftapiservers
- HTTP method
-
DELETE
- Description
- delete collection of OpenShiftAPIServer
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind OpenShiftAPIServer
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an OpenShiftAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
23.2.2. /apis/operator.openshift.io/v1/openshiftapiservers/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the OpenShiftAPIServer |
- HTTP method
-
DELETE
- Description
- delete an OpenShiftAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified OpenShiftAPIServer
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified OpenShiftAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified OpenShiftAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
23.2.3. /apis/operator.openshift.io/v1/openshiftapiservers/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the OpenShiftAPIServer |
- HTTP method
-
GET
- Description
- read status of the specified OpenShiftAPIServer
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified OpenShiftAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified OpenShiftAPIServer
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 24. OpenShiftControllerManager [operator.openshift.io/v1]
- Description
- OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
24.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| |
|
|
24.1.1. .spec
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
24.1.2. .status
- Description
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
24.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
24.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
24.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
24.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
24.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/openshiftcontrollermanagers
-
DELETE
: delete collection of OpenShiftControllerManager -
GET
: list objects of kind OpenShiftControllerManager -
POST
: create an OpenShiftControllerManager
-
/apis/operator.openshift.io/v1/openshiftcontrollermanagers/{name}
-
DELETE
: delete an OpenShiftControllerManager -
GET
: read the specified OpenShiftControllerManager -
PATCH
: partially update the specified OpenShiftControllerManager -
PUT
: replace the specified OpenShiftControllerManager
-
/apis/operator.openshift.io/v1/openshiftcontrollermanagers/{name}/status
-
GET
: read status of the specified OpenShiftControllerManager -
PATCH
: partially update status of the specified OpenShiftControllerManager -
PUT
: replace status of the specified OpenShiftControllerManager
-
24.2.1. /apis/operator.openshift.io/v1/openshiftcontrollermanagers
- HTTP method
-
DELETE
- Description
- delete collection of OpenShiftControllerManager
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind OpenShiftControllerManager
HTTP code | Reponse body |
---|---|
200 - OK | |
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an OpenShiftControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
24.2.2. /apis/operator.openshift.io/v1/openshiftcontrollermanagers/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the OpenShiftControllerManager |
- HTTP method
-
DELETE
- Description
- delete an OpenShiftControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified OpenShiftControllerManager
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified OpenShiftControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified OpenShiftControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
24.2.3. /apis/operator.openshift.io/v1/openshiftcontrollermanagers/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the OpenShiftControllerManager |
- HTTP method
-
GET
- Description
- read status of the specified OpenShiftControllerManager
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified OpenShiftControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified OpenShiftControllerManager
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 25. OperatorPKI [network.operator.openshift.io/v1]
- Description
OperatorPKI is a simple certificate authority. It is not intended for external use - rather, it is internal to the network operator. The CNO creates a CA and a certificate signed by that CA. The certificate has both ClientAuth and ServerAuth extended usages enabled.
More specifically, given an OperatorPKI with <name>, the CNO will manage:
- A Secret called <name>-ca with two data keys:
- tls.key - the private key
- tls.crt - the CA certificate
- A ConfigMap called <name>-ca with a single data key:
- cabundle.crt - the CA certificate(s)
- A Secret called <name>-cert with two data keys:
- tls.key - the private key
- tls.crt - the certificate, signed by the CA
The CA certificate will have a validity of 10 years, rotated after 9. The target certificate will have a validity of 6 months, rotated after 3
The CA certificate will have a CommonName of "<namespace>_<name>-ca@<timestamp>", where <timestamp> is the last rotation time.
- Type
-
object
- Required
-
spec
-
25.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| OperatorPKISpec is the PKI configuration. |
|
| OperatorPKIStatus is not implemented. |
25.1.1. .spec
- Description
- OperatorPKISpec is the PKI configuration.
- Type
-
object
- Required
-
targetCert
-
Property | Type | Description |
---|---|---|
|
| targetCert configures the certificate signed by the CA. It will have both ClientAuth and ServerAuth enabled |
25.1.2. .spec.targetCert
- Description
- targetCert configures the certificate signed by the CA. It will have both ClientAuth and ServerAuth enabled
- Type
-
object
- Required
-
commonName
-
Property | Type | Description |
---|---|---|
|
| commonName is the value in the certificate’s CN |
25.1.3. .status
- Description
- OperatorPKIStatus is not implemented.
- Type
-
object
25.2. API endpoints
The following API endpoints are available:
/apis/network.operator.openshift.io/v1/operatorpkis
-
GET
: list objects of kind OperatorPKI
-
/apis/network.operator.openshift.io/v1/namespaces/{namespace}/operatorpkis
-
DELETE
: delete collection of OperatorPKI -
GET
: list objects of kind OperatorPKI -
POST
: create an OperatorPKI
-
/apis/network.operator.openshift.io/v1/namespaces/{namespace}/operatorpkis/{name}
-
DELETE
: delete an OperatorPKI -
GET
: read the specified OperatorPKI -
PATCH
: partially update the specified OperatorPKI -
PUT
: replace the specified OperatorPKI
-
25.2.1. /apis/network.operator.openshift.io/v1/operatorpkis
- HTTP method
-
GET
- Description
- list objects of kind OperatorPKI
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
25.2.2. /apis/network.operator.openshift.io/v1/namespaces/{namespace}/operatorpkis
- HTTP method
-
DELETE
- Description
- delete collection of OperatorPKI
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind OperatorPKI
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create an OperatorPKI
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
25.2.3. /apis/network.operator.openshift.io/v1/namespaces/{namespace}/operatorpkis/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the OperatorPKI |
- HTTP method
-
DELETE
- Description
- delete an OperatorPKI
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified OperatorPKI
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified OperatorPKI
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified OperatorPKI
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 26. ServiceCA [operator.openshift.io/v1]
- Description
- ServiceCA provides information to configure an operator to manage the service cert controllers Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
- Required
-
spec
-
26.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec holds user settable values for configuration |
|
| status holds observed values from the cluster. They may not be overridden. |
26.1.1. .spec
- Description
- spec holds user settable values for configuration
- Type
-
object
Property | Type | Description |
---|---|---|
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
26.1.2. .status
- Description
- status holds observed values from the cluster. They may not be overridden.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
26.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
26.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
26.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
26.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
26.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/servicecas
-
DELETE
: delete collection of ServiceCA -
GET
: list objects of kind ServiceCA -
POST
: create a ServiceCA
-
/apis/operator.openshift.io/v1/servicecas/{name}
-
DELETE
: delete a ServiceCA -
GET
: read the specified ServiceCA -
PATCH
: partially update the specified ServiceCA -
PUT
: replace the specified ServiceCA
-
/apis/operator.openshift.io/v1/servicecas/{name}/status
-
GET
: read status of the specified ServiceCA -
PATCH
: partially update status of the specified ServiceCA -
PUT
: replace status of the specified ServiceCA
-
26.2.1. /apis/operator.openshift.io/v1/servicecas
- HTTP method
-
DELETE
- Description
- delete collection of ServiceCA
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind ServiceCA
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a ServiceCA
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
26.2.2. /apis/operator.openshift.io/v1/servicecas/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the ServiceCA |
- HTTP method
-
DELETE
- Description
- delete a ServiceCA
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified ServiceCA
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified ServiceCA
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified ServiceCA
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
26.2.3. /apis/operator.openshift.io/v1/servicecas/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the ServiceCA |
- HTTP method
-
GET
- Description
- read status of the specified ServiceCA
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified ServiceCA
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified ServiceCA
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Chapter 27. Storage [operator.openshift.io/v1]
- Description
-
Storage provides a means to configure an operator to manage the cluster storage operator.
cluster
is the canonical name. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - Type
-
object
- Required
-
spec
-
27.1. Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| spec holds user settable values for configuration |
|
| status holds observed values from the cluster. They may not be overridden. |
27.1.1. .spec
- Description
- spec holds user settable values for configuration
- Type
-
object
Property | Type | Description |
---|---|---|
|
| logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
|
| managementState indicates whether and how the operator should manage the component |
| `` | observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator |
|
| operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal". |
| `` | unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. |
|
| VSphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is CSIWithMigrationDriver and may not be changed. DEPRECATED: This field will be removed in a future release. |
27.1.2. .status
- Description
- status holds observed values from the cluster. They may not be overridden.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| conditions is a list of conditions and their status |
|
| OperatorCondition is just the standard condition fields. |
|
| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. |
|
| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. |
|
| observedGeneration is the last generation change you’ve dealt with |
|
| readyReplicas indicates how many replicas are ready and at the desired state |
|
| version is the level this availability applies to |
27.1.3. .status.conditions
- Description
- conditions is a list of conditions and their status
- Type
-
array
27.1.4. .status.conditions[]
- Description
- OperatorCondition is just the standard condition fields.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
|
27.1.5. .status.generations
- Description
- generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
- Type
-
array
27.1.6. .status.generations[]
- Description
- GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
- Type
-
object
Property | Type | Description |
---|---|---|
|
| group is the group of the thing you’re tracking |
|
| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps |
|
| lastGeneration is the last generation of the workload controller involved |
|
| name is the name of the thing you’re tracking |
|
| namespace is where the thing you’re tracking is |
|
| resource is the resource type of the thing you’re tracking |
27.2. API endpoints
The following API endpoints are available:
/apis/operator.openshift.io/v1/storages
-
DELETE
: delete collection of Storage -
GET
: list objects of kind Storage -
POST
: create a Storage
-
/apis/operator.openshift.io/v1/storages/{name}
-
DELETE
: delete a Storage -
GET
: read the specified Storage -
PATCH
: partially update the specified Storage -
PUT
: replace the specified Storage
-
/apis/operator.openshift.io/v1/storages/{name}/status
-
GET
: read status of the specified Storage -
PATCH
: partially update status of the specified Storage -
PUT
: replace status of the specified Storage
-
27.2.1. /apis/operator.openshift.io/v1/storages
- HTTP method
-
DELETE
- Description
- delete collection of Storage
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- list objects of kind Storage
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
POST
- Description
- create a Storage
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
27.2.2. /apis/operator.openshift.io/v1/storages/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the Storage |
- HTTP method
-
DELETE
- Description
- delete a Storage
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK |
|
202 - Accepted |
|
401 - Unauthorized | Empty |
- HTTP method
-
GET
- Description
- read the specified Storage
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update the specified Storage
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace the specified Storage
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
27.2.3. /apis/operator.openshift.io/v1/storages/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the Storage |
- HTTP method
-
GET
- Description
- read status of the specified Storage
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PATCH
- Description
- partially update status of the specified Storage
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK |
|
401 - Unauthorized | Empty |
- HTTP method
-
PUT
- Description
- replace status of the specified Storage
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
|
|
HTTP code | Reponse body |
---|---|
200 - OK |
|
201 - Created |
|
401 - Unauthorized | Empty |
Legal Notice
Copyright © 2024 Red Hat, Inc.
OpenShift documentation is licensed under the Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0).
Modified versions must remove all Red Hat trademarks.
Portions adapted from https://github.com/kubernetes-incubator/service-catalog/ with modifications by Red Hat.
Red Hat, Red Hat Enterprise Linux, the Red Hat logo, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.