Chapter 5. Console [operator.openshift.io/v1]

customization

object

customization is used to optionally provide a small set of customization options to the web console.

ingress

object

ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.

logLevel

string

logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

managementState

string

managementState indicates whether and how the operator should manage the component

observedConfig

``

observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator

operatorLogLevel

string

operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".

plugins

array (string)

plugins defines a list of enabled console plugin names.

providers

object

providers contains configuration for using specific service providers.

route

object

route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED

unsupportedConfigOverrides

``

unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.

addPage

object

addPage allows customizing actions on the Add page in developer perspective.

brand

string

brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.

capabilities

array

capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton. Each of the available capabilities may appear only once in the list.

capabilities[]

object

Capabilities contains set of UI capabilities and their state in the console UI.

customLogoFile

object

customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred

customProductName

string

customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.

developerCatalog

object

developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).

documentationBaseURL

string

documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.

perspectives

array

perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.

perspectives[]

object

Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown

projectAccess

object

projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.

quickStarts

object

quickStarts allows customization of available ConsoleQuickStart resources in console.

disabledActions

array (string)

disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.

name

string

name is the unique name of a capability. Available capabilities are LightspeedButton.

visibility

object

visibility defines the visibility state of the capability.

state

string

state defines if the capability is enabled or disabled in the console UI. Enabling the capability in the console UI is represented by the "Enabled" value. Disabling the capability in the console UI is represented by the "Disabled" value.

key

string

Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.

name

string

categories

array

categories which are shown in the developer catalog.

categories[]

object

DeveloperConsoleCatalogCategory for the developer console catalog.

types

object

types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.

id

string

ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.

label

string

label defines a category display label. It is required and must have 1-64 characters.

subcategories

array

subcategories defines a list of child categories.

subcategories[]

object

DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.

tags

array (string)

tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.

id

string

ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.

label

string

label defines a category display label. It is required and must have 1-64 characters.

tags

array (string)

tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.

disabled

array (string)

disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.

enabled

array (string)

enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown.

state

string

state defines if a list of catalog types should be enabled or disabled.

id

string

id defines the id of the perspective. Example: "dev", "admin". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.

pinnedResources

array

pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via kubectl api-resources. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.

pinnedResources[]

object

PinnedResourceReference includes the group, version and type of resource

visibility

object

visibility defines the state of perspective along with access review checks if needed for that perspective.

group

string

group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: "", "apps", "build.openshift.io", etc.

resource

string

resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: "deployments", "deploymentconfigs", "pods", etc.

version

string

version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: "v1", "v1beta1", etc.

accessReview

object

accessReview defines required and missing access review checks.

state

string

state defines the perspective is enabled or disabled or access review check is required.

missing

array

missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.

missing[]

object

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

required

array

required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.

required[]

object

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

group

string

Group is the API Group of the Resource. "*" means all.

name

string

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

resource

string

Resource is one of the existing resource types. "*" means all.

subresource

string

Subresource is one of the existing resource types. "" means none.

verb

string

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

version

string

Version is the API Version of the Resource. "*" means all.

group

string

Group is the API Group of the Resource. "*" means all.

name

string

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

resource

string

Resource is one of the existing resource types. "*" means all.

subresource

string

Subresource is one of the existing resource types. "" means none.

verb

string

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

version

string

Version is the API Version of the Resource. "*" means all.

availableClusterRoles

array (string)

availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab.

disabled

array (string)

disabled is a list of ConsoleQuickStart resource names that are not shown to users.

clientDownloadsURL

string

clientDownloadsURL is a URL to be used as the address to download client binaries. If not specified, the downloads route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. The console operator will monitor the URL and may go degraded if it’s unreachable for an extended period. Must use the HTTPS scheme.

consoleURL

string

consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it’s unreachable for an extended period. Must use the HTTPS scheme.

statuspage

object

statuspage contains ID for statuspage.io page that provides status info about.

pageID

string

pageID is the unique ID assigned by Statuspage for your page. This must be a public page.

hostname

string

hostname is the desired custom domain under which console will be available.

secret

object

secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - "tls.crt" - to specifies custom certificate - "tls.key" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.

name

string

name is the metadata.name of the referenced secret

conditions

array

conditions is a list of conditions and their status

conditions[]

object

OperatorCondition is just the standard condition fields.

generations

array

generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.

generations[]

object

GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.

observedGeneration

integer

observedGeneration is the last generation change you’ve dealt with

readyReplicas

integer

readyReplicas indicates how many replicas are ready and at the desired state

version

string

version is the level this availability applies to

lastTransitionTime

string

message

string

reason

string

status

string

type

string

group

string

group is the group of the thing you’re tracking

hash

string

hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps

lastGeneration

integer

lastGeneration is the last generation of the workload controller involved

name

string

name is the name of the thing you’re tracking

namespace

string

namespace is where the thing you’re tracking is

resource

string

resource is the resource type of the thing you’re tracking

200 - OK

Status schema

401 - Unauthorized

Empty

200 - OK

ConsoleList schema

401 - Unauthorized

Empty

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

body

Console schema

200 - OK

Console schema

201 - Created

Console schema

202 - Accepted

Console schema

401 - Unauthorized

Empty

name

string

name of the Console

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

200 - OK

Status schema

202 - Accepted

Status schema

401 - Unauthorized

Empty

200 - OK

Console schema

401 - Unauthorized

Empty

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

200 - OK

Console schema

401 - Unauthorized

Empty

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

body

Console schema

200 - OK

Console schema

201 - Created

Console schema

401 - Unauthorized

Empty

name

string

name of the Console

200 - OK

Console schema

401 - Unauthorized

Empty

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

200 - OK

Console schema

401 - Unauthorized

Empty

dryRun

string

When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed

fieldValidation

string

fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.

body

Console schema

200 - OK

Console schema

201 - Created

Console schema

401 - Unauthorized

Empty