diff --git a/config/v1/tests/networks.config.openshift.io/NetworkDiagnosticsConfig.yaml b/config/v1/tests/networks.config.openshift.io/NetworkDiagnosticsConfig.yaml index 875c1780edb..0b472d82365 100644 --- a/config/v1/tests/networks.config.openshift.io/NetworkDiagnosticsConfig.yaml +++ b/config/v1/tests/networks.config.openshift.io/NetworkDiagnosticsConfig.yaml @@ -1,8 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "Network" crdName: networks.config.openshift.io -featureGates: -- NetworkDiagnosticsConfig tests: onCreate: - name: Should be able to set network diagnostics sourcePlacement and targetPlacement when mode is not set diff --git a/config/v1/tests/networks.config.openshift.io/NetworkLiveMigration.yaml b/config/v1/tests/networks.config.openshift.io/NetworkLiveMigration.yaml index 0db221c8c2a..35f89a0c5bd 100644 --- a/config/v1/tests/networks.config.openshift.io/NetworkLiveMigration.yaml +++ b/config/v1/tests/networks.config.openshift.io/NetworkLiveMigration.yaml @@ -1,8 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "Network" crdName: networks.config.openshift.io -featureGates: -- NetworkLiveMigration tests: onCreate: - name: Should be able to set status conditions diff --git a/config/v1/types_network.go b/config/v1/types_network.go index c0d1602b376..fb8ed2fff74 100644 --- a/config/v1/types_network.go +++ b/config/v1/types_network.go @@ -41,7 +41,7 @@ type Network struct { // As a general rule, this SHOULD NOT be read directly. Instead, you should // consume the NetworkStatus, as it indicates the currently deployed configuration. // Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. -// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkDiagnosticsConfig,rule="!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || self.networkDiagnostics.mode!='Disabled' || !has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)",message="cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled" +// +kubebuilder:validation:XValidation:rule="!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || self.networkDiagnostics.mode!='Disabled' || !has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)",message="cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled" type NetworkSpec struct { // IP address pool to use for pod IPs. // This field is immutable after installation. @@ -85,7 +85,6 @@ type NetworkSpec struct { // the network diagnostics feature will be disabled. // // +optional - // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig NetworkDiagnostics NetworkDiagnostics `json:"networkDiagnostics"` } @@ -119,7 +118,6 @@ type NetworkStatus struct { // +optional // +listType=map // +listMapKey=type - // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig Conditions []metav1.Condition `json:"conditions,omitempty"` } diff --git a/config/v1/zz_generated.featuregated-crd-manifests.yaml b/config/v1/zz_generated.featuregated-crd-manifests.yaml index 576fd510c61..8c307f25a49 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -443,8 +443,7 @@ networks.config.openshift.io: CRDName: networks.config.openshift.io Capability: "" Category: "" - FeatureGates: - - NetworkDiagnosticsConfig + FeatureGates: [] FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/config/v1/zz_generated.featuregated-crd-manifests/networks.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/networks.config.openshift.io/AAA_ungated.yaml index 71c357e3a45..72377bfc0e3 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/networks.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/networks.config.openshift.io/AAA_ungated.yaml @@ -113,6 +113,152 @@ spec: x-kubernetes-list-type: atomic type: object type: object + networkDiagnostics: + description: |- + networkDiagnostics defines network diagnostics configuration. + + Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. + If networkDiagnostics is not specified or is empty, + and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, + the network diagnostics feature will be disabled. + properties: + mode: + description: |- + mode controls the network diagnostics mode + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is All. + enum: + - "" + - All + - Disabled + type: string + sourcePlacement: + description: |- + sourcePlacement controls the scheduling of network diagnostics source deployment + + See NetworkDiagnosticsSourcePlacement for more details about default values. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to network diagnostics components + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is `kubernetes.io/os: linux`. + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to network diagnostics components + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is an empty list. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + targetPlacement: + description: |- + targetPlacement controls the scheduling of network diagnostics target daemonset + + See NetworkDiagnosticsTargetPlacement for more details about default values. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to network diagnostics components + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is `kubernetes.io/os: linux`. + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to network diagnostics components + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is `- operator: "Exists"` which means that all taints are tolerated. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object networkType: description: |- networkType is the plugin that is to be deployed (e.g. OVNKubernetes). @@ -142,6 +288,12 @@ spec: pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ type: string type: object + x-kubernetes-validations: + - message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement + when networkDiagnostics.mode is Disabled + rule: '!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) + || self.networkDiagnostics.mode!=''Disabled'' || !has(self.networkDiagnostics.sourcePlacement) + && !has(self.networkDiagnostics.targetPlacement)' status: description: status holds observed values from the cluster. They may not be overridden. @@ -169,6 +321,68 @@ spec: clusterNetworkMTU: description: clusterNetworkMTU is the MTU for inter-pod networking. type: integer + conditions: + description: |- + conditions represents the observations of a network.config current state. + Known .status.conditions.type are: "NetworkDiagnosticsAvailable" + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map migration: description: migration contains the cluster network migration configuration. properties: diff --git a/config/v1/zz_generated.featuregated-crd-manifests/networks.config.openshift.io/NetworkDiagnosticsConfig.yaml b/config/v1/zz_generated.featuregated-crd-manifests/networks.config.openshift.io/NetworkDiagnosticsConfig.yaml deleted file mode 100644 index 1ab7c96d5fd..00000000000 --- a/config/v1/zz_generated.featuregated-crd-manifests/networks.config.openshift.io/NetworkDiagnosticsConfig.yaml +++ /dev/null @@ -1,446 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/filename-cvo-runlevel: "0000_10" - api.openshift.io/filename-operator: config-operator - api.openshift.io/filename-ordering: "01" - feature-gate.release.openshift.io/NetworkDiagnosticsConfig: "true" - release.openshift.io/bootstrap-required: "true" - name: networks.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. - Please view network.spec for an explanation on what applies when configuring this resource. - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - spec holds user settable values for configuration. - As a general rule, this SHOULD NOT be read directly. Instead, you should - consume the NetworkStatus, as it indicates the currently deployed configuration. - Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. - properties: - clusterNetwork: - description: |- - IP address pool to use for pod IPs. - This field is immutable after installation. - items: - description: |- - ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs - are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: |- - The size (prefix) of block to allocate to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - externalIP: - description: |- - externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is - not allowed to be set. - properties: - autoAssignCIDRs: - description: |- - autoAssignCIDRs is a list of CIDRs from which to automatically assign - Service.ExternalIP. These are assigned when the service is of type - LoadBalancer. In general, this is only useful for bare-metal clusters. - In Openshift 3.x, this was misleadingly called "IngressIPs". - Automatically assigned External IPs are not affected by any - ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - x-kubernetes-list-type: atomic - policy: - description: |- - policy is a set of restrictions applied to the ExternalIP field. - If nil or empty, then ExternalIP is not allowed to be set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - rejectedCIDRs: - description: |- - rejectedCIDRs is the list of disallowed CIDRs. These take precedence - over allowedCIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkDiagnostics: - description: |- - networkDiagnostics defines network diagnostics configuration. - - Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. - If networkDiagnostics is not specified or is empty, - and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, - the network diagnostics feature will be disabled. - properties: - mode: - description: |- - mode controls the network diagnostics mode - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is All. - enum: - - "" - - All - - Disabled - type: string - sourcePlacement: - description: |- - sourcePlacement controls the scheduling of network diagnostics source deployment - - See NetworkDiagnosticsSourcePlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is an empty list. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - targetPlacement: - description: |- - targetPlacement controls the scheduling of network diagnostics target daemonset - - See NetworkDiagnosticsTargetPlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `- operator: "Exists"` which means that all taints are tolerated. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkType: - description: |- - networkType is the plugin that is to be deployed (e.g. OVNKubernetes). - This should match a value that the cluster-network-operator understands, - or else no networking will be installed. - Currently supported values are: - - OVNKubernetes - This field is immutable after installation. - type: string - serviceNetwork: - description: |- - IP address pool for services. - Currently, we only support a single entry here. - This field is immutable after installation. - items: - type: string - type: array - x-kubernetes-list-type: atomic - serviceNodePortRange: - description: |- - The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. - Such Services without a NodePort specified will have one - automatically allocated from this range. - This parameter can be updated after the cluster is - installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - x-kubernetes-validations: - - message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement - when networkDiagnostics.mode is Disabled - rule: '!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) - || self.networkDiagnostics.mode!=''Disabled'' || !has(self.networkDiagnostics.sourcePlacement) - && !has(self.networkDiagnostics.targetPlacement)' - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. - items: - description: |- - ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs - are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: |- - The size (prefix) of block to allocate to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - clusterNetworkMTU: - description: clusterNetworkMTU is the MTU for inter-pod networking. - type: integer - conditions: - description: |- - conditions represents the observations of a network.config current state. - Known .status.conditions.type are: "NetworkDiagnosticsAvailable" - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - migration: - description: migration contains the cluster network migration configuration. - properties: - mtu: - description: mtu is the MTU configuration that is being deployed. - properties: - machine: - description: machine contains MTU migration configuration - for the machine's uplink. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: network contains MTU migration configuration - for the default network. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: |- - networkType is the target plugin that is being deployed. - DEPRECATED: network type migration is no longer supported, - so this should always be unset. - type: string - type: object - networkType: - description: networkType is the plugin that is deployed (e.g. OVNKubernetes). - type: string - serviceNetwork: - description: |- - IP address pool for services. - Currently, we only support a single entry here. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/features.md b/features.md index afa64782571..4e39304b5d7 100644 --- a/features.md +++ b/features.md @@ -79,8 +79,6 @@ | VSphereHostVMGroupZonal| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | -| AdditionalRoutingCapabilities| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | CPMSMachineNamePrefix| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -100,14 +98,9 @@ | ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| NetworkSegmentation| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| PreconfiguredUDNAddresses| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ProcMountType| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| RouteAdvertisements| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/features/features.go b/features/features.go index 187edb0e164..9c9bb8713e5 100644 --- a/features/features.go +++ b/features/features.go @@ -163,22 +163,6 @@ var ( enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGateAdminNetworkPolicy = newFeatureGate("AdminNetworkPolicy"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("tssurya"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateNetworkSegmentation = newFeatureGate("NetworkSegmentation"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("tssurya"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1623"). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateNetworkConnect = newFeatureGate("NetworkConnect"). reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("tssurya"). @@ -187,22 +171,6 @@ var ( enableIn(configv1.DevPreviewNoUpgrade). mustRegister() - FeatureGateAdditionalRoutingCapabilities = newFeatureGate("AdditionalRoutingCapabilities"). - reportProblemsToJiraComponent("Networking/cluster-network-operator"). - contactPerson("jcaamano"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateRouteAdvertisements = newFeatureGate("RouteAdvertisements"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("jcaamano"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateEVPN = newFeatureGate("EVPN"). reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("jcaamano"). @@ -211,22 +179,6 @@ var ( enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGateNetworkLiveMigration = newFeatureGate("NetworkLiveMigration"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("pliu"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateNetworkDiagnosticsConfig = newFeatureGate("NetworkDiagnosticsConfig"). - reportProblemsToJiraComponent("Networking/cluster-network-operator"). - contactPerson("kyrtapz"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateOVNObservability = newFeatureGate("OVNObservability"). reportProblemsToJiraComponent("Networking"). contactPerson("npinaeva"). @@ -799,14 +751,6 @@ var ( enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGatePreconfiguredUDNAddresses = newFeatureGate("PreconfiguredUDNAddresses"). - reportProblemsToJiraComponent("Networking/ovn-kubernetes"). - contactPerson("kyrtapz"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1793"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). - mustRegister() - FeatureGateAWSServiceLBNetworkSecurityGroup = newFeatureGate("AWSServiceLBNetworkSecurityGroup"). reportProblemsToJiraComponent("Cloud Compute / Cloud Controller Manager"). contactPerson("mtulio"). diff --git a/features/legacyfeaturegates.go b/features/legacyfeaturegates.go index dd11fdf6632..a92c0b9bb90 100644 --- a/features/legacyfeaturegates.go +++ b/features/legacyfeaturegates.go @@ -7,10 +7,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "AWSEFSDriverVolumeMetrics", // never add to this list, if you think you have an exception ask @deads2k - "AdditionalRoutingCapabilities", - // never add to this list, if you think you have an exception ask @deads2k - "AdminNetworkPolicy", - // never add to this list, if you think you have an exception ask @deads2k "AlibabaPlatform", // never add to this list, if you think you have an exception ask @deads2k "AutomatedEtcdBackup", @@ -79,12 +75,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "MultiArchInstallGCP", // never add to this list, if you think you have an exception ask @deads2k - "NetworkDiagnosticsConfig", - // never add to this list, if you think you have an exception ask @deads2k - "NetworkLiveMigration", - // never add to this list, if you think you have an exception ask @deads2k - "NetworkSegmentation", - // never add to this list, if you think you have an exception ask @deads2k "NewOLM", // never add to this list, if you think you have an exception ask @deads2k "OVNObservability", @@ -95,8 +85,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "PrivateHostedZoneAWS", // never add to this list, if you think you have an exception ask @deads2k - "RouteAdvertisements", - // never add to this list, if you think you have an exception ask @deads2k "RouteExternalCertificate", // never add to this list, if you think you have an exception ask @deads2k "SetEIPForNLBIngressController", diff --git a/operator/v1/tests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml b/operator/v1/tests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml index 9028fe4a823..078a4fa56a1 100644 --- a/operator/v1/tests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml +++ b/operator/v1/tests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml @@ -1,8 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "Network" crdName: networks.operator.openshift.io -featureGates: -- AdditionalRoutingCapabilities tests: onCreate: - name: Should be able to create a minimal Network diff --git a/operator/v1/tests/networks.operator.openshift.io/NetworkLiveMigration.yaml b/operator/v1/tests/networks.operator.openshift.io/NetworkLiveMigration.yaml index d44e91b095b..10e6db45409 100644 --- a/operator/v1/tests/networks.operator.openshift.io/NetworkLiveMigration.yaml +++ b/operator/v1/tests/networks.operator.openshift.io/NetworkLiveMigration.yaml @@ -1,8 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "Network" crdName: networks.operator.openshift.io -featureGates: -- NetworkLiveMigration tests: onCreate: - name: Should be able to create migration mode diff --git a/operator/v1/tests/networks.operator.openshift.io/RouteAdvertisements.yaml b/operator/v1/tests/networks.operator.openshift.io/RouteAdvertisements.yaml index 0b06c6a5f90..1e781676049 100644 --- a/operator/v1/tests/networks.operator.openshift.io/RouteAdvertisements.yaml +++ b/operator/v1/tests/networks.operator.openshift.io/RouteAdvertisements.yaml @@ -1,8 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "Network" crdName: networks.operator.openshift.io -featureGates: -- RouteAdvertisements tests: onCreate: - name: Should be able to create a minimal Network diff --git a/operator/v1/types_network.go b/operator/v1/types_network.go index 111240eecff..1cf56f549bf 100644 --- a/operator/v1/types_network.go +++ b/operator/v1/types_network.go @@ -54,7 +54,7 @@ type NetworkList struct { // NetworkSpec is the top-level network configuration object. // +kubebuilder:validation:XValidation:rule="!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Restricted' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Global'",message="invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=RouteAdvertisements,rule="(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'",message="Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available" +// +kubebuilder:validation:XValidation:rule="(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'",message="Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available" type NetworkSpec struct { OperatorSpec `json:",inline"` @@ -136,7 +136,6 @@ type NetworkSpec struct { // capabilities acquired through the enablement of these components but may // require specific configuration on their side to do so; refer to their // respective documentation and configuration options. - // +openshift:enable:FeatureGate=AdditionalRoutingCapabilities // +optional AdditionalRoutingCapabilities *AdditionalRoutingCapabilities `json:"additionalRoutingCapabilities,omitempty"` } @@ -157,7 +156,7 @@ const ( ) // NetworkMigration represents the cluster network migration configuration. -// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkLiveMigration,rule="!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" +// +kubebuilder:validation:XValidation:rule="!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" type NetworkMigration struct { // mtu contains the MTU migration configuration. Set this to allow changing // the MTU values for the default network. If unset, the operation of @@ -465,7 +464,6 @@ type OVNKubernetesConfig struct { // means the user has no opinion and the platform is left to choose // reasonable defaults. These defaults are subject to change over time. The // current default is "Disabled". - // +openshift:enable:FeatureGate=RouteAdvertisements // +optional RouteAdvertisements RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` } diff --git a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml index 7a41655bd17..60459deca78 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml @@ -914,13 +914,6 @@ spec: type: boolean type: object x-kubernetes-validations: - - message: Route advertisements cannot be Enabled if 'FRR' routing capability - provider is not available - rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) - || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) - || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) - || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != - 'Enabled' - message: invalid value for IPForwarding, valid values are 'Restricted' or 'Global' rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) @@ -931,6 +924,13 @@ spec: || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == ''Global''' + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' status: description: |- NetworkStatus is detailed operator status, which is distilled diff --git a/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/operator/v1/zz_generated.featuregated-crd-manifests.yaml index e7c94e28694..51a758804d6 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -327,10 +327,7 @@ networks.operator.openshift.io: CRDName: networks.operator.openshift.io Capability: "" Category: "" - FeatureGates: - - AdditionalRoutingCapabilities - - NetworkLiveMigration - - RouteAdvertisements + FeatureGates: [] FilenameOperatorName: network FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_70" diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml index 2f5039afaeb..810ab50190c 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml @@ -178,6 +178,39 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object clusterNetwork: description: |- clusterNetwork is the IP address pool to use for pod IPs. @@ -569,6 +602,22 @@ spec: messages, e.g. "kern". Default is "local0" type: string type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string v4InternalSubnet: description: |- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the @@ -807,6 +856,11 @@ spec: the configuration. type: string type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' observedConfig: description: |- observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because @@ -871,6 +925,13 @@ spec: || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == ''Global''' + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' status: description: |- NetworkStatus is detailed operator status, which is distilled diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml deleted file mode 100644 index 928fbb797d8..00000000000 --- a/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml +++ /dev/null @@ -1,1017 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/filename-cvo-runlevel: "0000_70" - api.openshift.io/filename-operator: network - api.openshift.io/filename-ordering: "01" - feature-gate.release.openshift.io/AdditionalRoutingCapabilities: "true" - name: networks.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Network describes the cluster's desired network configuration. It is - consumed by the cluster-network-operator. - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - properties: - additionalNetworks: - description: |- - additionalNetworks is a list of extra networks to make available to pods - when multiple networks are enabled. - items: - description: |- - AdditionalNetworkDefinition configures an extra network that is available but not - created by default. Instead, pods must request them by name. - type must be specified, along with exactly one "Config" that matches the type. - properties: - name: - description: |- - name is the name of the network. This will be populated in the resulting CRD - This must be unique. - type: string - namespace: - description: |- - namespace is the namespace of the network. This will be populated in the resulting CRD - If not given the network will be created in the default namespace. - type: string - rawCNIConfig: - description: |- - rawCNIConfig is the raw CNI configuration json to create in the - NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: simpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan - properties: - ipamConfig: - description: ipamConfig configures IPAM module will be used - for IP Address Management (IPAM). - properties: - staticIPAMConfig: - description: staticIPAMConfig configures the static - IP address in case of type:IPAMTypeStatic - properties: - addresses: - description: addresses configures IP address for - the interface - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - properties: - address: - description: address is the IP address in - CIDR format - type: string - gateway: - description: gateway is IP inside of subnet - to designate as the gateway - type: string - type: object - type: array - x-kubernetes-list-type: atomic - dns: - description: dns configures DNS for the interface - properties: - domain: - description: domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: nameservers points DNS servers - for IP lookup - items: - type: string - type: array - x-kubernetes-list-type: atomic - search: - description: search configures priority ordered - search domains for short hostname lookups - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - routes: - description: routes configures IP routes for the - interface - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - properties: - destination: - description: destination points the IP route - destination - type: string - gateway: - description: |- - gateway is the route's next-hop IP address - If unset, a default gateway is assumed (as determined by the CNI plugin). - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: - description: |- - type is the type of IPAM module will be used for IP Address Management(IPAM). - The supported values are IPAMTypeDHCP, IPAMTypeStatic - type: string - type: object - master: - description: |- - master is the host interface to create the macvlan interface from. - If not specified, it will be default route interface - type: string - mode: - description: 'mode is the macvlan mode: bridge, private, - vepa, passthru. The default is bridge' - type: string - mtu: - description: |- - mtu is the mtu to use for the macvlan interface. if unset, host's - kernel will select the value. - format: int32 - minimum: 0 - type: integer - type: object - type: - description: |- - type is the type of network - The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - additionalRoutingCapabilities: - description: |- - additionalRoutingCapabilities describes components and relevant - configuration providing additional routing capabilities. When set, it - enables such components and the usage of the routing capabilities they - provide for the machine network. Upstream operators, like MetalLB - operator, requiring these capabilities may rely on, or automatically set - this attribute. Network plugins may leverage advanced routing - capabilities acquired through the enablement of these components but may - require specific configuration on their side to do so; refer to their - respective documentation and configuration options. - properties: - providers: - description: |- - providers is a set of enabled components that provide additional routing - capabilities. Entries on this list must be unique. The only valid value - is currrently "FRR" which provides FRR routing capabilities through the - deployment of FRR. - items: - description: RoutingCapabilitiesProvider is a component providing - routing capabilities. - enum: - - FRR - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - rule: self.all(x, self.exists_one(y, x == y)) - required: - - providers - type: object - clusterNetwork: - description: |- - clusterNetwork is the IP address pool to use for pod IPs. - Some network providers support multiple ClusterNetworks. - Others only support one. This is equivalent to the cluster-cidr. - items: - description: |- - ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size - HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If - the HostPrefix field is not used by the plugin, it can be left unset. - Not all network providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - defaultNetwork: - description: defaultNetwork is the "default" network that all pods - will receive - properties: - openshiftSDNConfig: - description: |- - openshiftSDNConfig was previously used to configure the openshift-sdn plugin. - DEPRECATED: OpenShift SDN is no longer supported. - properties: - enableUnidling: - description: |- - enableUnidling controls whether or not the service proxy will support idling - and unidling of services. By default, unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: |- - mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. - This must be 50 bytes smaller than the machine's uplink. - format: int32 - minimum: 0 - type: integer - useExternalOpenvswitch: - description: |- - useExternalOpenvswitch used to control whether the operator would deploy an OVS - DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always - run as a system service, and this flag is ignored. - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - format: int32 - minimum: 0 - type: integer - type: object - ovnKubernetesConfig: - description: ovnKubernetesConfig configures the ovn-kubernetes - plugin. - properties: - egressIPConfig: - description: egressIPConfig holds the configuration for EgressIP - options. - properties: - reachabilityTotalTimeoutSeconds: - description: |- - reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. - If the EgressIP node cannot be reached within this timeout, the node is declared down. - Setting a large value may cause the EgressIP feature to react slowly to node changes. - In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. - When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The current default is 1 second. - A value of 0 disables the EgressIP node's reachability check. - format: int32 - maximum: 60 - minimum: 0 - type: integer - type: object - gatewayConfig: - description: gatewayConfig holds the configuration for node - gateway options. - properties: - ipForwarding: - description: |- - ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). - By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other - IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across - OVN-Kubernetes managed interfaces, then set this field to "Global". - The supported values are "Restricted" and "Global". - type: string - ipv4: - description: |- - ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default - configuration is used. Check individual members fields within ipv4 for details of default values. - properties: - internalMasqueradeSubnet: - description: |- - internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by - ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge interface. The values can be changed after - installation. The subnet chosen should not overlap with other networks specified for - OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must - be large enough to accommodate 6 IPs (maximum prefix length /29). - When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. - The current default subnet is 169.254.0.0/17 - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == - 4 - - message: subnet must be in the range /0 to /29 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() - <= 29 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > - 0 - type: object - ipv6: - description: |- - ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default - configuration is used. Check individual members fields within ipv6 for details of default values. - properties: - internalMasqueradeSubnet: - description: |- - internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by - ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge interface. The values can be changed after - installation. The subnet chosen should not overlap with other networks specified for - OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must - be large enough to accommodate 6 IPs (maximum prefix length /125). - When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. - The current default subnet is fd69::/112 - Note that IPV6 dual addresses are not permitted - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == - 6 - - message: subnet must be in the range /0 to /125 - inclusive - rule: isCIDR(self) && cidr(self).prefixLength() - <= 125 - type: object - routingViaHost: - default: false - description: |- - routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port - into the host before sending it out. If this is not set, traffic will always egress directly - from OVN to outside without touching the host stack. Setting this to true means hardware - offload will not be supported. Default is false if GatewayConfig is specified. - type: boolean - type: object - genevePort: - description: |- - geneve port is the UDP port to be used by geneve encapulation. - Default is 6081 - format: int32 - minimum: 1 - type: integer - hybridOverlayConfig: - description: |- - hybridOverlayConfig configures an additional overlay network for peers that are - not using OVN. - properties: - hybridClusterNetwork: - description: hybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - items: - description: |- - ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size - HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If - the HostPrefix field is not used by the plugin, it can be left unset. - Not all network providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - hybridOverlayVXLANPort: - description: |- - hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. - Default is 4789 - format: int32 - type: integer - type: object - ipsecConfig: - default: - mode: Disabled - description: |- - ipsecConfig enables and configures IPsec for pods on the pod network within the - cluster. - properties: - full: - description: |- - full defines configuration parameters for the IPsec `Full` mode. - This is permitted only when mode is configured with `Full`, - and forbidden otherwise. - minProperties: 1 - properties: - encapsulation: - description: |- - encapsulation option to configure libreswan on how inter-pod traffic across nodes - are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 - for the encapsulation. - Valid values are Always, Auto and omitted. - Always means enable UDP encapsulation regardless of whether NAT is detected. - Auto means enable UDP encapsulation based on the detection of NAT. - When omitted, this means no opinion and the platform is left to choose a reasonable - default, which is subject to change over time. The current default is Auto. - enum: - - Always - - Auto - type: string - type: object - mode: - description: |- - mode defines the behaviour of the ipsec configuration within the platform. - Valid values are `Disabled`, `External` and `Full`. - When 'Disabled', ipsec will not be enabled at the node level. - When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. - This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. - When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. - Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), - this is left to the user to configure. - enum: - - Disabled - - External - - Full - type: string - type: object - x-kubernetes-validations: - - message: ipsecConfig.mode is required - rule: self == oldSelf || has(self.mode) - - message: full is forbidden when mode is not Full - rule: 'has(self.mode) && self.mode == ''Full'' ? true : - !has(self.full)' - ipv4: - description: |- - ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, - this means no opinions and the default configuration is used. Check individual - fields within ipv4 for details of default values. - properties: - internalJoinSubnet: - description: |- - internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - The current default value is 100.64.0.0/16 - The subnet must be large enough to accommodate one IP per node in your cluster - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 4 - - message: subnet must be in the range /0 to /30 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 30 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > 0 - internalTransitSwitchSubnet: - description: |- - internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally - by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect - architecture that connects the cluster routers on each node together to enable - east west traffic. The subnet chosen should not overlap with other networks - specified for OVN-Kubernetes as well as other networks used on the host. - When ommitted, this means no opinion and the platform is left to choose a reasonable - default which is subject to change over time. - The current default subnet is 100.88.0.0/16 - The subnet must be large enough to accommodate one IP per node in your cluster - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 4 - - message: subnet must be in the range /0 to /30 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 30 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > 0 - type: object - ipv6: - description: |- - ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, - this means no opinions and the default configuration is used. Check individual - fields within ipv4 for details of default values. - properties: - internalJoinSubnet: - description: |- - internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - The subnet must be large enough to accommodate one IP per node in your cluster - The current default value is fd98::/64 - The value must be in proper IPV6 CIDR format - Note that IPV6 dual addresses are not permitted - maxLength: 48 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 6 - - message: subnet must be in the range /0 to /125 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 125 - internalTransitSwitchSubnet: - description: |- - internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally - by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect - architecture that connects the cluster routers on each node together to enable - east west traffic. The subnet chosen should not overlap with other networks - specified for OVN-Kubernetes as well as other networks used on the host. - When ommitted, this means no opinion and the platform is left to choose a reasonable - default which is subject to change over time. - The subnet must be large enough to accommodate one IP per node in your cluster - The current default subnet is fd97::/64 - The value must be in proper IPV6 CIDR format - Note that IPV6 dual addresses are not permitted - maxLength: 48 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 6 - - message: subnet must be in the range /0 to /125 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 125 - type: object - mtu: - description: |- - mtu is the MTU to use for the tunnel interface. This must be 100 - bytes smaller than the uplink mtu. - Default is 1400 - format: int32 - minimum: 0 - type: integer - policyAuditConfig: - description: |- - policyAuditConfig is the configuration for network policy audit events. If unset, - reported defaults are used. - properties: - destination: - default: "null" - description: |- - destination is the location for policy log messages. - Regardless of this config, persistent logs will always be dumped to the host - at /var/log/ovn/ however - Additionally syslog output may be configured as follows. - Valid values are: - - "libc" -> to use the libc syslog() function of the host node's journdald process - - "udp:host:port" -> for sending syslog over UDP - - "unix:file" -> for using the UNIX domain socket directly - - "null" -> to discard all messages logged to syslog - The default is "null" - type: string - maxFileSize: - default: 50 - description: |- - maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs - Units are in MB and the Default is 50MB - format: int32 - minimum: 1 - type: integer - maxLogFiles: - default: 5 - description: maxLogFiles specifies the maximum number - of ACL_audit log files that can be present. - format: int32 - minimum: 1 - type: integer - rateLimit: - default: 20 - description: |- - rateLimit is the approximate maximum number of messages to generate per-second per-node. If - unset the default of 20 msg/sec is used. - format: int32 - minimum: 1 - type: integer - syslogFacility: - default: local0 - description: syslogFacility the RFC5424 facility for generated - messages, e.g. "kern". Default is "local0" - type: string - type: object - v4InternalSubnet: - description: |- - v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - Default is 100.64.0.0/16 - type: string - v6InternalSubnet: - description: |- - v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - Default is fd98::/64 - type: string - type: object - type: - description: |- - type is the type of network - All NetworkTypes are supported except for NetworkTypeRaw - type: string - type: object - deployKubeProxy: - description: |- - deployKubeProxy specifies whether or not a standalone kube-proxy should - be deployed by the operator. Some network providers include kube-proxy - or similar functionality. If unset, the plugin will attempt to select - the correct value, which is false when ovn-kubernetes is used and true - otherwise. - type: boolean - disableMultiNetwork: - description: |- - disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. - disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, - that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, - but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. - type: boolean - disableNetworkDiagnostics: - default: false - description: |- - disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck - CRs from a test pod to every node, apiserver and LB should be disabled or not. - If unset, this property defaults to 'false' and network diagnostics is enabled. - Setting this to 'true' would reduce the additional load of the pods performing the checks. - type: boolean - exportNetworkFlows: - description: |- - exportNetworkFlows enables and configures the export of network flow metadata from the pod network - by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. - If unset, flows will not be exported to any collector. - properties: - ipfix: - description: ipfix defines IPFIX configuration. - properties: - collectors: - description: ipfixCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - type: object - netFlow: - description: netFlow defines the NetFlow configuration. - properties: - collectors: - description: |- - netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. - It is a list of strings formatted as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - type: object - sFlow: - description: sFlow defines the SFlow configuration. - properties: - collectors: - description: sFlowCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - type: object - type: object - kubeProxyConfig: - description: |- - kubeProxyConfig lets us configure desired proxy configuration, if - deployKubeProxy is true. If not specified, sensible defaults will be chosen by - OpenShift directly. - properties: - bindAddress: - description: |- - The address to "bind" on - Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: |- - An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted - in large clusters for performance reasons, but this is no longer necessary, and there is no reason - to change this from the default value. - Default: 30s - type: string - proxyArguments: - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - items: - type: string - type: array - x-kubernetes-list-type: atomic - description: Any additional arguments to pass to the kubeproxy - process - type: object - type: object - logLevel: - default: Normal - description: |- - logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a - simple way to manage coarse grained logging choices that operators have to interpret for their operands. - - Valid values are: "Normal", "Debug", "Trace", "TraceAll". - Defaults to "Normal". - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - migration: - description: |- - migration enables and configures cluster network migration, for network changes - that cannot be made instantly. - properties: - features: - description: |- - features was previously used to configure which network plugin features - would be migrated in a network type migration. - DEPRECATED: network type migration is no longer supported, and setting - this to a non-empty value will result in the network operator rejecting - the configuration. - properties: - egressFirewall: - default: true - description: |- - egressFirewall specified whether or not the Egress Firewall configuration was migrated. - DEPRECATED: network type migration is no longer supported. - type: boolean - egressIP: - default: true - description: |- - egressIP specified whether or not the Egress IP configuration was migrated. - DEPRECATED: network type migration is no longer supported. - type: boolean - multicast: - default: true - description: |- - multicast specified whether or not the multicast configuration was migrated. - DEPRECATED: network type migration is no longer supported. - type: boolean - type: object - mode: - description: |- - mode indicates the mode of network type migration. - DEPRECATED: network type migration is no longer supported, and setting - this to a non-empty value will result in the network operator rejecting - the configuration. - enum: - - Live - - Offline - - "" - type: string - mtu: - description: |- - mtu contains the MTU migration configuration. Set this to allow changing - the MTU values for the default network. If unset, the operation of - changing the MTU for the default network will be rejected. - properties: - machine: - description: |- - machine contains MTU migration configuration for the machine's uplink. - Needs to be migrated along with the default network MTU unless the - current uplink MTU already accommodates the default network MTU. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: |- - network contains information about MTU migration for the default network. - Migrations are only allowed to MTU values lower than the machine's uplink - MTU by the minimum appropriate offset. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: |- - networkType was previously used when changing the default network type. - DEPRECATED: network type migration is no longer supported, and setting - this to a non-empty value will result in the network operator rejecting - the configuration. - type: string - type: object - observedConfig: - description: |- - observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: |- - operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a - simple way to manage coarse grained logging choices that operators have to interpret for themselves. - - Valid values are: "Normal", "Debug", "Trace", "TraceAll". - Defaults to "Normal". - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - serviceNetwork: - description: |- - serviceNetwork is the ip address pool to use for Service IPs - Currently, all existing network providers only support a single value - here, but this is an array to allow for growth. - items: - type: string - type: array - x-kubernetes-list-type: atomic - unsupportedConfigOverrides: - description: |- - unsupportedConfigOverrides overrides the final configuration that was computed by the operator. - Red Hat does not support the use of this field. - Misuse of this field could lead to unexpected behavior or conflict with other configuration options. - Seek guidance from the Red Hat support before using this field. - Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMultiNetworkPolicy: - description: |- - useMultiNetworkPolicy enables a controller which allows for - MultiNetworkPolicy objects to be used on additional networks as - created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy - objects, but NetworkPolicy objects only apply to the primary interface. - With MultiNetworkPolicy, you can control the traffic that a pod can receive - over the secondary interfaces. If unset, this property defaults to 'false' - and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is - 'true' then the value of this field is ignored. - type: boolean - type: object - x-kubernetes-validations: - - message: invalid value for IPForwarding, valid values are 'Restricted' - or 'Global' - rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) - || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || - !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Global''' - status: - description: |- - NetworkStatus is detailed operator status, which is distilled - up to the Network clusteroperator object. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - type: string - reason: - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - required: - - group - - name - - namespace - - resource - type: object - type: array - x-kubernetes-list-map-keys: - - group - - resource - - namespace - - name - x-kubernetes-list-type: map - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - x-kubernetes-validations: - - message: must only increase - rule: self >= oldSelf - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/NetworkLiveMigration.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/NetworkLiveMigration.yaml deleted file mode 100644 index f2f2b59ac4c..00000000000 --- a/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/NetworkLiveMigration.yaml +++ /dev/null @@ -1,989 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/filename-cvo-runlevel: "0000_70" - api.openshift.io/filename-operator: network - api.openshift.io/filename-ordering: "01" - feature-gate.release.openshift.io/NetworkLiveMigration: "true" - name: networks.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Network describes the cluster's desired network configuration. It is - consumed by the cluster-network-operator. - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - properties: - additionalNetworks: - description: |- - additionalNetworks is a list of extra networks to make available to pods - when multiple networks are enabled. - items: - description: |- - AdditionalNetworkDefinition configures an extra network that is available but not - created by default. Instead, pods must request them by name. - type must be specified, along with exactly one "Config" that matches the type. - properties: - name: - description: |- - name is the name of the network. This will be populated in the resulting CRD - This must be unique. - type: string - namespace: - description: |- - namespace is the namespace of the network. This will be populated in the resulting CRD - If not given the network will be created in the default namespace. - type: string - rawCNIConfig: - description: |- - rawCNIConfig is the raw CNI configuration json to create in the - NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: simpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan - properties: - ipamConfig: - description: ipamConfig configures IPAM module will be used - for IP Address Management (IPAM). - properties: - staticIPAMConfig: - description: staticIPAMConfig configures the static - IP address in case of type:IPAMTypeStatic - properties: - addresses: - description: addresses configures IP address for - the interface - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - properties: - address: - description: address is the IP address in - CIDR format - type: string - gateway: - description: gateway is IP inside of subnet - to designate as the gateway - type: string - type: object - type: array - x-kubernetes-list-type: atomic - dns: - description: dns configures DNS for the interface - properties: - domain: - description: domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: nameservers points DNS servers - for IP lookup - items: - type: string - type: array - x-kubernetes-list-type: atomic - search: - description: search configures priority ordered - search domains for short hostname lookups - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - routes: - description: routes configures IP routes for the - interface - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - properties: - destination: - description: destination points the IP route - destination - type: string - gateway: - description: |- - gateway is the route's next-hop IP address - If unset, a default gateway is assumed (as determined by the CNI plugin). - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: - description: |- - type is the type of IPAM module will be used for IP Address Management(IPAM). - The supported values are IPAMTypeDHCP, IPAMTypeStatic - type: string - type: object - master: - description: |- - master is the host interface to create the macvlan interface from. - If not specified, it will be default route interface - type: string - mode: - description: 'mode is the macvlan mode: bridge, private, - vepa, passthru. The default is bridge' - type: string - mtu: - description: |- - mtu is the mtu to use for the macvlan interface. if unset, host's - kernel will select the value. - format: int32 - minimum: 0 - type: integer - type: object - type: - description: |- - type is the type of network - The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - clusterNetwork: - description: |- - clusterNetwork is the IP address pool to use for pod IPs. - Some network providers support multiple ClusterNetworks. - Others only support one. This is equivalent to the cluster-cidr. - items: - description: |- - ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size - HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If - the HostPrefix field is not used by the plugin, it can be left unset. - Not all network providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - defaultNetwork: - description: defaultNetwork is the "default" network that all pods - will receive - properties: - openshiftSDNConfig: - description: |- - openshiftSDNConfig was previously used to configure the openshift-sdn plugin. - DEPRECATED: OpenShift SDN is no longer supported. - properties: - enableUnidling: - description: |- - enableUnidling controls whether or not the service proxy will support idling - and unidling of services. By default, unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: |- - mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. - This must be 50 bytes smaller than the machine's uplink. - format: int32 - minimum: 0 - type: integer - useExternalOpenvswitch: - description: |- - useExternalOpenvswitch used to control whether the operator would deploy an OVS - DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always - run as a system service, and this flag is ignored. - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - format: int32 - minimum: 0 - type: integer - type: object - ovnKubernetesConfig: - description: ovnKubernetesConfig configures the ovn-kubernetes - plugin. - properties: - egressIPConfig: - description: egressIPConfig holds the configuration for EgressIP - options. - properties: - reachabilityTotalTimeoutSeconds: - description: |- - reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. - If the EgressIP node cannot be reached within this timeout, the node is declared down. - Setting a large value may cause the EgressIP feature to react slowly to node changes. - In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. - When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The current default is 1 second. - A value of 0 disables the EgressIP node's reachability check. - format: int32 - maximum: 60 - minimum: 0 - type: integer - type: object - gatewayConfig: - description: gatewayConfig holds the configuration for node - gateway options. - properties: - ipForwarding: - description: |- - ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). - By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other - IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across - OVN-Kubernetes managed interfaces, then set this field to "Global". - The supported values are "Restricted" and "Global". - type: string - ipv4: - description: |- - ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default - configuration is used. Check individual members fields within ipv4 for details of default values. - properties: - internalMasqueradeSubnet: - description: |- - internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by - ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge interface. The values can be changed after - installation. The subnet chosen should not overlap with other networks specified for - OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must - be large enough to accommodate 6 IPs (maximum prefix length /29). - When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. - The current default subnet is 169.254.0.0/17 - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == - 4 - - message: subnet must be in the range /0 to /29 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() - <= 29 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > - 0 - type: object - ipv6: - description: |- - ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default - configuration is used. Check individual members fields within ipv6 for details of default values. - properties: - internalMasqueradeSubnet: - description: |- - internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by - ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge interface. The values can be changed after - installation. The subnet chosen should not overlap with other networks specified for - OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must - be large enough to accommodate 6 IPs (maximum prefix length /125). - When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. - The current default subnet is fd69::/112 - Note that IPV6 dual addresses are not permitted - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == - 6 - - message: subnet must be in the range /0 to /125 - inclusive - rule: isCIDR(self) && cidr(self).prefixLength() - <= 125 - type: object - routingViaHost: - default: false - description: |- - routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port - into the host before sending it out. If this is not set, traffic will always egress directly - from OVN to outside without touching the host stack. Setting this to true means hardware - offload will not be supported. Default is false if GatewayConfig is specified. - type: boolean - type: object - genevePort: - description: |- - geneve port is the UDP port to be used by geneve encapulation. - Default is 6081 - format: int32 - minimum: 1 - type: integer - hybridOverlayConfig: - description: |- - hybridOverlayConfig configures an additional overlay network for peers that are - not using OVN. - properties: - hybridClusterNetwork: - description: hybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - items: - description: |- - ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size - HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If - the HostPrefix field is not used by the plugin, it can be left unset. - Not all network providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - hybridOverlayVXLANPort: - description: |- - hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. - Default is 4789 - format: int32 - type: integer - type: object - ipsecConfig: - default: - mode: Disabled - description: |- - ipsecConfig enables and configures IPsec for pods on the pod network within the - cluster. - properties: - full: - description: |- - full defines configuration parameters for the IPsec `Full` mode. - This is permitted only when mode is configured with `Full`, - and forbidden otherwise. - minProperties: 1 - properties: - encapsulation: - description: |- - encapsulation option to configure libreswan on how inter-pod traffic across nodes - are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 - for the encapsulation. - Valid values are Always, Auto and omitted. - Always means enable UDP encapsulation regardless of whether NAT is detected. - Auto means enable UDP encapsulation based on the detection of NAT. - When omitted, this means no opinion and the platform is left to choose a reasonable - default, which is subject to change over time. The current default is Auto. - enum: - - Always - - Auto - type: string - type: object - mode: - description: |- - mode defines the behaviour of the ipsec configuration within the platform. - Valid values are `Disabled`, `External` and `Full`. - When 'Disabled', ipsec will not be enabled at the node level. - When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. - This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. - When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. - Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), - this is left to the user to configure. - enum: - - Disabled - - External - - Full - type: string - type: object - x-kubernetes-validations: - - message: ipsecConfig.mode is required - rule: self == oldSelf || has(self.mode) - - message: full is forbidden when mode is not Full - rule: 'has(self.mode) && self.mode == ''Full'' ? true : - !has(self.full)' - ipv4: - description: |- - ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, - this means no opinions and the default configuration is used. Check individual - fields within ipv4 for details of default values. - properties: - internalJoinSubnet: - description: |- - internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - The current default value is 100.64.0.0/16 - The subnet must be large enough to accommodate one IP per node in your cluster - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 4 - - message: subnet must be in the range /0 to /30 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 30 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > 0 - internalTransitSwitchSubnet: - description: |- - internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally - by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect - architecture that connects the cluster routers on each node together to enable - east west traffic. The subnet chosen should not overlap with other networks - specified for OVN-Kubernetes as well as other networks used on the host. - When ommitted, this means no opinion and the platform is left to choose a reasonable - default which is subject to change over time. - The current default subnet is 100.88.0.0/16 - The subnet must be large enough to accommodate one IP per node in your cluster - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 4 - - message: subnet must be in the range /0 to /30 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 30 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > 0 - type: object - ipv6: - description: |- - ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, - this means no opinions and the default configuration is used. Check individual - fields within ipv4 for details of default values. - properties: - internalJoinSubnet: - description: |- - internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - The subnet must be large enough to accommodate one IP per node in your cluster - The current default value is fd98::/64 - The value must be in proper IPV6 CIDR format - Note that IPV6 dual addresses are not permitted - maxLength: 48 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 6 - - message: subnet must be in the range /0 to /125 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 125 - internalTransitSwitchSubnet: - description: |- - internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally - by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect - architecture that connects the cluster routers on each node together to enable - east west traffic. The subnet chosen should not overlap with other networks - specified for OVN-Kubernetes as well as other networks used on the host. - When ommitted, this means no opinion and the platform is left to choose a reasonable - default which is subject to change over time. - The subnet must be large enough to accommodate one IP per node in your cluster - The current default subnet is fd97::/64 - The value must be in proper IPV6 CIDR format - Note that IPV6 dual addresses are not permitted - maxLength: 48 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 6 - - message: subnet must be in the range /0 to /125 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 125 - type: object - mtu: - description: |- - mtu is the MTU to use for the tunnel interface. This must be 100 - bytes smaller than the uplink mtu. - Default is 1400 - format: int32 - minimum: 0 - type: integer - policyAuditConfig: - description: |- - policyAuditConfig is the configuration for network policy audit events. If unset, - reported defaults are used. - properties: - destination: - default: "null" - description: |- - destination is the location for policy log messages. - Regardless of this config, persistent logs will always be dumped to the host - at /var/log/ovn/ however - Additionally syslog output may be configured as follows. - Valid values are: - - "libc" -> to use the libc syslog() function of the host node's journdald process - - "udp:host:port" -> for sending syslog over UDP - - "unix:file" -> for using the UNIX domain socket directly - - "null" -> to discard all messages logged to syslog - The default is "null" - type: string - maxFileSize: - default: 50 - description: |- - maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs - Units are in MB and the Default is 50MB - format: int32 - minimum: 1 - type: integer - maxLogFiles: - default: 5 - description: maxLogFiles specifies the maximum number - of ACL_audit log files that can be present. - format: int32 - minimum: 1 - type: integer - rateLimit: - default: 20 - description: |- - rateLimit is the approximate maximum number of messages to generate per-second per-node. If - unset the default of 20 msg/sec is used. - format: int32 - minimum: 1 - type: integer - syslogFacility: - default: local0 - description: syslogFacility the RFC5424 facility for generated - messages, e.g. "kern". Default is "local0" - type: string - type: object - v4InternalSubnet: - description: |- - v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - Default is 100.64.0.0/16 - type: string - v6InternalSubnet: - description: |- - v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - Default is fd98::/64 - type: string - type: object - type: - description: |- - type is the type of network - All NetworkTypes are supported except for NetworkTypeRaw - type: string - type: object - deployKubeProxy: - description: |- - deployKubeProxy specifies whether or not a standalone kube-proxy should - be deployed by the operator. Some network providers include kube-proxy - or similar functionality. If unset, the plugin will attempt to select - the correct value, which is false when ovn-kubernetes is used and true - otherwise. - type: boolean - disableMultiNetwork: - description: |- - disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. - disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, - that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, - but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. - type: boolean - disableNetworkDiagnostics: - default: false - description: |- - disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck - CRs from a test pod to every node, apiserver and LB should be disabled or not. - If unset, this property defaults to 'false' and network diagnostics is enabled. - Setting this to 'true' would reduce the additional load of the pods performing the checks. - type: boolean - exportNetworkFlows: - description: |- - exportNetworkFlows enables and configures the export of network flow metadata from the pod network - by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. - If unset, flows will not be exported to any collector. - properties: - ipfix: - description: ipfix defines IPFIX configuration. - properties: - collectors: - description: ipfixCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - type: object - netFlow: - description: netFlow defines the NetFlow configuration. - properties: - collectors: - description: |- - netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. - It is a list of strings formatted as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - type: object - sFlow: - description: sFlow defines the SFlow configuration. - properties: - collectors: - description: sFlowCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - type: object - type: object - kubeProxyConfig: - description: |- - kubeProxyConfig lets us configure desired proxy configuration, if - deployKubeProxy is true. If not specified, sensible defaults will be chosen by - OpenShift directly. - properties: - bindAddress: - description: |- - The address to "bind" on - Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: |- - An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted - in large clusters for performance reasons, but this is no longer necessary, and there is no reason - to change this from the default value. - Default: 30s - type: string - proxyArguments: - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - items: - type: string - type: array - x-kubernetes-list-type: atomic - description: Any additional arguments to pass to the kubeproxy - process - type: object - type: object - logLevel: - default: Normal - description: |- - logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a - simple way to manage coarse grained logging choices that operators have to interpret for their operands. - - Valid values are: "Normal", "Debug", "Trace", "TraceAll". - Defaults to "Normal". - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - migration: - description: |- - migration enables and configures cluster network migration, for network changes - that cannot be made instantly. - properties: - features: - description: |- - features was previously used to configure which network plugin features - would be migrated in a network type migration. - DEPRECATED: network type migration is no longer supported, and setting - this to a non-empty value will result in the network operator rejecting - the configuration. - properties: - egressFirewall: - default: true - description: |- - egressFirewall specified whether or not the Egress Firewall configuration was migrated. - DEPRECATED: network type migration is no longer supported. - type: boolean - egressIP: - default: true - description: |- - egressIP specified whether or not the Egress IP configuration was migrated. - DEPRECATED: network type migration is no longer supported. - type: boolean - multicast: - default: true - description: |- - multicast specified whether or not the multicast configuration was migrated. - DEPRECATED: network type migration is no longer supported. - type: boolean - type: object - mode: - description: |- - mode indicates the mode of network type migration. - DEPRECATED: network type migration is no longer supported, and setting - this to a non-empty value will result in the network operator rejecting - the configuration. - enum: - - Live - - Offline - - "" - type: string - mtu: - description: |- - mtu contains the MTU migration configuration. Set this to allow changing - the MTU values for the default network. If unset, the operation of - changing the MTU for the default network will be rejected. - properties: - machine: - description: |- - machine contains MTU migration configuration for the machine's uplink. - Needs to be migrated along with the default network MTU unless the - current uplink MTU already accommodates the default network MTU. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: |- - network contains information about MTU migration for the default network. - Migrations are only allowed to MTU values lower than the machine's uplink - MTU by the minimum appropriate offset. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: |- - networkType was previously used when changing the default network type. - DEPRECATED: network type migration is no longer supported, and setting - this to a non-empty value will result in the network operator rejecting - the configuration. - type: string - type: object - x-kubernetes-validations: - - message: networkType migration in mode other than 'Live' may not - be configured at the same time as mtu migration - rule: '!has(self.mtu) || !has(self.networkType) || self.networkType - == "" || has(self.mode) && self.mode == ''Live''' - observedConfig: - description: |- - observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: |- - operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a - simple way to manage coarse grained logging choices that operators have to interpret for themselves. - - Valid values are: "Normal", "Debug", "Trace", "TraceAll". - Defaults to "Normal". - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - serviceNetwork: - description: |- - serviceNetwork is the ip address pool to use for Service IPs - Currently, all existing network providers only support a single value - here, but this is an array to allow for growth. - items: - type: string - type: array - x-kubernetes-list-type: atomic - unsupportedConfigOverrides: - description: |- - unsupportedConfigOverrides overrides the final configuration that was computed by the operator. - Red Hat does not support the use of this field. - Misuse of this field could lead to unexpected behavior or conflict with other configuration options. - Seek guidance from the Red Hat support before using this field. - Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMultiNetworkPolicy: - description: |- - useMultiNetworkPolicy enables a controller which allows for - MultiNetworkPolicy objects to be used on additional networks as - created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy - objects, but NetworkPolicy objects only apply to the primary interface. - With MultiNetworkPolicy, you can control the traffic that a pod can receive - over the secondary interfaces. If unset, this property defaults to 'false' - and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is - 'true' then the value of this field is ignored. - type: boolean - type: object - x-kubernetes-validations: - - message: invalid value for IPForwarding, valid values are 'Restricted' - or 'Global' - rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) - || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || - !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Global''' - status: - description: |- - NetworkStatus is detailed operator status, which is distilled - up to the Network clusteroperator object. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - type: string - reason: - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - required: - - group - - name - - namespace - - resource - type: object - type: array - x-kubernetes-list-map-keys: - - group - - resource - - namespace - - name - x-kubernetes-list-type: map - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - x-kubernetes-validations: - - message: must only increase - rule: self >= oldSelf - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/RouteAdvertisements.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/RouteAdvertisements.yaml deleted file mode 100644 index 40b3daf246d..00000000000 --- a/operator/v1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/RouteAdvertisements.yaml +++ /dev/null @@ -1,1007 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/filename-cvo-runlevel: "0000_70" - api.openshift.io/filename-operator: network - api.openshift.io/filename-ordering: "01" - feature-gate.release.openshift.io/RouteAdvertisements: "true" - name: networks.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Network describes the cluster's desired network configuration. It is - consumed by the cluster-network-operator. - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - properties: - additionalNetworks: - description: |- - additionalNetworks is a list of extra networks to make available to pods - when multiple networks are enabled. - items: - description: |- - AdditionalNetworkDefinition configures an extra network that is available but not - created by default. Instead, pods must request them by name. - type must be specified, along with exactly one "Config" that matches the type. - properties: - name: - description: |- - name is the name of the network. This will be populated in the resulting CRD - This must be unique. - type: string - namespace: - description: |- - namespace is the namespace of the network. This will be populated in the resulting CRD - If not given the network will be created in the default namespace. - type: string - rawCNIConfig: - description: |- - rawCNIConfig is the raw CNI configuration json to create in the - NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: simpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan - properties: - ipamConfig: - description: ipamConfig configures IPAM module will be used - for IP Address Management (IPAM). - properties: - staticIPAMConfig: - description: staticIPAMConfig configures the static - IP address in case of type:IPAMTypeStatic - properties: - addresses: - description: addresses configures IP address for - the interface - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - properties: - address: - description: address is the IP address in - CIDR format - type: string - gateway: - description: gateway is IP inside of subnet - to designate as the gateway - type: string - type: object - type: array - x-kubernetes-list-type: atomic - dns: - description: dns configures DNS for the interface - properties: - domain: - description: domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: nameservers points DNS servers - for IP lookup - items: - type: string - type: array - x-kubernetes-list-type: atomic - search: - description: search configures priority ordered - search domains for short hostname lookups - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - routes: - description: routes configures IP routes for the - interface - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - properties: - destination: - description: destination points the IP route - destination - type: string - gateway: - description: |- - gateway is the route's next-hop IP address - If unset, a default gateway is assumed (as determined by the CNI plugin). - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: - description: |- - type is the type of IPAM module will be used for IP Address Management(IPAM). - The supported values are IPAMTypeDHCP, IPAMTypeStatic - type: string - type: object - master: - description: |- - master is the host interface to create the macvlan interface from. - If not specified, it will be default route interface - type: string - mode: - description: 'mode is the macvlan mode: bridge, private, - vepa, passthru. The default is bridge' - type: string - mtu: - description: |- - mtu is the mtu to use for the macvlan interface. if unset, host's - kernel will select the value. - format: int32 - minimum: 0 - type: integer - type: object - type: - description: |- - type is the type of network - The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - clusterNetwork: - description: |- - clusterNetwork is the IP address pool to use for pod IPs. - Some network providers support multiple ClusterNetworks. - Others only support one. This is equivalent to the cluster-cidr. - items: - description: |- - ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size - HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If - the HostPrefix field is not used by the plugin, it can be left unset. - Not all network providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - defaultNetwork: - description: defaultNetwork is the "default" network that all pods - will receive - properties: - openshiftSDNConfig: - description: |- - openshiftSDNConfig was previously used to configure the openshift-sdn plugin. - DEPRECATED: OpenShift SDN is no longer supported. - properties: - enableUnidling: - description: |- - enableUnidling controls whether or not the service proxy will support idling - and unidling of services. By default, unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: |- - mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. - This must be 50 bytes smaller than the machine's uplink. - format: int32 - minimum: 0 - type: integer - useExternalOpenvswitch: - description: |- - useExternalOpenvswitch used to control whether the operator would deploy an OVS - DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always - run as a system service, and this flag is ignored. - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - format: int32 - minimum: 0 - type: integer - type: object - ovnKubernetesConfig: - description: ovnKubernetesConfig configures the ovn-kubernetes - plugin. - properties: - egressIPConfig: - description: egressIPConfig holds the configuration for EgressIP - options. - properties: - reachabilityTotalTimeoutSeconds: - description: |- - reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. - If the EgressIP node cannot be reached within this timeout, the node is declared down. - Setting a large value may cause the EgressIP feature to react slowly to node changes. - In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. - When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The current default is 1 second. - A value of 0 disables the EgressIP node's reachability check. - format: int32 - maximum: 60 - minimum: 0 - type: integer - type: object - gatewayConfig: - description: gatewayConfig holds the configuration for node - gateway options. - properties: - ipForwarding: - description: |- - ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). - By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other - IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across - OVN-Kubernetes managed interfaces, then set this field to "Global". - The supported values are "Restricted" and "Global". - type: string - ipv4: - description: |- - ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default - configuration is used. Check individual members fields within ipv4 for details of default values. - properties: - internalMasqueradeSubnet: - description: |- - internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by - ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge interface. The values can be changed after - installation. The subnet chosen should not overlap with other networks specified for - OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must - be large enough to accommodate 6 IPs (maximum prefix length /29). - When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. - The current default subnet is 169.254.0.0/17 - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == - 4 - - message: subnet must be in the range /0 to /29 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() - <= 29 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > - 0 - type: object - ipv6: - description: |- - ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default - configuration is used. Check individual members fields within ipv6 for details of default values. - properties: - internalMasqueradeSubnet: - description: |- - internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by - ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge interface. The values can be changed after - installation. The subnet chosen should not overlap with other networks specified for - OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must - be large enough to accommodate 6 IPs (maximum prefix length /125). - When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. - The current default subnet is fd69::/112 - Note that IPV6 dual addresses are not permitted - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == - 6 - - message: subnet must be in the range /0 to /125 - inclusive - rule: isCIDR(self) && cidr(self).prefixLength() - <= 125 - type: object - routingViaHost: - default: false - description: |- - routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port - into the host before sending it out. If this is not set, traffic will always egress directly - from OVN to outside without touching the host stack. Setting this to true means hardware - offload will not be supported. Default is false if GatewayConfig is specified. - type: boolean - type: object - genevePort: - description: |- - geneve port is the UDP port to be used by geneve encapulation. - Default is 6081 - format: int32 - minimum: 1 - type: integer - hybridOverlayConfig: - description: |- - hybridOverlayConfig configures an additional overlay network for peers that are - not using OVN. - properties: - hybridClusterNetwork: - description: hybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - items: - description: |- - ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size - HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If - the HostPrefix field is not used by the plugin, it can be left unset. - Not all network providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - hybridOverlayVXLANPort: - description: |- - hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. - Default is 4789 - format: int32 - type: integer - type: object - ipsecConfig: - default: - mode: Disabled - description: |- - ipsecConfig enables and configures IPsec for pods on the pod network within the - cluster. - properties: - full: - description: |- - full defines configuration parameters for the IPsec `Full` mode. - This is permitted only when mode is configured with `Full`, - and forbidden otherwise. - minProperties: 1 - properties: - encapsulation: - description: |- - encapsulation option to configure libreswan on how inter-pod traffic across nodes - are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 - for the encapsulation. - Valid values are Always, Auto and omitted. - Always means enable UDP encapsulation regardless of whether NAT is detected. - Auto means enable UDP encapsulation based on the detection of NAT. - When omitted, this means no opinion and the platform is left to choose a reasonable - default, which is subject to change over time. The current default is Auto. - enum: - - Always - - Auto - type: string - type: object - mode: - description: |- - mode defines the behaviour of the ipsec configuration within the platform. - Valid values are `Disabled`, `External` and `Full`. - When 'Disabled', ipsec will not be enabled at the node level. - When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. - This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. - When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. - Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), - this is left to the user to configure. - enum: - - Disabled - - External - - Full - type: string - type: object - x-kubernetes-validations: - - message: ipsecConfig.mode is required - rule: self == oldSelf || has(self.mode) - - message: full is forbidden when mode is not Full - rule: 'has(self.mode) && self.mode == ''Full'' ? true : - !has(self.full)' - ipv4: - description: |- - ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, - this means no opinions and the default configuration is used. Check individual - fields within ipv4 for details of default values. - properties: - internalJoinSubnet: - description: |- - internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - The current default value is 100.64.0.0/16 - The subnet must be large enough to accommodate one IP per node in your cluster - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 4 - - message: subnet must be in the range /0 to /30 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 30 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > 0 - internalTransitSwitchSubnet: - description: |- - internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally - by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect - architecture that connects the cluster routers on each node together to enable - east west traffic. The subnet chosen should not overlap with other networks - specified for OVN-Kubernetes as well as other networks used on the host. - When ommitted, this means no opinion and the platform is left to choose a reasonable - default which is subject to change over time. - The current default subnet is 100.88.0.0/16 - The subnet must be large enough to accommodate one IP per node in your cluster - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 4 - - message: subnet must be in the range /0 to /30 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 30 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > 0 - type: object - ipv6: - description: |- - ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, - this means no opinions and the default configuration is used. Check individual - fields within ipv4 for details of default values. - properties: - internalJoinSubnet: - description: |- - internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - The subnet must be large enough to accommodate one IP per node in your cluster - The current default value is fd98::/64 - The value must be in proper IPV6 CIDR format - Note that IPV6 dual addresses are not permitted - maxLength: 48 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 6 - - message: subnet must be in the range /0 to /125 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 125 - internalTransitSwitchSubnet: - description: |- - internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally - by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect - architecture that connects the cluster routers on each node together to enable - east west traffic. The subnet chosen should not overlap with other networks - specified for OVN-Kubernetes as well as other networks used on the host. - When ommitted, this means no opinion and the platform is left to choose a reasonable - default which is subject to change over time. - The subnet must be large enough to accommodate one IP per node in your cluster - The current default subnet is fd97::/64 - The value must be in proper IPV6 CIDR format - Note that IPV6 dual addresses are not permitted - maxLength: 48 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 6 - - message: subnet must be in the range /0 to /125 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 125 - type: object - mtu: - description: |- - mtu is the MTU to use for the tunnel interface. This must be 100 - bytes smaller than the uplink mtu. - Default is 1400 - format: int32 - minimum: 0 - type: integer - policyAuditConfig: - description: |- - policyAuditConfig is the configuration for network policy audit events. If unset, - reported defaults are used. - properties: - destination: - default: "null" - description: |- - destination is the location for policy log messages. - Regardless of this config, persistent logs will always be dumped to the host - at /var/log/ovn/ however - Additionally syslog output may be configured as follows. - Valid values are: - - "libc" -> to use the libc syslog() function of the host node's journdald process - - "udp:host:port" -> for sending syslog over UDP - - "unix:file" -> for using the UNIX domain socket directly - - "null" -> to discard all messages logged to syslog - The default is "null" - type: string - maxFileSize: - default: 50 - description: |- - maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs - Units are in MB and the Default is 50MB - format: int32 - minimum: 1 - type: integer - maxLogFiles: - default: 5 - description: maxLogFiles specifies the maximum number - of ACL_audit log files that can be present. - format: int32 - minimum: 1 - type: integer - rateLimit: - default: 20 - description: |- - rateLimit is the approximate maximum number of messages to generate per-second per-node. If - unset the default of 20 msg/sec is used. - format: int32 - minimum: 1 - type: integer - syslogFacility: - default: local0 - description: syslogFacility the RFC5424 facility for generated - messages, e.g. "kern". Default is "local0" - type: string - type: object - routeAdvertisements: - description: |- - routeAdvertisements determines if the functionality to advertise cluster - network routes through a dynamic routing protocol, such as BGP, is - enabled or not. This functionality is configured through the - ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing - capability provider to be enabled as an additional routing capability. - Allowed values are "Enabled", "Disabled" and ommited. When omitted, this - means the user has no opinion and the platform is left to choose - reasonable defaults. These defaults are subject to change over time. The - current default is "Disabled". - enum: - - "" - - Enabled - - Disabled - type: string - v4InternalSubnet: - description: |- - v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - Default is 100.64.0.0/16 - type: string - v6InternalSubnet: - description: |- - v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the - default one is being already used by something else. It must not overlap with - any other subnet being used by OpenShift or by the node network. The size of the - subnet must be larger than the number of nodes. - Default is fd98::/64 - type: string - type: object - type: - description: |- - type is the type of network - All NetworkTypes are supported except for NetworkTypeRaw - type: string - type: object - deployKubeProxy: - description: |- - deployKubeProxy specifies whether or not a standalone kube-proxy should - be deployed by the operator. Some network providers include kube-proxy - or similar functionality. If unset, the plugin will attempt to select - the correct value, which is false when ovn-kubernetes is used and true - otherwise. - type: boolean - disableMultiNetwork: - description: |- - disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. - disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, - that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, - but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. - type: boolean - disableNetworkDiagnostics: - default: false - description: |- - disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck - CRs from a test pod to every node, apiserver and LB should be disabled or not. - If unset, this property defaults to 'false' and network diagnostics is enabled. - Setting this to 'true' would reduce the additional load of the pods performing the checks. - type: boolean - exportNetworkFlows: - description: |- - exportNetworkFlows enables and configures the export of network flow metadata from the pod network - by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. - If unset, flows will not be exported to any collector. - properties: - ipfix: - description: ipfix defines IPFIX configuration. - properties: - collectors: - description: ipfixCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - type: object - netFlow: - description: netFlow defines the NetFlow configuration. - properties: - collectors: - description: |- - netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. - It is a list of strings formatted as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - type: object - sFlow: - description: sFlow defines the SFlow configuration. - properties: - collectors: - description: sFlowCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - type: object - type: object - kubeProxyConfig: - description: |- - kubeProxyConfig lets us configure desired proxy configuration, if - deployKubeProxy is true. If not specified, sensible defaults will be chosen by - OpenShift directly. - properties: - bindAddress: - description: |- - The address to "bind" on - Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: |- - An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted - in large clusters for performance reasons, but this is no longer necessary, and there is no reason - to change this from the default value. - Default: 30s - type: string - proxyArguments: - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - items: - type: string - type: array - x-kubernetes-list-type: atomic - description: Any additional arguments to pass to the kubeproxy - process - type: object - type: object - logLevel: - default: Normal - description: |- - logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a - simple way to manage coarse grained logging choices that operators have to interpret for their operands. - - Valid values are: "Normal", "Debug", "Trace", "TraceAll". - Defaults to "Normal". - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - migration: - description: |- - migration enables and configures cluster network migration, for network changes - that cannot be made instantly. - properties: - features: - description: |- - features was previously used to configure which network plugin features - would be migrated in a network type migration. - DEPRECATED: network type migration is no longer supported, and setting - this to a non-empty value will result in the network operator rejecting - the configuration. - properties: - egressFirewall: - default: true - description: |- - egressFirewall specified whether or not the Egress Firewall configuration was migrated. - DEPRECATED: network type migration is no longer supported. - type: boolean - egressIP: - default: true - description: |- - egressIP specified whether or not the Egress IP configuration was migrated. - DEPRECATED: network type migration is no longer supported. - type: boolean - multicast: - default: true - description: |- - multicast specified whether or not the multicast configuration was migrated. - DEPRECATED: network type migration is no longer supported. - type: boolean - type: object - mode: - description: |- - mode indicates the mode of network type migration. - DEPRECATED: network type migration is no longer supported, and setting - this to a non-empty value will result in the network operator rejecting - the configuration. - enum: - - Live - - Offline - - "" - type: string - mtu: - description: |- - mtu contains the MTU migration configuration. Set this to allow changing - the MTU values for the default network. If unset, the operation of - changing the MTU for the default network will be rejected. - properties: - machine: - description: |- - machine contains MTU migration configuration for the machine's uplink. - Needs to be migrated along with the default network MTU unless the - current uplink MTU already accommodates the default network MTU. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: |- - network contains information about MTU migration for the default network. - Migrations are only allowed to MTU values lower than the machine's uplink - MTU by the minimum appropriate offset. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: |- - networkType was previously used when changing the default network type. - DEPRECATED: network type migration is no longer supported, and setting - this to a non-empty value will result in the network operator rejecting - the configuration. - type: string - type: object - observedConfig: - description: |- - observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: |- - operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a - simple way to manage coarse grained logging choices that operators have to interpret for themselves. - - Valid values are: "Normal", "Debug", "Trace", "TraceAll". - Defaults to "Normal". - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - serviceNetwork: - description: |- - serviceNetwork is the ip address pool to use for Service IPs - Currently, all existing network providers only support a single value - here, but this is an array to allow for growth. - items: - type: string - type: array - x-kubernetes-list-type: atomic - unsupportedConfigOverrides: - description: |- - unsupportedConfigOverrides overrides the final configuration that was computed by the operator. - Red Hat does not support the use of this field. - Misuse of this field could lead to unexpected behavior or conflict with other configuration options. - Seek guidance from the Red Hat support before using this field. - Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMultiNetworkPolicy: - description: |- - useMultiNetworkPolicy enables a controller which allows for - MultiNetworkPolicy objects to be used on additional networks as - created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy - objects, but NetworkPolicy objects only apply to the primary interface. - With MultiNetworkPolicy, you can control the traffic that a pod can receive - over the secondary interfaces. If unset, this property defaults to 'false' - and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is - 'true' then the value of this field is ignored. - type: boolean - type: object - x-kubernetes-validations: - - message: Route advertisements cannot be Enabled if 'FRR' routing capability - provider is not available - rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) - || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) - || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) - || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != - 'Enabled' - - message: invalid value for IPForwarding, valid values are 'Restricted' - or 'Global' - rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) - || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || - !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Global''' - status: - description: |- - NetworkStatus is detailed operator status, which is distilled - up to the Network clusteroperator object. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - type: string - reason: - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - required: - - group - - name - - namespace - - resource - type: object - type: array - x-kubernetes-list-map-keys: - - group - - resource - - namespace - - name - x-kubernetes-list-type: map - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - x-kubernetes-validations: - - message: must only increase - rule: self >= oldSelf - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/payload-command/render/legacyfeaturegates.go b/payload-command/render/legacyfeaturegates.go index 80a4243a40c..f54d17936e7 100644 --- a/payload-command/render/legacyfeaturegates.go +++ b/payload-command/render/legacyfeaturegates.go @@ -9,10 +9,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "AWSEFSDriverVolumeMetrics", // never add to this list, if you think you have an exception ask @deads2k - "AdditionalRoutingCapabilities", - // never add to this list, if you think you have an exception ask @deads2k - "AdminNetworkPolicy", - // never add to this list, if you think you have an exception ask @deads2k "AlibabaPlatform", // never add to this list, if you think you have an exception ask @deads2k "AutomatedEtcdBackup", @@ -81,12 +77,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "MultiArchInstallGCP", // never add to this list, if you think you have an exception ask @deads2k - "NetworkDiagnosticsConfig", - // never add to this list, if you think you have an exception ask @deads2k - "NetworkLiveMigration", - // never add to this list, if you think you have an exception ask @deads2k - "NetworkSegmentation", - // never add to this list, if you think you have an exception ask @deads2k "NewOLM", // never add to this list, if you think you have an exception ask @deads2k "NodeDisruptionPolicy", @@ -99,8 +89,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "PrivateHostedZoneAWS", // never add to this list, if you think you have an exception ask @deads2k - "RouteAdvertisements", - // never add to this list, if you think you have an exception ask @deads2k "RouteExternalCertificate", // never add to this list, if you think you have an exception ask @deads2k "SetEIPForNLBIngressController", diff --git a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml index 326d875acd8..424724974eb 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml @@ -248,12 +248,6 @@ } ], "enabled": [ - { - "name": "AdditionalRoutingCapabilities" - }, - { - "name": "AdminNetworkPolicy" - }, { "name": "AzureWorkloadIdentity" }, @@ -314,30 +308,15 @@ { "name": "MetricsCollectionProfiles" }, - { - "name": "NetworkDiagnosticsConfig" - }, - { - "name": "NetworkLiveMigration" - }, - { - "name": "NetworkSegmentation" - }, { "name": "OpenShiftPodSecurityAdmission" }, { "name": "PinnedImages" }, - { - "name": "PreconfiguredUDNAddresses" - }, { "name": "ProcMountType" }, - { - "name": "RouteAdvertisements" - }, { "name": "RouteExternalCertificate" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml index 1897be7b3c5..db25e7f2409 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml @@ -70,12 +70,6 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalRoutingCapabilities" - }, - { - "name": "AdminNetworkPolicy" - }, { "name": "AutomatedEtcdBackup" }, @@ -283,15 +277,6 @@ { "name": "NetworkConnect" }, - { - "name": "NetworkDiagnosticsConfig" - }, - { - "name": "NetworkLiveMigration" - }, - { - "name": "NetworkSegmentation" - }, { "name": "NutanixMultiSubnets" }, @@ -310,18 +295,12 @@ { "name": "PinnedImages" }, - { - "name": "PreconfiguredUDNAddresses" - }, { "name": "ProcMountType" }, { "name": "ProvisioningRequestAvailable" }, - { - "name": "RouteAdvertisements" - }, { "name": "RouteExternalCertificate" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml b/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml index 91f2cd1e720..77666ec1aeb 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml @@ -250,12 +250,6 @@ } ], "enabled": [ - { - "name": "AdditionalRoutingCapabilities" - }, - { - "name": "AdminNetworkPolicy" - }, { "name": "AzureWorkloadIdentity" }, @@ -316,30 +310,15 @@ { "name": "MetricsCollectionProfiles" }, - { - "name": "NetworkDiagnosticsConfig" - }, - { - "name": "NetworkLiveMigration" - }, - { - "name": "NetworkSegmentation" - }, { "name": "OpenShiftPodSecurityAdmission" }, { "name": "PinnedImages" }, - { - "name": "PreconfiguredUDNAddresses" - }, { "name": "ProcMountType" }, - { - "name": "RouteAdvertisements" - }, { "name": "RouteExternalCertificate" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml index 5853607c02b..24c905dc72b 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml @@ -97,12 +97,6 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalRoutingCapabilities" - }, - { - "name": "AdminNetworkPolicy" - }, { "name": "AutomatedEtcdBackup" }, @@ -286,15 +280,6 @@ { "name": "MutatingAdmissionPolicy" }, - { - "name": "NetworkDiagnosticsConfig" - }, - { - "name": "NetworkLiveMigration" - }, - { - "name": "NetworkSegmentation" - }, { "name": "NutanixMultiSubnets" }, @@ -313,15 +298,9 @@ { "name": "PinnedImages" }, - { - "name": "PreconfiguredUDNAddresses" - }, { "name": "ProcMountType" }, - { - "name": "RouteAdvertisements" - }, { "name": "RouteExternalCertificate" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml index 43c5affe7e2..a778216de85 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml @@ -242,12 +242,6 @@ } ], "enabled": [ - { - "name": "AdditionalRoutingCapabilities" - }, - { - "name": "AdminNetworkPolicy" - }, { "name": "AzureWorkloadIdentity" }, @@ -305,15 +299,6 @@ { "name": "MetricsCollectionProfiles" }, - { - "name": "NetworkDiagnosticsConfig" - }, - { - "name": "NetworkLiveMigration" - }, - { - "name": "NetworkSegmentation" - }, { "name": "NewOLM" }, @@ -329,15 +314,9 @@ { "name": "PinnedImages" }, - { - "name": "PreconfiguredUDNAddresses" - }, { "name": "ProcMountType" }, - { - "name": "RouteAdvertisements" - }, { "name": "RouteExternalCertificate" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml index e9d704c6a35..fb08c00a34f 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml @@ -52,12 +52,6 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalRoutingCapabilities" - }, - { - "name": "AdminNetworkPolicy" - }, { "name": "AutomatedEtcdBackup" }, @@ -262,15 +256,6 @@ { "name": "NetworkConnect" }, - { - "name": "NetworkDiagnosticsConfig" - }, - { - "name": "NetworkLiveMigration" - }, - { - "name": "NetworkSegmentation" - }, { "name": "NewOLM" }, @@ -310,18 +295,12 @@ { "name": "PinnedImages" }, - { - "name": "PreconfiguredUDNAddresses" - }, { "name": "ProcMountType" }, { "name": "ProvisioningRequestAvailable" }, - { - "name": "RouteAdvertisements" - }, { "name": "RouteExternalCertificate" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml index 9c72a8df94f..8b9c0b1e0e4 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml @@ -244,12 +244,6 @@ } ], "enabled": [ - { - "name": "AdditionalRoutingCapabilities" - }, - { - "name": "AdminNetworkPolicy" - }, { "name": "AzureWorkloadIdentity" }, @@ -307,15 +301,6 @@ { "name": "MetricsCollectionProfiles" }, - { - "name": "NetworkDiagnosticsConfig" - }, - { - "name": "NetworkLiveMigration" - }, - { - "name": "NetworkSegmentation" - }, { "name": "NewOLM" }, @@ -331,15 +316,9 @@ { "name": "PinnedImages" }, - { - "name": "PreconfiguredUDNAddresses" - }, { "name": "ProcMountType" }, - { - "name": "RouteAdvertisements" - }, { "name": "RouteExternalCertificate" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml index f3a7e2c225a..3d00cf653de 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml @@ -79,12 +79,6 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalRoutingCapabilities" - }, - { - "name": "AdminNetworkPolicy" - }, { "name": "AutomatedEtcdBackup" }, @@ -265,15 +259,6 @@ { "name": "MutatingAdmissionPolicy" }, - { - "name": "NetworkDiagnosticsConfig" - }, - { - "name": "NetworkLiveMigration" - }, - { - "name": "NetworkSegmentation" - }, { "name": "NewOLM" }, @@ -313,15 +298,9 @@ { "name": "PinnedImages" }, - { - "name": "PreconfiguredUDNAddresses" - }, { "name": "ProcMountType" }, - { - "name": "RouteAdvertisements" - }, { "name": "RouteExternalCertificate" },