Skip to content

Commit

Permalink
feat: Add OpenShift Machine-Config-Operator CRDs (#204)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jacksgt
jacksgt authored Aug 17, 2023
1 parent 08821be commit f0d0b0e
Show file tree
Hide file tree
Showing 4 changed files with 1,071 additions and 0 deletions.
143 changes: 143 additions & 0 deletions openshift/v4.11-strict/containerruntimeconfig_v1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
{
"description": "ContainerRuntimeConfig describes a customized Container Runtime configuration.",
"type": "object",
"required": [
"spec"
],
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ContainerRuntimeConfigSpec defines the desired state of ContainerRuntimeConfig",
"type": "object",
"required": [
"containerRuntimeConfig"
],
"properties": {
"containerRuntimeConfig": {
"description": "ContainerRuntimeConfiguration defines the tuneables of the container runtime. It's important to note that, since the fields of the ContainerRuntimeConfiguration are directly read by the upstream kubernetes golang client, the validation of those values is handled directly by that golang client which is outside of the controller for ContainerRuntimeConfiguration. Please ensure the valid values are used for those fields as invalid values may render cluster nodes unusable.",
"type": "object",
"properties": {
"logLevel": {
"description": "logLevel specifies the verbosity of the logs based on the level it is set to. Options are fatal, panic, error, warn, info, and debug.",
"type": "string"
},
"logSizeMax": {
"description": "logSizeMax specifies the Maximum size allowed for the container log file. Negative numbers indicate that no size limit is imposed. If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.",
"type": "string"
},
"overlaySize": {
"description": "overlaySize specifies the maximum size of a container image. This flag can be used to set quota on the size of container images.",
"type": "string"
},
"pidsLimit": {
"description": "pidsLimit specifies the maximum number of processes allowed in a container",
"type": "integer",
"format": "int64"
}
},
"additionalProperties": false
},
"machineConfigPoolSelector": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.",
"type": "object",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"type": "array",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.",
"type": "object",
"required": [
"key",
"operator"
],
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"matchLabels": {
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"status": {
"description": "ContainerRuntimeConfigStatus defines the observed state of a ContainerRuntimeConfig",
"type": "object",
"properties": {
"conditions": {
"description": "conditions represents the latest available observations of current state.",
"type": "array",
"items": {
"description": "ContainerRuntimeConfigCondition defines the state of the ContainerRuntimeConfig",
"type": "object",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the time of the last update to the current status object.",
"type": "string",
"format": "date-time",
"nullable": true
},
"message": {
"description": "message provides additional information about the current condition. This is only to be consumed by humans.",
"type": "string"
},
"reason": {
"description": "reason is the reason for the condition's last transition. Reasons are PascalCase",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"type": "string"
},
"type": {
"description": "type specifies the state of the operator's reconciliation functionality.",
"type": "string"
}
},
"additionalProperties": false
}
},
"observedGeneration": {
"description": "observedGeneration represents the generation observed by the controller.",
"type": "integer",
"format": "int64"
}
},
"additionalProperties": false
}
}
}
189 changes: 189 additions & 0 deletions openshift/v4.11-strict/kubeletconfig_v1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,189 @@
{
"description": "KubeletConfig describes a customized Kubelet configuration.",
"type": "object",
"required": [
"spec"
],
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "KubeletConfigSpec defines the desired state of KubeletConfig",
"type": "object",
"properties": {
"autoSizingReserved": {
"description": "Automatically set optimal system reserved",
"type": "boolean"
},
"tlsSecurityProfile": {
"description": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. \n If unset, the default is based on the apiservers.config.openshift.io/cluster resource. \n Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout. \n Note that the minimum TLS version for ingress controllers is 1.1, and the maximum TLS version is 1.2. An implication of this restriction is that the Modern TLS profile type cannot be used because it requires TLS 1.3.",
"properties": {
"custom": {
"description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1",
"nullable": true,
"properties": {
"ciphers": {
"description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA",
"items": {
"type": "string"
},
"type": "array"
},
"minTLSVersion": {
"description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12",
"enum": [
"VersionTLS10",
"VersionTLS11",
"VersionTLS12",
"VersionTLS13"
],
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"intermediate": {
"description": "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.2",
"nullable": true,
"type": "object"
},
"modern": {
"description": "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported.",
"nullable": true,
"type": "object"
},
"old": {
"description": "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA minTLSVersion: TLSv1.0",
"nullable": true,
"type": "object"
},
"type": {
"description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.",
"enum": [
"Old",
"Intermediate",
"Modern",
"Custom"
],
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"logLevel": {
"description": "logLevel defines the log level of the Kubelet",
"type": "integer",
"format": "int64",
"minimum": 1,
"maximum": 10
},
"kubeletConfig": {
"description": "The fields of the kubelet configuration are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relavent kubernetes for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable.",
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"machineConfigPoolSelector": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.",
"type": "object",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"type": "array",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.",
"type": "object",
"required": [
"key",
"operator"
],
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"matchLabels": {
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"status": {
"description": "KubeletConfigStatus defines the observed state of a KubeletConfig",
"type": "object",
"properties": {
"conditions": {
"description": "conditions represents the latest available observations of current state.",
"type": "array",
"items": {
"description": "KubeletConfigCondition defines the state of the KubeletConfig",
"type": "object",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the time of the last update to the current status object.",
"type": "string",
"format": "date-time",
"nullable": true
},
"message": {
"description": "message provides additional information about the current condition. This is only to be consumed by humans.",
"type": "string"
},
"reason": {
"description": "reason is the reason for the condition's last transition. Reasons are PascalCase",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"type": "string"
},
"type": {
"description": "type specifies the state of the operator's reconciliation functionality.",
"type": "string"
}
},
"additionalProperties": false
}
},
"observedGeneration": {
"description": "observedGeneration represents the generation observed by the controller.",
"type": "integer",
"format": "int64"
}
},
"additionalProperties": false
}
}
}
Loading

0 comments on commit f0d0b0e

Please sign in to comment.