|
46 | 46 | description: spec is the specification of the desired behavior of the |
47 | 47 | Machine Config Operator |
48 | 48 | properties: |
| 49 | + bootImageSkewEnforcement: |
| 50 | + description: |- |
| 51 | + bootImageSkewEnforcement allows an admin to configure how boot image version skew is |
| 52 | + enforced on the cluster. |
| 53 | + When omitted, this will default to Automatic for clusters that support automatic boot image updates. |
| 54 | + For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until |
| 55 | + a skew enforcement mode has been specified. |
| 56 | + When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed |
| 57 | + acceptable for the current release payload. |
| 58 | + properties: |
| 59 | + manual: |
| 60 | + description: |- |
| 61 | + manual describes the current boot image of the cluster. |
| 62 | + This should be set to the oldest boot image used amongst all machine resources in the cluster. |
| 63 | + This must include either the RHCOS version of the boot image or the OCP release version which shipped with that |
| 64 | + RHCOS boot image. |
| 65 | + Required when mode is set to "Manual" and forbidden otherwise. |
| 66 | + properties: |
| 67 | + mode: |
| 68 | + description: |- |
| 69 | + mode is used to configure which boot image field is defined in Manual mode. |
| 70 | + Valid values are OCPVersion and RHCOSVersion. |
| 71 | + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update |
| 72 | + in the OCPVersion field. |
| 73 | + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update |
| 74 | + in the RHCOSVersion field. |
| 75 | + This field is required. |
| 76 | + enum: |
| 77 | + - OCPVersion |
| 78 | + - RHCOSVersion |
| 79 | + type: string |
| 80 | + ocpVersion: |
| 81 | + description: |- |
| 82 | + ocpVersion provides a string which represents the OCP version of the boot image. |
| 83 | + This field must match the OCP semver compatible format of x.y.z. This field must be between |
| 84 | + 5 and 10 characters long. |
| 85 | + Required when mode is set to "OCPVersion" and forbidden otherwise. |
| 86 | + maxLength: 10 |
| 87 | + minLength: 5 |
| 88 | + type: string |
| 89 | + x-kubernetes-validations: |
| 90 | + - message: ocpVersion must match the OCP semver compatible |
| 91 | + format of x.y.z |
| 92 | + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') |
| 93 | + rhcosVersion: |
| 94 | + description: |- |
| 95 | + rhcosVersion provides a string which represents the RHCOS version of the boot image |
| 96 | + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy |
| 97 | + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between |
| 98 | + 14 and 21 characters long. |
| 99 | + Required when mode is set to "RHCOSVersion" and forbidden otherwise. |
| 100 | + maxLength: 21 |
| 101 | + minLength: 14 |
| 102 | + type: string |
| 103 | + x-kubernetes-validations: |
| 104 | + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] |
| 105 | + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] |
| 106 | + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') |
| 107 | + required: |
| 108 | + - mode |
| 109 | + type: object |
| 110 | + x-kubernetes-validations: |
| 111 | + - message: ocpVersion is required when mode is OCPVersion, and |
| 112 | + forbidden otherwise |
| 113 | + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) |
| 114 | + : !has(self.ocpVersion)' |
| 115 | + - message: rhcosVersion is required when mode is RHCOSVersion, |
| 116 | + and forbidden otherwise |
| 117 | + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) |
| 118 | + : !has(self.rhcosVersion)' |
| 119 | + mode: |
| 120 | + description: |- |
| 121 | + mode determines the underlying behavior of skew enforcement mechanism. |
| 122 | + Valid values are Manual and None. |
| 123 | + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP |
| 124 | + & RHCOS version associated with the last boot image update in the manual field. |
| 125 | + In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the |
| 126 | + skew limit described by the release image. |
| 127 | + None means that the MCO will no longer monitor the boot image skew. This may affect |
| 128 | + the cluster's ability to scale. |
| 129 | + This field is required. |
| 130 | + enum: |
| 131 | + - Manual |
| 132 | + - None |
| 133 | + type: string |
| 134 | + required: |
| 135 | + - mode |
| 136 | + type: object |
| 137 | + x-kubernetes-validations: |
| 138 | + - message: manual is required when mode is Manual, and forbidden otherwise |
| 139 | + rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) |
| 140 | + : !has(self.manual)' |
49 | 141 | failedRevisionLimit: |
50 | 142 | description: |- |
51 | 143 | failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api |
@@ -690,6 +782,140 @@ spec: |
690 | 782 | description: status is the most recently observed status of the Machine |
691 | 783 | Config Operator |
692 | 784 | properties: |
| 785 | + bootImageSkewEnforcementStatus: |
| 786 | + description: |- |
| 787 | + bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement |
| 788 | + configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. |
| 789 | + When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how |
| 790 | + boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically |
| 791 | + determine skew enforcement or there is an explicit skew enforcement configuration provided in the |
| 792 | + spec.bootImageSkewEnforcement field. |
| 793 | + properties: |
| 794 | + automatic: |
| 795 | + description: |- |
| 796 | + automatic describes the current boot image of the cluster. |
| 797 | + This will be populated by the MCO when performing boot image updates. This value will be compared against |
| 798 | + the cluster's skew limit to determine skew compliance. |
| 799 | + Required when mode is set to "Automatic" and forbidden otherwise. |
| 800 | + minProperties: 1 |
| 801 | + properties: |
| 802 | + ocpVersion: |
| 803 | + description: |- |
| 804 | + ocpVersion provides a string which represents the OCP version of the boot image. |
| 805 | + This field must match the OCP semver compatible format of x.y.z. This field must be between |
| 806 | + 5 and 10 characters long. |
| 807 | + maxLength: 10 |
| 808 | + minLength: 5 |
| 809 | + type: string |
| 810 | + x-kubernetes-validations: |
| 811 | + - message: ocpVersion must match the OCP semver compatible |
| 812 | + format of x.y.z |
| 813 | + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') |
| 814 | + rhcosVersion: |
| 815 | + description: |- |
| 816 | + rhcosVersion provides a string which represents the RHCOS version of the boot image |
| 817 | + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy |
| 818 | + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between |
| 819 | + 14 and 21 characters long. |
| 820 | + maxLength: 21 |
| 821 | + minLength: 14 |
| 822 | + type: string |
| 823 | + x-kubernetes-validations: |
| 824 | + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] |
| 825 | + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] |
| 826 | + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') |
| 827 | + type: object |
| 828 | + x-kubernetes-validations: |
| 829 | + - message: at least one of ocpVersion or rhcosVersion is required |
| 830 | + rule: has(self.ocpVersion) || has(self.rhcosVersion) |
| 831 | + manual: |
| 832 | + description: |- |
| 833 | + manual describes the current boot image of the cluster. |
| 834 | + This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. |
| 835 | + This value will be compared against the cluster's skew limit to determine skew compliance. |
| 836 | + Required when mode is set to "Manual" and forbidden otherwise. |
| 837 | + properties: |
| 838 | + mode: |
| 839 | + description: |- |
| 840 | + mode is used to configure which boot image field is defined in Manual mode. |
| 841 | + Valid values are OCPVersion and RHCOSVersion. |
| 842 | + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update |
| 843 | + in the OCPVersion field. |
| 844 | + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update |
| 845 | + in the RHCOSVersion field. |
| 846 | + This field is required. |
| 847 | + enum: |
| 848 | + - OCPVersion |
| 849 | + - RHCOSVersion |
| 850 | + type: string |
| 851 | + ocpVersion: |
| 852 | + description: |- |
| 853 | + ocpVersion provides a string which represents the OCP version of the boot image. |
| 854 | + This field must match the OCP semver compatible format of x.y.z. This field must be between |
| 855 | + 5 and 10 characters long. |
| 856 | + Required when mode is set to "OCPVersion" and forbidden otherwise. |
| 857 | + maxLength: 10 |
| 858 | + minLength: 5 |
| 859 | + type: string |
| 860 | + x-kubernetes-validations: |
| 861 | + - message: ocpVersion must match the OCP semver compatible |
| 862 | + format of x.y.z |
| 863 | + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') |
| 864 | + rhcosVersion: |
| 865 | + description: |- |
| 866 | + rhcosVersion provides a string which represents the RHCOS version of the boot image |
| 867 | + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy |
| 868 | + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between |
| 869 | + 14 and 21 characters long. |
| 870 | + Required when mode is set to "RHCOSVersion" and forbidden otherwise. |
| 871 | + maxLength: 21 |
| 872 | + minLength: 14 |
| 873 | + type: string |
| 874 | + x-kubernetes-validations: |
| 875 | + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] |
| 876 | + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] |
| 877 | + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') |
| 878 | + required: |
| 879 | + - mode |
| 880 | + type: object |
| 881 | + x-kubernetes-validations: |
| 882 | + - message: ocpVersion is required when mode is OCPVersion, and |
| 883 | + forbidden otherwise |
| 884 | + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) |
| 885 | + : !has(self.ocpVersion)' |
| 886 | + - message: rhcosVersion is required when mode is RHCOSVersion, |
| 887 | + and forbidden otherwise |
| 888 | + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) |
| 889 | + : !has(self.rhcosVersion)' |
| 890 | + mode: |
| 891 | + description: |- |
| 892 | + mode determines the underlying behavior of skew enforcement mechanism. |
| 893 | + Valid values are Automatic, Manual and None. |
| 894 | + Automatic means that the MCO will perform boot image updates and store the |
| 895 | + OCP & RHCOS version associated with the last boot image update in the automatic field. |
| 896 | + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP |
| 897 | + & RHCOS version associated with the last boot image update in the manual field. |
| 898 | + In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the |
| 899 | + skew limit described by the release image. |
| 900 | + None means that the MCO will no longer monitor the boot image skew. This may affect |
| 901 | + the cluster's ability to scale. |
| 902 | + This field is required. |
| 903 | + enum: |
| 904 | + - Automatic |
| 905 | + - Manual |
| 906 | + - None |
| 907 | + type: string |
| 908 | + required: |
| 909 | + - mode |
| 910 | + type: object |
| 911 | + x-kubernetes-validations: |
| 912 | + - message: automatic is required when mode is Automatic, and forbidden |
| 913 | + otherwise |
| 914 | + rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) |
| 915 | + : !has(self.automatic)' |
| 916 | + - message: manual is required when mode is Manual, and forbidden otherwise |
| 917 | + rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) |
| 918 | + : !has(self.manual)' |
693 | 919 | conditions: |
694 | 920 | description: conditions is a list of conditions and their status |
695 | 921 | items: |
@@ -1292,6 +1518,25 @@ spec: |
1292 | 1518 | required: |
1293 | 1519 | - spec |
1294 | 1520 | type: object |
| 1521 | + x-kubernetes-validations: |
| 1522 | + - message: when skew enforcement is in Automatic mode, a boot image configuration |
| 1523 | + is required |
| 1524 | + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' |
| 1525 | + ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() |
| 1526 | + : true' |
| 1527 | + - message: when skew enforcement is in Automatic mode, managedBootImages must |
| 1528 | + contain a MachineManager opting in all MachineAPI MachineSets |
| 1529 | + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' |
| 1530 | + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, |
| 1531 | + m.selection.mode == ''All'' && m.resource == ''machinesets'' && m.apiGroup |
| 1532 | + == ''machine.openshift.io'') : true' |
| 1533 | + - message: when skew enforcement is in Automatic mode, managedBootImagesStatus |
| 1534 | + must contain a MachineManager opting in all MachineAPI MachineSets |
| 1535 | + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' |
| 1536 | + ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || |
| 1537 | + self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode |
| 1538 | + == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): |
| 1539 | + true' |
1295 | 1540 | served: true |
1296 | 1541 | storage: true |
1297 | 1542 | subresources: |
|
![openshift-merge-bot[bot]](https://avatars.githubusercontent.com/in/412865?v=4&size=40){kind=avatar}
0 commit comments