From 50b877ffd9f083dc7cfdb0e0fdc0666bcb485e72 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Fri, 28 Jun 2024 19:09:17 -0700 Subject: [PATCH] Update to ocm v0.14.0 crds Signed-off-by: Tamal Saha --- .../v1alpha1/addondeploymentconfigs.yaml | 11 +- .../v1alpha1/addontemplates.yaml | 6 +- .../v1alpha1/clustermanagementaddons.yaml | 192 ++++++++++++++---- .../v1/managedclusters.yaml | 21 +- .../v1beta1/placementdecisions.yaml | 16 +- .../v1beta1/placements.yaml | 10 +- .../v1beta2/managedclustersetbindings.yaml | 10 +- .../v1beta2/managedclustersets.yaml | 22 +- .../v1/clustermanagers.yaml | 80 ++++++++ .../v1/klusterlets.yaml | 153 +++++++++++++- .../v1/manifestworks.yaml | 5 +- .../v1alpha1/manifestworkreplicasets.yaml | 186 +++++++++++++---- 12 files changed, 586 insertions(+), 126 deletions(-) diff --git a/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/addondeploymentconfigs.yaml b/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/addondeploymentconfigs.yaml index 292f15223..9ca31f207 100644 --- a/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/addondeploymentconfigs.yaml +++ b/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/addondeploymentconfigs.yaml @@ -17,8 +17,9 @@ spec: version: v1alpha1 validation: openAPIV3Schema: - description: AddOnDeploymentConfig represents a deployment configuration for - an add-on. + description: AddOnDeploymentConfig represents a configuration to customize the + deployments of an add-on. For example, you can specify the NodePlacement to + control the scheduling of the add-on agents. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -161,6 +162,12 @@ spec: description: ProxyConfig holds proxy settings for add-on agent on the managed cluster. Empty means no proxy settings is available. properties: + caBundle: + description: CABundle is a CA certificate bundle to verify the proxy + server. And it's only useful when HTTPSProxy is set and a HTTPS + proxy server is specified. + format: byte + type: string httpProxy: description: HTTPProxy is the URL of the proxy for HTTP requests type: string diff --git a/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/addontemplates.yaml b/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/addontemplates.yaml index 69c593439..621e644bb 100644 --- a/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/addontemplates.yaml +++ b/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/addontemplates.yaml @@ -286,11 +286,14 @@ spec: server side apply with work-controller as the field manager. If there is conflict, the related Applied condition of manifest will be in the status of False with the - reason of ApplyConflict. + reason of ApplyConflict. ReadOnly type means the agent + will only check the existence of the resource based + on its metadata. enum: - Update - CreateOnly - ServerSideApply + - ReadOnly type: string required: - type @@ -342,6 +345,7 @@ spec: will use to create csr. maxLength: 571 minLength: 5 + pattern: ^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$ type: string signingCA: description: 'SigningCA represents the reference of the secret diff --git a/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/clustermanagementaddons.yaml b/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/clustermanagementaddons.yaml index 3f1ed60ca..df7392222 100644 --- a/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/clustermanagementaddons.yaml +++ b/hub/resourcedescriptors/addon.open-cluster-management.io/v1alpha1/clustermanagementaddons.yaml @@ -18,10 +18,9 @@ spec: validation: openAPIV3Schema: description: ClusterManagementAddOn represents the registration of an add-on - to the cluster manager. This resource allows the user to discover which add-on - is available for the cluster manager and also provides metadata information - about the add-on. This resource also provides a linkage to ManagedClusterAddOn, - the name of the ClusterManagementAddOn resource will be used for the namespace-scoped + to the cluster manager. This resource allows you to discover which add-ons + are available for the cluster manager and provides metadata information about + the add-ons. The ClusterManagementAddOn name is used for the namespace-scoped ManagedClusterAddOn resource. ClusterManagementAddOn is a cluster-scoped resource. properties: apiVersion: @@ -158,23 +157,63 @@ spec: defined in ClusterManagementAddOn. properties: all: - description: All define required fields for RolloutStrategy + description: All defines required fields for RolloutStrategy type All properties: - timeout: + maxFailures: + anyOf: + - type: integer + - type: string + default: 0 + description: MaxFailures is a percentage or number + of clusters in the current rollout that can fail + before proceeding to the next rollout. Fail means + the cluster has a failed status or timeout status + (does not reach successful status after ProgressDeadline). + Once the MaxFailures is breached, the rollout will + stop. MaxFailures is only considered for rollout + types Progressive and ProgressivePerGroup. For Progressive, + this is considered over the total number of clusters. + For ProgressivePerGroup, this is considered according + to the size of the current group. For both Progressive + and ProgressivePerGroup, the MaxFailures does not + apply for MandatoryDecisionGroups, which tolerate + no failures. Default is that no failures are tolerated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + minSuccessTime: + default: "0" + description: MinSuccessTime is a "soak" time. In other + words, the minimum amount of time the workload applier + controller will wait from the start of each rollout + before proceeding (assuming a successful state has + been reached and MaxFailures wasn't breached). MinSuccessTime + is only considered for rollout types Progressive + and ProgressivePerGroup. The default value is 0 + meaning the workload applier proceeds immediately + after a successful state is reached. MinSuccessTime + must be defined in [0-9h]|[0-9m]|[0-9s] format examples; + 2h , 90m , 360s + type: string + progressDeadline: default: None - description: Timeout define how long workload applier - controller will wait till workload reach successful - state in the cluster. Timeout default value is None - meaning the workload applier will not proceed apply - workload to other clusters if did not reach the - successful state. Timeout must be defined in [0-9h]|[0-9m]|[0-9s] - format examples; 2h , 90m , 360s + description: ProgressDeadline defines how long workload + applier controller will wait for the workload to + reach a successful state in the cluster. If the + workload does not reach a successful state after + ProgressDeadline, will stop waiting and workload + will be treated as "timeout" and be counted into + MaxFailures. Once the MaxFailures is breached, the + rollout will stop. ProgressDeadline default value + is "None", meaning the workload applier will wait + for a successful state indefinitely. ProgressDeadline + must be defined in [0-9h]|[0-9m]|[0-9s] format examples; + 2h , 90m , 360s pattern: ^(([0-9])+[h|m|s])|None$ type: string type: object progressive: - description: Progressive define required fields for RolloutStrategy + description: Progressive defines required fields for RolloutStrategy type Progressive properties: mandatoryDecisionGroups: @@ -211,20 +250,60 @@ spec: defined in the placement->DecisionStrategy. pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ x-kubernetes-int-or-string: true - timeout: + maxFailures: + anyOf: + - type: integer + - type: string + default: 0 + description: MaxFailures is a percentage or number + of clusters in the current rollout that can fail + before proceeding to the next rollout. Fail means + the cluster has a failed status or timeout status + (does not reach successful status after ProgressDeadline). + Once the MaxFailures is breached, the rollout will + stop. MaxFailures is only considered for rollout + types Progressive and ProgressivePerGroup. For Progressive, + this is considered over the total number of clusters. + For ProgressivePerGroup, this is considered according + to the size of the current group. For both Progressive + and ProgressivePerGroup, the MaxFailures does not + apply for MandatoryDecisionGroups, which tolerate + no failures. Default is that no failures are tolerated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + minSuccessTime: + default: "0" + description: MinSuccessTime is a "soak" time. In other + words, the minimum amount of time the workload applier + controller will wait from the start of each rollout + before proceeding (assuming a successful state has + been reached and MaxFailures wasn't breached). MinSuccessTime + is only considered for rollout types Progressive + and ProgressivePerGroup. The default value is 0 + meaning the workload applier proceeds immediately + after a successful state is reached. MinSuccessTime + must be defined in [0-9h]|[0-9m]|[0-9s] format examples; + 2h , 90m , 360s + type: string + progressDeadline: default: None - description: Timeout define how long workload applier - controller will wait till workload reach successful - state in the cluster. Timeout default value is None - meaning the workload applier will not proceed apply - workload to other clusters if did not reach the - successful state. Timeout must be defined in [0-9h]|[0-9m]|[0-9s] - format examples; 2h , 90m , 360s + description: ProgressDeadline defines how long workload + applier controller will wait for the workload to + reach a successful state in the cluster. If the + workload does not reach a successful state after + ProgressDeadline, will stop waiting and workload + will be treated as "timeout" and be counted into + MaxFailures. Once the MaxFailures is breached, the + rollout will stop. ProgressDeadline default value + is "None", meaning the workload applier will wait + for a successful state indefinitely. ProgressDeadline + must be defined in [0-9h]|[0-9m]|[0-9s] format examples; + 2h , 90m , 360s pattern: ^(([0-9])+[h|m|s])|None$ type: string type: object progressivePerGroup: - description: ProgressivePerGroup define required fields + description: ProgressivePerGroup defines required fields for RolloutStrategy type ProgressivePerGroup properties: mandatoryDecisionGroups: @@ -251,31 +330,60 @@ spec: type: string type: object type: array - timeout: + maxFailures: + anyOf: + - type: integer + - type: string + default: 0 + description: MaxFailures is a percentage or number + of clusters in the current rollout that can fail + before proceeding to the next rollout. Fail means + the cluster has a failed status or timeout status + (does not reach successful status after ProgressDeadline). + Once the MaxFailures is breached, the rollout will + stop. MaxFailures is only considered for rollout + types Progressive and ProgressivePerGroup. For Progressive, + this is considered over the total number of clusters. + For ProgressivePerGroup, this is considered according + to the size of the current group. For both Progressive + and ProgressivePerGroup, the MaxFailures does not + apply for MandatoryDecisionGroups, which tolerate + no failures. Default is that no failures are tolerated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + minSuccessTime: + default: "0" + description: MinSuccessTime is a "soak" time. In other + words, the minimum amount of time the workload applier + controller will wait from the start of each rollout + before proceeding (assuming a successful state has + been reached and MaxFailures wasn't breached). MinSuccessTime + is only considered for rollout types Progressive + and ProgressivePerGroup. The default value is 0 + meaning the workload applier proceeds immediately + after a successful state is reached. MinSuccessTime + must be defined in [0-9h]|[0-9m]|[0-9s] format examples; + 2h , 90m , 360s + type: string + progressDeadline: default: None - description: Timeout define how long workload applier - controller will wait till workload reach successful - state in the cluster. Timeout default value is None - meaning the workload applier will not proceed apply - workload to other clusters if did not reach the - successful state. Timeout must be defined in [0-9h]|[0-9m]|[0-9s] - format examples; 2h , 90m , 360s + description: ProgressDeadline defines how long workload + applier controller will wait for the workload to + reach a successful state in the cluster. If the + workload does not reach a successful state after + ProgressDeadline, will stop waiting and workload + will be treated as "timeout" and be counted into + MaxFailures. Once the MaxFailures is breached, the + rollout will stop. ProgressDeadline default value + is "None", meaning the workload applier will wait + for a successful state indefinitely. ProgressDeadline + must be defined in [0-9h]|[0-9m]|[0-9s] format examples; + 2h , 90m , 360s pattern: ^(([0-9])+[h|m|s])|None$ type: string type: object type: default: All - description: Rollout strategy Types are All, Progressive - and ProgressivePerGroup 1) All means apply the workload - to all clusters in the decision groups at once. 2) Progressive - means apply the workload to the selected clusters progressively - per cluster. The workload will not be applied to the - next cluster unless one of the current applied clusters - reach the successful state or timeout. 3) ProgressivePerGroup - means apply the workload to decisionGroup clusters progressively - per group. The workload will not be applied to the next - decisionGroup unless all clusters in the current group - reach the successful state or timeout. enum: - All - Progressive diff --git a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1/managedclusters.yaml b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1/managedclusters.yaml index 83ca7f784..76424fbda 100644 --- a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1/managedclusters.yaml +++ b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1/managedclusters.yaml @@ -18,16 +18,17 @@ spec: validation: openAPIV3Schema: description: "ManagedCluster represents the desired state and current status - of managed cluster. ManagedCluster is a cluster scoped resource. The name - is the cluster UID. \n The cluster join process follows a double opt-in process: - \n 1. Agent on managed cluster creates CSR on hub with cluster UID and agent - name. 2. Agent on managed cluster creates ManagedCluster on hub. 3. Cluster - admin on hub approves the CSR for UID and agent name of the ManagedCluster. - 4. Cluster admin sets spec.acceptClient of ManagedCluster to true. 5. Cluster - admin on managed cluster creates credential of kubeconfig to hub. \n Once - the hub creates the cluster namespace, the Klusterlet agent on the ManagedCluster - pushes the credential to the hub to use against the kube-apiserver of the - ManagedCluster." + of a managed cluster. ManagedCluster is a cluster-scoped resource. The name + is the cluster UID. \n The cluster join process is a double opt-in process. + See the following join process steps: \n 1. The agent on the managed cluster + creates a CSR on the hub with the cluster UID and agent name. 2. The agent + on the managed cluster creates a ManagedCluster on the hub. 3. The cluster + admin on the hub cluster approves the CSR for the UID and agent name of the + ManagedCluster. 4. The cluster admin sets the spec.acceptClient of the ManagedCluster + to true. 5. The cluster admin on the managed cluster creates a credential + of the kubeconfig for the hub cluster. \n After the hub cluster creates the + cluster namespace, the klusterlet agent on the ManagedCluster pushes the credential + to the hub cluster to use against the kube-apiserver of the ManagedCluster." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta1/placementdecisions.yaml b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta1/placementdecisions.yaml index 89df80176..854ff826b 100644 --- a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta1/placementdecisions.yaml +++ b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta1/placementdecisions.yaml @@ -17,14 +17,14 @@ spec: version: v1beta1 validation: openAPIV3Schema: - description: "PlacementDecision indicates a decision from a placement PlacementDecision - should has a label cluster.open-cluster-management.io/placement={placement - name} to reference a certain placement. \n If a placement has spec.numberOfClusters - specified, the total number of decisions contained in status.decisions of - PlacementDecisions should always be NumberOfClusters; otherwise, the total - number of decisions should be the number of ManagedClusters which match the - placement requirements. \n Some of the decisions might be empty when there - are no enough ManagedClusters meet the placement requirements." + description: "PlacementDecision indicates a decision from a placement. PlacementDecision + must have a cluster.open-cluster-management.io/placement={placement name} + label to reference a certain placement. \n If a placement has spec.numberOfClusters + specified, the total number of decisions contained in the status.decisions + of PlacementDecisions must be the same as NumberOfClusters. Otherwise, the + total number of decisions must equal the number of ManagedClusters that match + the placement requirements. \n Some of the decisions might be empty when there + are not enough ManagedClusters to meet the placement requirements." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta1/placements.yaml b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta1/placements.yaml index 37ff99544..7907f4abe 100644 --- a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta1/placements.yaml +++ b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta1/placements.yaml @@ -43,11 +43,11 @@ spec: ManagedClusterSets; 3. ManagedClusterSets are bound to workload namespaces; 4. Namespace-scoped Placements specify a slice of ManagedClusterSets which select a working set of potential ManagedClusters; 5. Then Placements subselect - from that working set using label/claim selection. \n No ManagedCluster will - be selected if no ManagedClusterSet is bound to the placement namespace. User - is able to bind a ManagedClusterSet to a namespace by creating a ManagedClusterSetBinding - in that namespace if they have a RBAC rule to CREATE on the virtual subresource - of `managedclustersets/bind`. \n A slice of PlacementDecisions with label + from that working set using label/claim selection. \n A ManagedCluster will + not be selected if no ManagedClusterSet is bound to the placement namespace. + A user is able to bind a ManagedClusterSet to a namespace by creating a ManagedClusterSetBinding + in that namespace if they have an RBAC rule to CREATE on the virtual subresource + of `managedclustersets/bind`. \n A slice of PlacementDecisions with the label cluster.open-cluster-management.io/placement={placement name} will be created to represent the ManagedClusters selected by this placement. \n If a ManagedCluster is selected and added into the PlacementDecisions, other components may apply diff --git a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta2/managedclustersetbindings.yaml b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta2/managedclustersetbindings.yaml index d1f6ebcd9..3e682e60b 100644 --- a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta2/managedclustersetbindings.yaml +++ b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta2/managedclustersetbindings.yaml @@ -27,11 +27,11 @@ spec: validation: openAPIV3Schema: description: ManagedClusterSetBinding projects a ManagedClusterSet into a certain - namespace. User is able to create a ManagedClusterSetBinding in a namespace - and bind it to a ManagedClusterSet if they have an RBAC rule to CREATE on - the virtual subresource of managedclustersets/bind. Workloads created in the - same namespace can only be distributed to ManagedClusters in ManagedClusterSets - bound in this namespace by higher level controllers. + namespace. You can create a ManagedClusterSetBinding in a namespace and bind + it to a ManagedClusterSet if both have a RBAC rules to CREATE on the virtual + subresource of managedclustersets/bind. Workloads that you create in the same + namespace can only be distributed to ManagedClusters in ManagedClusterSets + that are bound in this namespace by higher-level controllers. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta2/managedclustersets.yaml b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta2/managedclustersets.yaml index d8f07b556..318d90de3 100644 --- a/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta2/managedclustersets.yaml +++ b/hub/resourcedescriptors/cluster.open-cluster-management.io/v1beta2/managedclustersets.yaml @@ -27,17 +27,17 @@ spec: version: v1beta2 validation: openAPIV3Schema: - description: "ManagedClusterSet defines a group of ManagedClusters that user's - workload can run on. A workload can be defined to deployed on a ManagedClusterSet, - which mean: 1. The workload can run on any ManagedCluster in the ManagedClusterSet - 2. The workload cannot run on any ManagedCluster outside the ManagedClusterSet - 3. The service exposed by the workload can be shared in any ManagedCluster - in the ManagedClusterSet \n In order to assign a ManagedCluster to a certian - ManagedClusterSet, add a label with name `cluster.open-cluster-management.io/clusterset` - on the ManagedCluster to refers to the ManagedClusterSet. User is not allow - to add/remove this label on a ManagedCluster unless they have a RBAC rule - to CREATE on a virtual subresource of managedclustersets/join. In order to - update this label, user must have the permission on both the old and new ManagedClusterSet." + description: "ManagedClusterSet defines a group of ManagedClusters that you + can run workloads on. You can define a workload to be deployed on a ManagedClusterSet. + See the following options for the workload: - The workload can run on any + ManagedCluster in the ManagedClusterSet - The workload cannot run on any ManagedCluster + outside the ManagedClusterSet - The service exposed by the workload can be + shared in any ManagedCluster in the ManagedClusterSet \n To assign a ManagedCluster + to a certain ManagedClusterSet, add a label with the name cluster.open-cluster-management.io/clusterset + on the ManagedCluster to refer to the ManagedClusterSet. You are not allowed + to add or remove this label on a ManagedCluster unless you have an RBAC rule + to CREATE on a virtual subresource of managedclustersets/join. To update this + label, you must have the permission on both the old and new ManagedClusterSet." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/hub/resourcedescriptors/operator.open-cluster-management.io/v1/clustermanagers.yaml b/hub/resourcedescriptors/operator.open-cluster-management.io/v1/clustermanagers.yaml index 973c1da77..000dc6a23 100644 --- a/hub/resourcedescriptors/operator.open-cluster-management.io/v1/clustermanagers.yaml +++ b/hub/resourcedescriptors/operator.open-cluster-management.io/v1/clustermanagers.yaml @@ -282,7 +282,71 @@ spec: description: RegistrationImagePullSpec represents the desired image of registration controller/webhook installed on hub. type: string + resourceRequirement: + description: ResourceRequirement specify QoS classes of deployments + managed by clustermanager. It applies to all the containers in the + deployments. + properties: + resourceRequirements: + description: ResourceRequirements defines resource requests and + limits when Type is ResourceQosClassResourceRequirement + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: + default: Default + enum: + - Default + - BestEffort + - ResourceRequirement + type: string + type: object workConfiguration: + default: + workDriver: kube description: WorkConfiguration contains the configuration of work properties: featureGates: @@ -316,6 +380,22 @@ spec: - feature type: object type: array + workDriver: + default: kube + description: "WorkDriver represents the type of work driver. Possible + values are \"kube\", \"mqtt\", or \"grpc\". If not provided, the + default value is \"kube\". If set to non-\"kube\" drivers, the + klusterlet need to use the same driver. and the driver configuration + must be provided in a secret named \"work-driver-config\" in the + namespace where the cluster manager is running, adhering to the + following structure: config.yaml: | \n + For detailed driver configuration, please refer to the sdk-go + documentation: https://github.com/open-cluster-management-io/sdk-go/blob/main/pkg/cloudevents/README.md#supported-protocols-and-drivers" + enum: + - kube + - mqtt + - grpc + type: string type: object workImagePullSpec: default: quay.io/open-cluster-management/work diff --git a/hub/resourcedescriptors/operator.open-cluster-management.io/v1/klusterlets.yaml b/hub/resourcedescriptors/operator.open-cluster-management.io/v1/klusterlets.yaml index 1bf517e64..fb5e28d6b 100644 --- a/hub/resourcedescriptors/operator.open-cluster-management.io/v1/klusterlets.yaml +++ b/hub/resourcedescriptors/operator.open-cluster-management.io/v1/klusterlets.yaml @@ -138,7 +138,7 @@ spec: like service accounts, roles and rolebindings, while the agent is deployed to the namespace with the same name as klusterlet on the management cluster. - maxLength: 63 + maxLength: 57 pattern: ^open-cluster-management-[-a-z0-9]*[a-z0-9]$ type: string nodePlacement: @@ -194,10 +194,64 @@ spec: type: object type: array type: object + priorityClassName: + description: PriorityClassName is the name of the PriorityClass that + will be used by the deployed klusterlet agent. It will be ignored + when the PriorityClass/v1 API is not available on the managed cluster. + type: string registrationConfiguration: description: RegistrationConfiguration contains the configuration of registration properties: + bootstrapKubeConfigs: + description: "BootstrapKubeConfigs defines the ordered list of bootstrap + kubeconfigs. The order decides which bootstrap kubeconfig to use + first when rebootstrap. \n When the agent loses the connection + to the current hub over HubConnectionTimeoutSeconds, or the managedcluster + CR is set `hubAcceptsClient=false` on the hub, the controller + marks the related bootstrap kubeconfig as \"failed\". \n A failed + bootstrapkubeconfig won't be used for the duration specified by + SkipFailedBootstrapKubeConfigSeconds. But if the user updates + the content of a failed bootstrapkubeconfig, the \"failed\" mark + will be cleared." + properties: + localSecretsConfig: + description: LocalSecretsConfig include a list of secrets that + contains the kubeconfigs for ordered bootstrap kubeconifigs. + The secrets must be in the same namespace where the agent + controller runs. + properties: + hubConnectionTimeoutSeconds: + default: 600 + description: HubConnectionTimeoutSeconds is used to set + the timeout of connecting to the hub cluster. When agent + loses the connection to the hub over the timeout seconds, + the agent do a rebootstrap. By default is 10 mins. + format: int32 + minimum: 180 + type: integer + kubeConfigSecrets: + description: KubeConfigSecrets is a list of secret names. + The secrets are in the same namespace where the agent + controller runs. + items: + properties: + name: + description: Name is the name of the secret. + type: string + type: object + type: array + type: object + type: + default: None + description: Type specifies the type of priority bootstrap kubeconfigs. + By default, it is set to None, representing no priority bootstrap + kubeconfigs are set. + enum: + - None + - LocalSecrets + type: string + type: object clientCertExpirationSeconds: description: clientCertExpirationSeconds represents the seconds of a client certificate to expire. If it is not set or 0, the @@ -244,15 +298,98 @@ spec: - feature type: object type: array + kubeAPIBurst: + default: 100 + description: 'KubeAPIBurst indicates the maximum burst of the throttle + while talking with apiserver of hub cluster from the spoke cluster. + If it is set empty, use the default value: 100' + format: int32 + type: integer + kubeAPIQPS: + default: 50 + description: 'KubeAPIQPS indicates the maximum QPS while talking + with apiserver of hub cluster from the spoke cluster. If it is + set empty, use the default value: 50' + format: int32 + type: integer type: object registrationImagePullSpec: description: RegistrationImagePullSpec represents the desired image configuration of registration agent. quay.io/open-cluster-management.io/registration:latest will be used if unspecified. type: string + resourceRequirement: + description: ResourceRequirement specify QoS classes of deployments + managed by klusterlet. It applies to all the containers in the deployments. + properties: + resourceRequirements: + description: ResourceRequirements defines resource requests and + limits when Type is ResourceQosClassResourceRequirement + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: + default: Default + enum: + - Default + - BestEffort + - ResourceRequirement + type: string + type: object workConfiguration: description: WorkConfiguration contains the configuration of work properties: + appliedManifestWorkEvictionGracePeriod: + description: AppliedManifestWorkEvictionGracePeriod is the eviction + grace period the work agent will wait before evicting the AppliedManifestWorks, + whose corresponding ManifestWorks are missing on the hub cluster, + from the managed cluster. If not present, the default value of + the work agent will be used. + pattern: ^([0-9]+(s|m|h))+$ + type: string featureGates: description: 'FeatureGates represents the list of feature gates for work If it is set empty, default feature gates will be used. @@ -284,6 +421,20 @@ spec: - feature type: object type: array + kubeAPIBurst: + default: 100 + description: 'KubeAPIBurst indicates the maximum burst of the throttle + while talking with apiserver of hub cluster from the spoke cluster. + If it is set empty, use the default value: 100' + format: int32 + type: integer + kubeAPIQPS: + default: 50 + description: 'KubeAPIQPS indicates the maximum QPS while talking + with apiserver of hub cluster from the spoke cluster. If it is + set empty, use the default value: 50' + format: int32 + type: integer type: object workImagePullSpec: description: WorkImagePullSpec represents the desired image configuration diff --git a/hub/resourcedescriptors/work.open-cluster-management.io/v1/manifestworks.yaml b/hub/resourcedescriptors/work.open-cluster-management.io/v1/manifestworks.yaml index 05a5e30c8..389ec7d1c 100644 --- a/hub/resourcedescriptors/work.open-cluster-management.io/v1/manifestworks.yaml +++ b/hub/resourcedescriptors/work.open-cluster-management.io/v1/manifestworks.yaml @@ -289,11 +289,14 @@ spec: update resource using server side apply with work-controller as the field manager. If there is conflict, the related Applied condition of manifest will be in the status of False - with the reason of ApplyConflict. + with the reason of ApplyConflict. ReadOnly type means the + agent will only check the existence of the resource based + on its metadata. enum: - Update - CreateOnly - ServerSideApply + - ReadOnly type: string required: - type diff --git a/hub/resourcedescriptors/work.open-cluster-management.io/v1alpha1/manifestworkreplicasets.yaml b/hub/resourcedescriptors/work.open-cluster-management.io/v1alpha1/manifestworkreplicasets.yaml index ddbc8bab3..13bc5953e 100644 --- a/hub/resourcedescriptors/work.open-cluster-management.io/v1alpha1/manifestworkreplicasets.yaml +++ b/hub/resourcedescriptors/work.open-cluster-management.io/v1alpha1/manifestworkreplicasets.yaml @@ -311,11 +311,14 @@ spec: server side apply with work-controller as the field manager. If there is conflict, the related Applied condition of manifest will be in the status of False with the - reason of ApplyConflict. + reason of ApplyConflict. ReadOnly type means the agent + will only check the existence of the resource based + on its metadata. enum: - Update - CreateOnly - ServerSideApply + - ReadOnly type: string required: - type @@ -355,29 +358,67 @@ spec: rolloutStrategy: default: all: - timeout: None + progressDeadline: None type: All description: Rollout strategy to apply workload to the selected clusters by Placement and DecisionStrategy. properties: all: - description: All define required fields for RolloutStrategy + description: All defines required fields for RolloutStrategy type All properties: - timeout: + maxFailures: + anyOf: + - type: integer + - type: string + default: 0 + description: MaxFailures is a percentage or number of + clusters in the current rollout that can fail before + proceeding to the next rollout. Fail means the cluster + has a failed status or timeout status (does not reach + successful status after ProgressDeadline). Once the + MaxFailures is breached, the rollout will stop. MaxFailures + is only considered for rollout types Progressive and + ProgressivePerGroup. For Progressive, this is considered + over the total number of clusters. For ProgressivePerGroup, + this is considered according to the size of the current + group. For both Progressive and ProgressivePerGroup, + the MaxFailures does not apply for MandatoryDecisionGroups, + which tolerate no failures. Default is that no failures + are tolerated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + minSuccessTime: + default: "0" + description: MinSuccessTime is a "soak" time. In other + words, the minimum amount of time the workload applier + controller will wait from the start of each rollout + before proceeding (assuming a successful state has been + reached and MaxFailures wasn't breached). MinSuccessTime + is only considered for rollout types Progressive and + ProgressivePerGroup. The default value is 0 meaning + the workload applier proceeds immediately after a successful + state is reached. MinSuccessTime must be defined in + [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s + type: string + progressDeadline: default: None - description: Timeout define how long workload applier - controller will wait till workload reach successful - state in the cluster. Timeout default value is None - meaning the workload applier will not proceed apply - workload to other clusters if did not reach the successful - state. Timeout must be defined in [0-9h]|[0-9m]|[0-9s] - format examples; 2h , 90m , 360s + description: ProgressDeadline defines how long workload + applier controller will wait for the workload to reach + a successful state in the cluster. If the workload does + not reach a successful state after ProgressDeadline, + will stop waiting and workload will be treated as "timeout" + and be counted into MaxFailures. Once the MaxFailures + is breached, the rollout will stop. ProgressDeadline + default value is "None", meaning the workload applier + will wait for a successful state indefinitely. ProgressDeadline + must be defined in [0-9h]|[0-9m]|[0-9s] format examples; + 2h , 90m , 360s pattern: ^(([0-9])+[h|m|s])|None$ type: string type: object progressive: - description: Progressive define required fields for RolloutStrategy + description: Progressive defines required fields for RolloutStrategy type Progressive properties: mandatoryDecisionGroups: @@ -414,20 +455,58 @@ spec: defined in the placement->DecisionStrategy. pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ x-kubernetes-int-or-string: true - timeout: + maxFailures: + anyOf: + - type: integer + - type: string + default: 0 + description: MaxFailures is a percentage or number of + clusters in the current rollout that can fail before + proceeding to the next rollout. Fail means the cluster + has a failed status or timeout status (does not reach + successful status after ProgressDeadline). Once the + MaxFailures is breached, the rollout will stop. MaxFailures + is only considered for rollout types Progressive and + ProgressivePerGroup. For Progressive, this is considered + over the total number of clusters. For ProgressivePerGroup, + this is considered according to the size of the current + group. For both Progressive and ProgressivePerGroup, + the MaxFailures does not apply for MandatoryDecisionGroups, + which tolerate no failures. Default is that no failures + are tolerated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + minSuccessTime: + default: "0" + description: MinSuccessTime is a "soak" time. In other + words, the minimum amount of time the workload applier + controller will wait from the start of each rollout + before proceeding (assuming a successful state has been + reached and MaxFailures wasn't breached). MinSuccessTime + is only considered for rollout types Progressive and + ProgressivePerGroup. The default value is 0 meaning + the workload applier proceeds immediately after a successful + state is reached. MinSuccessTime must be defined in + [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s + type: string + progressDeadline: default: None - description: Timeout define how long workload applier - controller will wait till workload reach successful - state in the cluster. Timeout default value is None - meaning the workload applier will not proceed apply - workload to other clusters if did not reach the successful - state. Timeout must be defined in [0-9h]|[0-9m]|[0-9s] - format examples; 2h , 90m , 360s + description: ProgressDeadline defines how long workload + applier controller will wait for the workload to reach + a successful state in the cluster. If the workload does + not reach a successful state after ProgressDeadline, + will stop waiting and workload will be treated as "timeout" + and be counted into MaxFailures. Once the MaxFailures + is breached, the rollout will stop. ProgressDeadline + default value is "None", meaning the workload applier + will wait for a successful state indefinitely. ProgressDeadline + must be defined in [0-9h]|[0-9m]|[0-9s] format examples; + 2h , 90m , 360s pattern: ^(([0-9])+[h|m|s])|None$ type: string type: object progressivePerGroup: - description: ProgressivePerGroup define required fields for + description: ProgressivePerGroup defines required fields for RolloutStrategy type ProgressivePerGroup properties: mandatoryDecisionGroups: @@ -454,31 +533,58 @@ spec: type: string type: object type: array - timeout: + maxFailures: + anyOf: + - type: integer + - type: string + default: 0 + description: MaxFailures is a percentage or number of + clusters in the current rollout that can fail before + proceeding to the next rollout. Fail means the cluster + has a failed status or timeout status (does not reach + successful status after ProgressDeadline). Once the + MaxFailures is breached, the rollout will stop. MaxFailures + is only considered for rollout types Progressive and + ProgressivePerGroup. For Progressive, this is considered + over the total number of clusters. For ProgressivePerGroup, + this is considered according to the size of the current + group. For both Progressive and ProgressivePerGroup, + the MaxFailures does not apply for MandatoryDecisionGroups, + which tolerate no failures. Default is that no failures + are tolerated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + minSuccessTime: + default: "0" + description: MinSuccessTime is a "soak" time. In other + words, the minimum amount of time the workload applier + controller will wait from the start of each rollout + before proceeding (assuming a successful state has been + reached and MaxFailures wasn't breached). MinSuccessTime + is only considered for rollout types Progressive and + ProgressivePerGroup. The default value is 0 meaning + the workload applier proceeds immediately after a successful + state is reached. MinSuccessTime must be defined in + [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s + type: string + progressDeadline: default: None - description: Timeout define how long workload applier - controller will wait till workload reach successful - state in the cluster. Timeout default value is None - meaning the workload applier will not proceed apply - workload to other clusters if did not reach the successful - state. Timeout must be defined in [0-9h]|[0-9m]|[0-9s] - format examples; 2h , 90m , 360s + description: ProgressDeadline defines how long workload + applier controller will wait for the workload to reach + a successful state in the cluster. If the workload does + not reach a successful state after ProgressDeadline, + will stop waiting and workload will be treated as "timeout" + and be counted into MaxFailures. Once the MaxFailures + is breached, the rollout will stop. ProgressDeadline + default value is "None", meaning the workload applier + will wait for a successful state indefinitely. ProgressDeadline + must be defined in [0-9h]|[0-9m]|[0-9s] format examples; + 2h , 90m , 360s pattern: ^(([0-9])+[h|m|s])|None$ type: string type: object type: default: All - description: Rollout strategy Types are All, Progressive and - ProgressivePerGroup 1) All means apply the workload to all - clusters in the decision groups at once. 2) Progressive - means apply the workload to the selected clusters progressively - per cluster. The workload will not be applied to the next - cluster unless one of the current applied clusters reach - the successful state or timeout. 3) ProgressivePerGroup - means apply the workload to decisionGroup clusters progressively - per group. The workload will not be applied to the next - decisionGroup unless all clusters in the current group reach - the successful state or timeout. enum: - All - Progressive