diff --git a/deploy/cluster_role.yaml b/deploy/cluster_role.yaml index b34bb62c43..2bbabbb3da 100644 --- a/deploy/cluster_role.yaml +++ b/deploy/cluster_role.yaml @@ -62,6 +62,23 @@ rules: - watch - patch - delete +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - get + - list + - watch + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -838,27 +855,30 @@ rules: - update - patch - apiGroups: - - subresources.kubevirt.io + - "" resources: - - virtualmachineinstances/pause - - virtualmachineinstances/unpause - - virtualmachineinstances/addvolume - - virtualmachineinstances/removevolume - - virtualmachineinstances/freeze - - virtualmachineinstances/unfreeze - - virtualmachineinstances/softreboot + - namespaces verbs: - - update - get + - list + - watch + - patch - apiGroups: - - "" + - flavor.kubevirt.io resources: - - namespaces + - virtualmachineflavors + - virtualmachineclusterflavors + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get + - delete + - create + - update + - patch - list - watch - - patch + - deletecollection - apiGroups: - "" resources: @@ -879,6 +899,12 @@ rules: - watch - patch - update +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get - apiGroups: - kubevirt.io resources: @@ -938,6 +964,7 @@ rules: resources: - virtualmachinesnapshots - virtualmachinerestores + - virtualmachinesnapshotcontents verbs: - get - list @@ -946,16 +973,20 @@ rules: - cdi.kubevirt.io resources: - datasources + - datavolumes verbs: - get - list - watch - apiGroups: - - flavor.kubevirt.io + - instancetype.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: + - get - list - watch - apiGroups: @@ -966,6 +997,14 @@ rules: - get - list - watch +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - list + - get - apiGroups: - "" resources: @@ -974,6 +1013,15 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - patch - apiGroups: - policy resources: @@ -991,6 +1039,7 @@ rules: - pods - configmaps - endpoints + - services verbs: - get - list @@ -998,6 +1047,7 @@ rules: - delete - update - create + - patch - apiGroups: - "" resources: @@ -1006,6 +1056,12 @@ rules: - update - create - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create - apiGroups: - "" resources: @@ -1049,6 +1105,8 @@ rules: - list - create - delete + - get + - update - apiGroups: - "" resources: @@ -1067,11 +1125,19 @@ rules: - '*' verbs: - '*' +- apiGroups: + - export.kubevirt.io + resources: + - '*' + verbs: + - '*' - apiGroups: - pool.kubevirt.io resources: - virtualmachinepools - virtualmachinepools/finalizers + - virtualmachinepools/status + - virtualmachinepools/scale verbs: - watch - list @@ -1152,11 +1218,14 @@ rules: - list - watch - apiGroups: - - flavor.kubevirt.io + - instancetype.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: + - get - list - watch - apiGroups: @@ -1167,12 +1236,56 @@ rules: - get - list - watch +- apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + - virtualmachineclones/status + - virtualmachineclones/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete - apiGroups: - "" resources: - namespaces verbs: - get +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - list + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - list + - get + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - get + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - get + - watch - apiGroups: - kubevirt.io resources: @@ -1237,10 +1350,36 @@ rules: - get - list - watch +- apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - list + - watch +- apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - kubevirt-export-ca + resources: + - configmaps + verbs: + - get + - list + - watch - apiGroups: - subresources.kubevirt.io resources: - version + - guestfs verbs: - get - list @@ -1249,6 +1388,8 @@ rules: resources: - virtualmachineinstances/console - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward - virtualmachineinstances/guestosinfo - virtualmachineinstances/filesystemlist - virtualmachineinstances/userlist @@ -1266,12 +1407,29 @@ rules: - virtualmachineinstances/softreboot verbs: - update +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get - apiGroups: - subresources.kubevirt.io resources: - virtualmachines/start - virtualmachines/stop - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update +- apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec verbs: - update - apiGroups: @@ -1307,10 +1465,38 @@ rules: - watch - deletecollection - apiGroups: - - flavor.kubevirt.io + - export.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection +- apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection +- apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get - delete @@ -1346,6 +1532,8 @@ rules: resources: - virtualmachineinstances/console - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward - virtualmachineinstances/guestosinfo - virtualmachineinstances/filesystemlist - virtualmachineinstances/userlist @@ -1363,12 +1551,29 @@ rules: - virtualmachineinstances/softreboot verbs: - update +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get - apiGroups: - subresources.kubevirt.io resources: - virtualmachines/start - virtualmachines/stop - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update +- apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec verbs: - update - apiGroups: @@ -1402,10 +1607,36 @@ rules: - list - watch - apiGroups: - - flavor.kubevirt.io + - export.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch +- apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch +- apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get - delete @@ -1444,11 +1675,18 @@ rules: - apiGroups: - subresources.kubevirt.io resources: + - virtualmachines/expand-spec - virtualmachineinstances/guestosinfo - virtualmachineinstances/filesystemlist - virtualmachineinstances/userlist verbs: - get +- apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update - apiGroups: - kubevirt.io resources: @@ -1472,10 +1710,28 @@ rules: - list - watch - apiGroups: - - flavor.kubevirt.io + - export.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineexports + verbs: + - get + - list + - watch +- apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - list + - watch +- apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get - list diff --git a/deploy/crds/kubevirt00.crd.yaml b/deploy/crds/kubevirt00.crd.yaml index fa8c15b6ea..bc25479052 100644 --- a/deploy/crds/kubevirt00.crd.yaml +++ b/deploy/crds/kubevirt00.crd.yaml @@ -90,6 +90,16 @@ spec: configuration: description: holds kubevirt configurations. same as the virt-configMap properties: + additionalGuestMemoryOverheadRatio: + description: AdditionalGuestMemoryOverheadRatio can be used to + increase the virtualization infrastructure overhead. This is + useful, since the calculation of this overhead is not accurate + and cannot be entirely known in advance. The ratio that is being + set determines by which factor to increase the overhead calculated + by Kubevirt. A higher ratio means that the VMs would be less + compromised by node pressures, but would mean that fewer VMs + could be scheduled to a node. If not set, the default is 1. + type: string apiConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -166,6 +176,15 @@ spec: description: DeveloperConfiguration holds developer options properties: cpuAllocationRatio: + description: 'For each requested virtual CPU, CPUAllocationRatio + defines how much physical CPU to request per VMI from the + hosting node. The value is in fraction of a CPU thread (or + core on non-hyperthreaded nodes). For example, a value of + 1 means 1 physical CPU thread per VMI CPU thread. A value + of 100 would be 1% of a physical thread allocated for each + requested VMI thread. This option has no effect on VMIs + that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10' type: integer diskVerification: description: DiskVerification holds container disks verification @@ -181,6 +200,8 @@ spec: - memoryLimit type: object featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none items: type: string type: array @@ -206,6 +227,13 @@ spec: type: integer type: object memoryOvercommit: + description: MemoryOvercommit is the percentage of memory + we want to give VMIs compared to the amount given to its + parent pod (virt-launcher). For example, a value of 102 + means the VMI will "see" 2% more memory than its parent + pod. Values under 100 are effectively "undercommits". Overcommits + can lead to memory exhaustion, which in turn can lead to + crashes. Use carefully. Defaults to 100 type: integer minimumClusterTSCFrequency: description: Allow overriding the automatically determined @@ -214,24 +242,38 @@ spec: format: int64 type: integer minimumReservePVCBytes: + description: MinimumReservePVCBytes is the amount of space, + in bytes, to leave unused on disks. Defaults to 131072 (128KiB) format: int64 type: integer nodeSelectors: additionalProperties: type: string + description: NodeSelectors allows restricting VMI creation + to nodes that match a set of labels. Defaults to none type: object pvcTolerateLessSpaceUpToPercent: + description: LessPVCSpaceToleration determines how much smaller, + in percentage, disk PVCs are allowed to be compared to the + requested size (to account for various overheads). Defaults + to 10 type: integer useEmulation: description: UseEmulation can be set to true to allow fallback to software emulation in case hardware-assisted emulation - is not available. + is not available. Defaults to false type: boolean type: object emulatedMachines: items: type: string type: array + evictionStrategy: + description: EvictionStrategy defines at the cluster level if + the VirtualMachineInstance should be migrated instead of shut-off + in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string handlerConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -270,21 +312,33 @@ spec: machineType: type: string mediatedDevicesConfiguration: - description: MediatedDevicesConfiguration holds inforamtion about + description: MediatedDevicesConfiguration holds information about MDEV types to be defined, if available properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array x-kubernetes-list-type: atomic nodeMediatedDeviceTypes: items: - description: NodeMediatedDeviceTypesConfig holds inforamtion + description: NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specifc node that matches the NodeSelector field. properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array @@ -298,7 +352,6 @@ spec: on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object required: - - mediatedDevicesTypes - nodeSelector type: object type: array @@ -308,37 +361,80 @@ spec: format: int32 type: integer migrations: - description: MigrationConfiguration holds migration options + description: MigrationConfiguration holds migration options. Can + be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ + for more information. properties: allowAutoConverge: + description: AllowAutoConverge allows the platform to compromise + performance/availability of VMIs to guarantee successful + VMI live migrations. Defaults to false type: boolean allowPostCopy: + description: AllowPostCopy enables post-copy live migrations. + Such migrations allow even the busiest VMIs to successfully + live-migrate. However, events like a network failure can + cause a VMI crash. If set to true, migrations will still + start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB + triggers. Defaults to false type: boolean bandwidthPerMigration: anyOf: - type: integer - type: string + description: BandwidthPerMigration limits the amount of network + bandwith live migrations are allowed to use. The value is + in quantity per second. Defaults to 0 (no limit) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true completionTimeoutPerGiB: + description: CompletionTimeoutPerGiB is the maximum number + of seconds per GiB a migration is allowed to take. If a + live-migration takes longer to migrate than this value multiplied + by the size of the VMI, the migration will be cancelled, + unless AllowPostCopy is true. Defaults to 800 format: int64 type: integer disableTLS: + description: When set to true, DisableTLS will disable the + additional layer of live migration encryption provided by + KubeVirt. This is usually a bad idea. Defaults to false type: boolean network: + description: Network is the name of the CNI network to use + for live migrations. By default, migrations go through the + pod network. type: string nodeDrainTaintKey: + description: 'NodeDrainTaintKey defines the taint key that + indicates a node should be drained. Note: this option relies + on the deprecated node taint feature. Default: kubevirt.io/drain' type: string parallelMigrationsPerCluster: + description: ParallelMigrationsPerCluster is the total number + of concurrent live migrations allowed cluster-wide. Defaults + to 5 format: int32 type: integer parallelOutboundMigrationsPerNode: + description: ParallelOutboundMigrationsPerNode is the maximum + number of concurrent outgoing live migrations allowed per + node. Defaults to 2 format: int32 type: integer progressTimeout: + description: ProgressTimeout is the maximum number of seconds + a live migration is allowed to make no progress. Hitting + this timeout means a migration transferred 0 data for that + many seconds. The migration is then considered stuck and + therefore cancelled. Defaults to 150 format: int64 type: integer unsafeMigrationOverride: + description: UnsafeMigrationOverride allows live migrations + to occur even if the compatibility check indicates the migration + will be unsafe to the guest. Defaults to false type: boolean type: object minCPUModel: @@ -360,7 +456,7 @@ spec: ovmfPath: type: string permittedHostDevices: - description: PermittedHostDevices holds inforamtion about devices + description: PermittedHostDevices holds information about devices allowed for passthrough properties: mediatedDevices: @@ -408,6 +504,25 @@ spec: type: array x-kubernetes-list-type: atomic type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object selinuxLauncherType: type: string smbios: @@ -428,6 +543,28 @@ spec: items: type: string type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: "MinTLSVersion is a way to specify the minimum + protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common + TLS configurations: \n https://ssl-config.mozilla.org/ + \n Note that SSLv3.0 is not a supported protocol version + due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object virtualMachineInstancesPerNode: type: integer webhookConfiguration: @@ -506,6 +643,20 @@ spec: imagePullPolicy: description: The ImagePullPolicy to use. type: string + imagePullSecrets: + description: The imagePullSecrets to pull the container images from + Defaults to none + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + x-kubernetes-list-type: atomic imageRegistry: description: The image registry to pull the container images from Defaults to the same registry the operator's container image is @@ -828,11 +979,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -934,10 +1152,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1039,11 +1320,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -1145,10 +1493,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1224,9 +1635,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object monitorAccount: @@ -1252,6 +1665,11 @@ spec: components. Useful if KubeVirt is included as part of a product. If ProductVersion is not specified, KubeVirt's version will be used. type: string + serviceMonitorNamespace: + description: The namespace the service monitor will be deployed When + ServiceMonitorNamespace is set, then we'll install the service monitor + object in that namespace otherwise we will use the monitoring namespace. + type: string uninstallStrategy: description: Specifies if kubevirt can be deleted if workloads are still present. This is mainly a precaution to avoid accidental data @@ -1597,33 +2015,100 @@ spec: ANDed. type: object type: object - namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 type: integer required: - podAffinityTerm @@ -1703,10 +2188,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1808,11 +2356,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -1914,10 +2529,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1993,9 +2671,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object type: object @@ -2069,6 +2749,9 @@ spec: type: string observedDeploymentID: type: string + observedGeneration: + format: int64 + type: integer observedKubeVirtRegistry: type: string observedKubeVirtVersion: @@ -2169,6 +2852,16 @@ spec: configuration: description: holds kubevirt configurations. same as the virt-configMap properties: + additionalGuestMemoryOverheadRatio: + description: AdditionalGuestMemoryOverheadRatio can be used to + increase the virtualization infrastructure overhead. This is + useful, since the calculation of this overhead is not accurate + and cannot be entirely known in advance. The ratio that is being + set determines by which factor to increase the overhead calculated + by Kubevirt. A higher ratio means that the VMs would be less + compromised by node pressures, but would mean that fewer VMs + could be scheduled to a node. If not set, the default is 1. + type: string apiConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -2245,6 +2938,15 @@ spec: description: DeveloperConfiguration holds developer options properties: cpuAllocationRatio: + description: 'For each requested virtual CPU, CPUAllocationRatio + defines how much physical CPU to request per VMI from the + hosting node. The value is in fraction of a CPU thread (or + core on non-hyperthreaded nodes). For example, a value of + 1 means 1 physical CPU thread per VMI CPU thread. A value + of 100 would be 1% of a physical thread allocated for each + requested VMI thread. This option has no effect on VMIs + that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10' type: integer diskVerification: description: DiskVerification holds container disks verification @@ -2260,6 +2962,8 @@ spec: - memoryLimit type: object featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none items: type: string type: array @@ -2285,6 +2989,13 @@ spec: type: integer type: object memoryOvercommit: + description: MemoryOvercommit is the percentage of memory + we want to give VMIs compared to the amount given to its + parent pod (virt-launcher). For example, a value of 102 + means the VMI will "see" 2% more memory than its parent + pod. Values under 100 are effectively "undercommits". Overcommits + can lead to memory exhaustion, which in turn can lead to + crashes. Use carefully. Defaults to 100 type: integer minimumClusterTSCFrequency: description: Allow overriding the automatically determined @@ -2293,24 +3004,38 @@ spec: format: int64 type: integer minimumReservePVCBytes: + description: MinimumReservePVCBytes is the amount of space, + in bytes, to leave unused on disks. Defaults to 131072 (128KiB) format: int64 type: integer nodeSelectors: additionalProperties: type: string + description: NodeSelectors allows restricting VMI creation + to nodes that match a set of labels. Defaults to none type: object pvcTolerateLessSpaceUpToPercent: + description: LessPVCSpaceToleration determines how much smaller, + in percentage, disk PVCs are allowed to be compared to the + requested size (to account for various overheads). Defaults + to 10 type: integer useEmulation: description: UseEmulation can be set to true to allow fallback to software emulation in case hardware-assisted emulation - is not available. + is not available. Defaults to false type: boolean type: object emulatedMachines: items: type: string type: array + evictionStrategy: + description: EvictionStrategy defines at the cluster level if + the VirtualMachineInstance should be migrated instead of shut-off + in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string handlerConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -2349,21 +3074,33 @@ spec: machineType: type: string mediatedDevicesConfiguration: - description: MediatedDevicesConfiguration holds inforamtion about + description: MediatedDevicesConfiguration holds information about MDEV types to be defined, if available properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array x-kubernetes-list-type: atomic nodeMediatedDeviceTypes: items: - description: NodeMediatedDeviceTypesConfig holds inforamtion + description: NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specifc node that matches the NodeSelector field. properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array @@ -2377,7 +3114,6 @@ spec: on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object required: - - mediatedDevicesTypes - nodeSelector type: object type: array @@ -2387,37 +3123,80 @@ spec: format: int32 type: integer migrations: - description: MigrationConfiguration holds migration options + description: MigrationConfiguration holds migration options. Can + be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ + for more information. properties: allowAutoConverge: + description: AllowAutoConverge allows the platform to compromise + performance/availability of VMIs to guarantee successful + VMI live migrations. Defaults to false type: boolean allowPostCopy: + description: AllowPostCopy enables post-copy live migrations. + Such migrations allow even the busiest VMIs to successfully + live-migrate. However, events like a network failure can + cause a VMI crash. If set to true, migrations will still + start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB + triggers. Defaults to false type: boolean bandwidthPerMigration: anyOf: - type: integer - type: string + description: BandwidthPerMigration limits the amount of network + bandwith live migrations are allowed to use. The value is + in quantity per second. Defaults to 0 (no limit) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true completionTimeoutPerGiB: + description: CompletionTimeoutPerGiB is the maximum number + of seconds per GiB a migration is allowed to take. If a + live-migration takes longer to migrate than this value multiplied + by the size of the VMI, the migration will be cancelled, + unless AllowPostCopy is true. Defaults to 800 format: int64 type: integer disableTLS: + description: When set to true, DisableTLS will disable the + additional layer of live migration encryption provided by + KubeVirt. This is usually a bad idea. Defaults to false type: boolean network: + description: Network is the name of the CNI network to use + for live migrations. By default, migrations go through the + pod network. type: string nodeDrainTaintKey: + description: 'NodeDrainTaintKey defines the taint key that + indicates a node should be drained. Note: this option relies + on the deprecated node taint feature. Default: kubevirt.io/drain' type: string parallelMigrationsPerCluster: + description: ParallelMigrationsPerCluster is the total number + of concurrent live migrations allowed cluster-wide. Defaults + to 5 format: int32 type: integer parallelOutboundMigrationsPerNode: + description: ParallelOutboundMigrationsPerNode is the maximum + number of concurrent outgoing live migrations allowed per + node. Defaults to 2 format: int32 type: integer progressTimeout: + description: ProgressTimeout is the maximum number of seconds + a live migration is allowed to make no progress. Hitting + this timeout means a migration transferred 0 data for that + many seconds. The migration is then considered stuck and + therefore cancelled. Defaults to 150 format: int64 type: integer unsafeMigrationOverride: + description: UnsafeMigrationOverride allows live migrations + to occur even if the compatibility check indicates the migration + will be unsafe to the guest. Defaults to false type: boolean type: object minCPUModel: @@ -2439,7 +3218,7 @@ spec: ovmfPath: type: string permittedHostDevices: - description: PermittedHostDevices holds inforamtion about devices + description: PermittedHostDevices holds information about devices allowed for passthrough properties: mediatedDevices: @@ -2487,6 +3266,25 @@ spec: type: array x-kubernetes-list-type: atomic type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object selinuxLauncherType: type: string smbios: @@ -2507,6 +3305,28 @@ spec: items: type: string type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: "MinTLSVersion is a way to specify the minimum + protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common + TLS configurations: \n https://ssl-config.mozilla.org/ + \n Note that SSLv3.0 is not a supported protocol version + due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object virtualMachineInstancesPerNode: type: integer webhookConfiguration: @@ -2585,6 +3405,20 @@ spec: imagePullPolicy: description: The ImagePullPolicy to use. type: string + imagePullSecrets: + description: The imagePullSecrets to pull the container images from + Defaults to none + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + x-kubernetes-list-type: atomic imageRegistry: description: The image registry to pull the container images from Defaults to the same registry the operator's container image is @@ -2907,11 +3741,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3013,10 +3914,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -3118,11 +4082,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3224,10 +4255,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -3303,9 +4397,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object monitorAccount: @@ -3331,6 +4427,11 @@ spec: components. Useful if KubeVirt is included as part of a product. If ProductVersion is not specified, KubeVirt's version will be used. type: string + serviceMonitorNamespace: + description: The namespace the service monitor will be deployed When + ServiceMonitorNamespace is set, then we'll install the service monitor + object in that namespace otherwise we will use the monitoring namespace. + type: string uninstallStrategy: description: Specifies if kubevirt can be deleted if workloads are still present. This is mainly a precaution to avoid accidental data @@ -3676,11 +4777,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3782,10 +4950,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -3887,11 +5118,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3993,10 +5291,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -4072,9 +5433,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object type: object @@ -4148,6 +5511,9 @@ spec: type: string observedDeploymentID: type: string + observedGeneration: + format: int64 + type: integer observedKubeVirtRegistry: type: string observedKubeVirtVersion: diff --git a/deploy/images.csv b/deploy/images.csv index 92a3e7e61a..33b35741e8 100644 --- a/deploy/images.csv +++ b/deploy/images.csv @@ -1,11 +1,11 @@ image_var,name,tag,digest -KUBEVIRT_OPERATOR_IMAGE,quay.io/kubevirt/virt-operator,KUBEVIRT_VERSION,df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 -KUBEVIRT_API_IMAGE,quay.io/kubevirt/virt-api,KUBEVIRT_VERSION,b06b273aa75d9cc39e282ea4401e8f2efb342ec553237a39c81f1b550b3b1cc9 -KUBEVIRT_CONTROLLER_IMAGE,quay.io/kubevirt/virt-controller,KUBEVIRT_VERSION,7f7832a9bc58f86b6056024cd883947bd3e277a6c2a8758baff6623635421807 -KUBEVIRT_LAUNCHER_IMAGE,quay.io/kubevirt/virt-launcher,KUBEVIRT_VERSION,a32c275197763387f089b14000c82a7eddce0f1770cf44d83784951b78dd8c94 -KUBEVIRT_HANDLER_IMAGE,quay.io/kubevirt/virt-handler,KUBEVIRT_VERSION,95138a19a335e5f0b2932217dea792b10f8976fa170b630d4a783fe5642dcee4 -KUBEVIRT_VIRTIO_IMAGE,quay.io/kubevirt/virtio-container-disk,KUBEVIRT_VERSION,77c448875247bf4dbeaa0b9b1b720c0f30bb8177628061c592ce7a68863a96c2 -KUBEVIRT_LIBGUESTFS_TOOLS_IMAGE,quay.io/kubevirt/libguestfs-tools,KUBEVIRT_VERSION,5b02b557b41fed00fad2bde1526c068e883c9ca56a48c087242a6f18e374d0dc +KUBEVIRT_OPERATOR_IMAGE,quay.io/kubevirt/virt-operator,KUBEVIRT_VERSION,5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 +KUBEVIRT_API_IMAGE,quay.io/kubevirt/virt-api,KUBEVIRT_VERSION,2bb3e1227651779f1222ce3b9fbd701226450875ad1f985c098b90b76ea9819b +KUBEVIRT_CONTROLLER_IMAGE,quay.io/kubevirt/virt-controller,KUBEVIRT_VERSION,37d65a4d4e49ae83a631f052dfcc69a47fd044302be9b7e7a4309513bc9efefd +KUBEVIRT_LAUNCHER_IMAGE,quay.io/kubevirt/virt-launcher,KUBEVIRT_VERSION,c510629d04bab4cb621e9f2ccd2503f02a7051a0128a1f17e4faa34eacef8430 +KUBEVIRT_HANDLER_IMAGE,quay.io/kubevirt/virt-handler,KUBEVIRT_VERSION,26734e9d4c41a11919661543c3d0c5a9cbd920eec6e8fa2f75426aee4c131e8b +KUBEVIRT_VIRTIO_IMAGE,quay.io/kubevirt/virtio-container-disk,KUBEVIRT_VERSION,5b99c78ed831401048e72d72f9ec805710ee7625131fd9ad277b38ab1e67cfb9 +KUBEVIRT_LIBGUESTFS_TOOLS_IMAGE,quay.io/kubevirt/libguestfs-tools,KUBEVIRT_VERSION,149b1def5f2f3c629b514c3168aad68b6888c328c27f9f014e2a5303ddd29ff4 CNA_OPERATOR_IMAGE,quay.io/kubevirt/cluster-network-addons-operator,NETWORK_ADDONS_VERSION,4af5d90145d682946accbd96cfdeaa16327493b17cad97dbefeb0cca10e30fcb SSP_OPERATOR_IMAGE,quay.io/kubevirt/ssp-operator,SSP_VERSION,522549d048596366f5dc3aa1f454b2e82e892bf9a38b87431b67a79602de715f CDI_OPERATOR_IMAGE,quay.io/kubevirt/cdi-operator,CDI_VERSION,2ccb71d52a3a67d0b1bf0a1b9b824b67d4bf38cdce9cb1fb5358a80779cdf161 diff --git a/deploy/images.env b/deploy/images.env index bb322e7f82..4222d8ab20 100755 --- a/deploy/images.env +++ b/deploy/images.env @@ -1,10 +1,10 @@ -KUBEVIRT_OPERATOR_IMAGE=quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 -KUBEVIRT_API_IMAGE=quay.io/kubevirt/virt-api@sha256:b06b273aa75d9cc39e282ea4401e8f2efb342ec553237a39c81f1b550b3b1cc9 -KUBEVIRT_CONTROLLER_IMAGE=quay.io/kubevirt/virt-controller@sha256:7f7832a9bc58f86b6056024cd883947bd3e277a6c2a8758baff6623635421807 -KUBEVIRT_LAUNCHER_IMAGE=quay.io/kubevirt/virt-launcher@sha256:a32c275197763387f089b14000c82a7eddce0f1770cf44d83784951b78dd8c94 -KUBEVIRT_HANDLER_IMAGE=quay.io/kubevirt/virt-handler@sha256:95138a19a335e5f0b2932217dea792b10f8976fa170b630d4a783fe5642dcee4 -KUBEVIRT_VIRTIO_IMAGE=quay.io/kubevirt/virtio-container-disk@sha256:77c448875247bf4dbeaa0b9b1b720c0f30bb8177628061c592ce7a68863a96c2 -KUBEVIRT_LIBGUESTFS_TOOLS_IMAGE=quay.io/kubevirt/libguestfs-tools@sha256:5b02b557b41fed00fad2bde1526c068e883c9ca56a48c087242a6f18e374d0dc +KUBEVIRT_OPERATOR_IMAGE=quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 +KUBEVIRT_API_IMAGE=quay.io/kubevirt/virt-api@sha256:2bb3e1227651779f1222ce3b9fbd701226450875ad1f985c098b90b76ea9819b +KUBEVIRT_CONTROLLER_IMAGE=quay.io/kubevirt/virt-controller@sha256:37d65a4d4e49ae83a631f052dfcc69a47fd044302be9b7e7a4309513bc9efefd +KUBEVIRT_LAUNCHER_IMAGE=quay.io/kubevirt/virt-launcher@sha256:c510629d04bab4cb621e9f2ccd2503f02a7051a0128a1f17e4faa34eacef8430 +KUBEVIRT_HANDLER_IMAGE=quay.io/kubevirt/virt-handler@sha256:26734e9d4c41a11919661543c3d0c5a9cbd920eec6e8fa2f75426aee4c131e8b +KUBEVIRT_VIRTIO_IMAGE=quay.io/kubevirt/virtio-container-disk@sha256:5b99c78ed831401048e72d72f9ec805710ee7625131fd9ad277b38ab1e67cfb9 +KUBEVIRT_LIBGUESTFS_TOOLS_IMAGE=quay.io/kubevirt/libguestfs-tools@sha256:149b1def5f2f3c629b514c3168aad68b6888c328c27f9f014e2a5303ddd29ff4 CNA_OPERATOR_IMAGE=quay.io/kubevirt/cluster-network-addons-operator@sha256:4af5d90145d682946accbd96cfdeaa16327493b17cad97dbefeb0cca10e30fcb SSP_OPERATOR_IMAGE=quay.io/kubevirt/ssp-operator@sha256:522549d048596366f5dc3aa1f454b2e82e892bf9a38b87431b67a79602de715f CDI_OPERATOR_IMAGE=quay.io/kubevirt/cdi-operator@sha256:2ccb71d52a3a67d0b1bf0a1b9b824b67d4bf38cdce9cb1fb5358a80779cdf161 @@ -22,13 +22,13 @@ NODE_DRIVER_REG_IMAGE=k8s.gcr.io/sig-storage/csi-node-driver-registrar@sha256:2d LIVENESS_PROBE_IMAGE=k8s.gcr.io/sig-storage/livenessprobe@sha256:1b7c978a792a8fa4e96244e8059bd71bb49b07e2e5a897fb0c867bdc6db20d5d CSI_SNAPSHOT_IMAGE=k8s.gcr.io/sig-storage/csi-snapshotter@sha256:818f35653f2e214db81d655063e81995de9073328a3430498624c140881026a3 CSI_SIG_STORAGE_PROVISIONER_IMAGE=k8s.gcr.io/sig-storage/csi-provisioner@sha256:4e74c0492bceddc598de1c90cc5bc14dcda94cb49fa9c5bad9d117c4834b5e08 -DIGEST_LIST="quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virt-api@sha256:b06b273aa75d9cc39e282ea4401e8f2efb342ec553237a39c81f1b550b3b1cc9" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virt-controller@sha256:7f7832a9bc58f86b6056024cd883947bd3e277a6c2a8758baff6623635421807" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virt-launcher@sha256:a32c275197763387f089b14000c82a7eddce0f1770cf44d83784951b78dd8c94" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virt-handler@sha256:95138a19a335e5f0b2932217dea792b10f8976fa170b630d4a783fe5642dcee4" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virtio-container-disk@sha256:77c448875247bf4dbeaa0b9b1b720c0f30bb8177628061c592ce7a68863a96c2" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/libguestfs-tools@sha256:5b02b557b41fed00fad2bde1526c068e883c9ca56a48c087242a6f18e374d0dc" +DIGEST_LIST="quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virt-api@sha256:2bb3e1227651779f1222ce3b9fbd701226450875ad1f985c098b90b76ea9819b" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virt-controller@sha256:37d65a4d4e49ae83a631f052dfcc69a47fd044302be9b7e7a4309513bc9efefd" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virt-launcher@sha256:c510629d04bab4cb621e9f2ccd2503f02a7051a0128a1f17e4faa34eacef8430" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virt-handler@sha256:26734e9d4c41a11919661543c3d0c5a9cbd920eec6e8fa2f75426aee4c131e8b" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virtio-container-disk@sha256:5b99c78ed831401048e72d72f9ec805710ee7625131fd9ad277b38ab1e67cfb9" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/libguestfs-tools@sha256:149b1def5f2f3c629b514c3168aad68b6888c328c27f9f014e2a5303ddd29ff4" DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cluster-network-addons-operator@sha256:4af5d90145d682946accbd96cfdeaa16327493b17cad97dbefeb0cca10e30fcb" DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/ssp-operator@sha256:522549d048596366f5dc3aa1f454b2e82e892bf9a38b87431b67a79602de715f" DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-operator@sha256:2ccb71d52a3a67d0b1bf0a1b9b824b67d4bf38cdce9cb1fb5358a80779cdf161" diff --git a/deploy/index-image/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt-hyperconverged-operator.v1.6.0.clusterserviceversion.yaml b/deploy/index-image/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt-hyperconverged-operator.v1.6.0.clusterserviceversion.yaml index e388b41e70..a9ff74cd71 100644 --- a/deploy/index-image/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt-hyperconverged-operator.v1.6.0.clusterserviceversion.yaml +++ b/deploy/index-image/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt-hyperconverged-operator.v1.6.0.clusterserviceversion.yaml @@ -661,27 +661,30 @@ spec: - update - patch - apiGroups: - - subresources.kubevirt.io + - "" resources: - - virtualmachineinstances/pause - - virtualmachineinstances/unpause - - virtualmachineinstances/addvolume - - virtualmachineinstances/removevolume - - virtualmachineinstances/freeze - - virtualmachineinstances/unfreeze - - virtualmachineinstances/softreboot + - namespaces verbs: - - update - get + - list + - watch + - patch - apiGroups: - - "" + - flavor.kubevirt.io resources: - - namespaces + - virtualmachineflavors + - virtualmachineclusterflavors + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get + - delete + - create + - update + - patch - list - watch - - patch + - deletecollection - apiGroups: - "" resources: @@ -702,6 +705,12 @@ spec: - watch - patch - update + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get - apiGroups: - kubevirt.io resources: @@ -761,6 +770,7 @@ spec: resources: - virtualmachinesnapshots - virtualmachinerestores + - virtualmachinesnapshotcontents verbs: - get - list @@ -769,16 +779,20 @@ spec: - cdi.kubevirt.io resources: - datasources + - datavolumes verbs: - get - list - watch - apiGroups: - - flavor.kubevirt.io + - instancetype.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: + - get - list - watch - apiGroups: @@ -789,6 +803,14 @@ spec: - get - list - watch + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - list + - get - apiGroups: - "" resources: @@ -797,6 +819,15 @@ spec: - get - list - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - patch - apiGroups: - policy resources: @@ -814,6 +845,7 @@ spec: - pods - configmaps - endpoints + - services verbs: - get - list @@ -821,6 +853,7 @@ spec: - delete - update - create + - patch - apiGroups: - "" resources: @@ -829,6 +862,12 @@ spec: - update - create - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create - apiGroups: - "" resources: @@ -872,6 +911,8 @@ spec: - list - create - delete + - get + - update - apiGroups: - "" resources: @@ -890,11 +931,19 @@ spec: - '*' verbs: - '*' + - apiGroups: + - export.kubevirt.io + resources: + - '*' + verbs: + - '*' - apiGroups: - pool.kubevirt.io resources: - virtualmachinepools - virtualmachinepools/finalizers + - virtualmachinepools/status + - virtualmachinepools/scale verbs: - watch - list @@ -975,11 +1024,14 @@ spec: - list - watch - apiGroups: - - flavor.kubevirt.io + - instancetype.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: + - get - list - watch - apiGroups: @@ -990,12 +1042,56 @@ spec: - get - list - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + - virtualmachineclones/status + - virtualmachineclones/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete - apiGroups: - "" resources: - namespaces verbs: - get + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - list + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - list + - get + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - get + - watch - apiGroups: - kubevirt.io resources: @@ -1060,10 +1156,36 @@ spec: - get - list - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - kubevirt-export-ca + resources: + - configmaps + verbs: + - get + - list + - watch - apiGroups: - subresources.kubevirt.io resources: - version + - guestfs verbs: - get - list @@ -1072,6 +1194,8 @@ spec: resources: - virtualmachineinstances/console - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward - virtualmachineinstances/guestosinfo - virtualmachineinstances/filesystemlist - virtualmachineinstances/userlist @@ -1089,12 +1213,29 @@ spec: - virtualmachineinstances/softreboot verbs: - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get - apiGroups: - subresources.kubevirt.io resources: - virtualmachines/start - virtualmachines/stop - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec verbs: - update - apiGroups: @@ -1130,10 +1271,38 @@ spec: - watch - deletecollection - apiGroups: - - flavor.kubevirt.io + - export.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get - delete @@ -1169,6 +1338,8 @@ spec: resources: - virtualmachineinstances/console - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward - virtualmachineinstances/guestosinfo - virtualmachineinstances/filesystemlist - virtualmachineinstances/userlist @@ -1186,12 +1357,29 @@ spec: - virtualmachineinstances/softreboot verbs: - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get - apiGroups: - subresources.kubevirt.io resources: - virtualmachines/start - virtualmachines/stop - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec verbs: - update - apiGroups: @@ -1225,10 +1413,36 @@ spec: - list - watch - apiGroups: - - flavor.kubevirt.io + - export.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get - delete @@ -1267,11 +1481,18 @@ spec: - apiGroups: - subresources.kubevirt.io resources: + - virtualmachines/expand-spec - virtualmachineinstances/guestosinfo - virtualmachineinstances/filesystemlist - virtualmachineinstances/userlist verbs: - get + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update - apiGroups: - kubevirt.io resources: @@ -1295,10 +1516,28 @@ spec: - list - watch - apiGroups: - - flavor.kubevirt.io + - export.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get - list @@ -2230,7 +2469,7 @@ spec: fieldPath: metadata.name - name: WATCH_NAMESPACE - name: VIRTIOWIN_CONTAINER - value: quay.io/kubevirt/virtio-container-disk@sha256:77c448875247bf4dbeaa0b9b1b720c0f30bb8177628061c592ce7a68863a96c2 + value: quay.io/kubevirt/virtio-container-disk@sha256:5b99c78ed831401048e72d72f9ec805710ee7625131fd9ad277b38ab1e67cfb9 - name: SMBIOS value: |- Family: KubeVirt @@ -2240,7 +2479,7 @@ spec: - name: HCO_KV_IO_VERSION value: 1.6.0 - name: KUBEVIRT_VERSION - value: v0.49.0 + value: v0.59.2 - name: CDI_VERSION value: v1.43.2 - name: NETWORK_ADDONS_VERSION @@ -2482,6 +2721,7 @@ spec: app.kubernetes.io/part-of: hyperconverged-cluster app.kubernetes.io/version: 1.6.0 kubevirt.io: virt-operator + name: virt-operator prometheus.kubevirt.io: "true" name: virt-operator spec: @@ -2498,32 +2738,33 @@ spec: topologyKey: kubernetes.io/hostname weight: 1 containers: - - command: - - virt-operator + - args: - --port - "8443" - -v - "2" + command: + - virt-operator env: - - name: OPERATOR_IMAGE - value: quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 + - name: VIRT_OPERATOR_IMAGE + value: quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - - name: KUBEVIRT_VERSION - value: v0.49.0 - name: VIRT_API_SHASUM - value: sha256:b06b273aa75d9cc39e282ea4401e8f2efb342ec553237a39c81f1b550b3b1cc9 + value: sha256:2bb3e1227651779f1222ce3b9fbd701226450875ad1f985c098b90b76ea9819b - name: VIRT_CONTROLLER_SHASUM - value: sha256:7f7832a9bc58f86b6056024cd883947bd3e277a6c2a8758baff6623635421807 + value: sha256:37d65a4d4e49ae83a631f052dfcc69a47fd044302be9b7e7a4309513bc9efefd - name: VIRT_HANDLER_SHASUM - value: sha256:95138a19a335e5f0b2932217dea792b10f8976fa170b630d4a783fe5642dcee4 + value: sha256:26734e9d4c41a11919661543c3d0c5a9cbd920eec6e8fa2f75426aee4c131e8b - name: VIRT_LAUNCHER_SHASUM - value: sha256:a32c275197763387f089b14000c82a7eddce0f1770cf44d83784951b78dd8c94 + value: sha256:c510629d04bab4cb621e9f2ccd2503f02a7051a0128a1f17e4faa34eacef8430 - name: GS_SHASUM - value: sha256:5b02b557b41fed00fad2bde1526c068e883c9ca56a48c087242a6f18e374d0dc - image: quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 + value: sha256:149b1def5f2f3c629b514c3168aad68b6888c328c27f9f014e2a5303ddd29ff4 + - name: KUBEVIRT_VERSION + value: v0.59.2 + image: quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 imagePullPolicy: IfNotPresent name: virt-operator ports: @@ -2543,16 +2784,27 @@ spec: resources: requests: cpu: 10m - memory: 150Mi + memory: 450Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/virt-operator/certificates name: kubevirt-operator-certs readOnly: true - mountPath: /profile-data name: profile-data + nodeSelector: + kubernetes.io/os: linux priorityClassName: kubevirt-cluster-critical securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: kubevirt-operator tolerations: - key: CriticalAddonsOnly @@ -2900,6 +3152,23 @@ spec: - watch - patch - delete + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create serviceAccountName: kubevirt-operator - rules: - apiGroups: @@ -3227,7 +3496,7 @@ spec: name: kubemacpool - image: quay.io/nmstate/kubernetes-nmstate-handler@sha256:d2ebaf60ba602bfd5e063ba271c766d41091f455b0f29d1ba1c626856146f8fa name: kubernetes-nmstate-handler - - image: quay.io/kubevirt/libguestfs-tools@sha256:5b02b557b41fed00fad2bde1526c068e883c9ca56a48c087242a6f18e374d0dc + - image: quay.io/kubevirt/libguestfs-tools@sha256:149b1def5f2f3c629b514c3168aad68b6888c328c27f9f014e2a5303ddd29ff4 name: libguestfs-tools - image: k8s.gcr.io/sig-storage/livenessprobe@sha256:1b7c978a792a8fa4e96244e8059bd71bb49b07e2e5a897fb0c867bdc6db20d5d name: livenessprobe @@ -3241,17 +3510,17 @@ spec: name: ovs-cni-plugin - image: quay.io/kubevirt/ssp-operator@sha256:522549d048596366f5dc3aa1f454b2e82e892bf9a38b87431b67a79602de715f name: ssp-operator - - image: quay.io/kubevirt/virt-api@sha256:b06b273aa75d9cc39e282ea4401e8f2efb342ec553237a39c81f1b550b3b1cc9 + - image: quay.io/kubevirt/virt-api@sha256:2bb3e1227651779f1222ce3b9fbd701226450875ad1f985c098b90b76ea9819b name: virt-api - - image: quay.io/kubevirt/virt-controller@sha256:7f7832a9bc58f86b6056024cd883947bd3e277a6c2a8758baff6623635421807 + - image: quay.io/kubevirt/virt-controller@sha256:37d65a4d4e49ae83a631f052dfcc69a47fd044302be9b7e7a4309513bc9efefd name: virt-controller - - image: quay.io/kubevirt/virt-handler@sha256:95138a19a335e5f0b2932217dea792b10f8976fa170b630d4a783fe5642dcee4 + - image: quay.io/kubevirt/virt-handler@sha256:26734e9d4c41a11919661543c3d0c5a9cbd920eec6e8fa2f75426aee4c131e8b name: virt-handler - - image: quay.io/kubevirt/virt-launcher@sha256:a32c275197763387f089b14000c82a7eddce0f1770cf44d83784951b78dd8c94 + - image: quay.io/kubevirt/virt-launcher@sha256:c510629d04bab4cb621e9f2ccd2503f02a7051a0128a1f17e4faa34eacef8430 name: virt-launcher - - image: quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 + - image: quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 name: virt-operator - - image: quay.io/kubevirt/virtio-container-disk@sha256:77c448875247bf4dbeaa0b9b1b720c0f30bb8177628061c592ce7a68863a96c2 + - image: quay.io/kubevirt/virtio-container-disk@sha256:5b99c78ed831401048e72d72f9ec805710ee7625131fd9ad277b38ab1e67cfb9 name: virtio-container-disk replaces: kubevirt-hyperconverged-operator.v1.5.0 selector: diff --git a/deploy/index-image/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt00.crd.yaml b/deploy/index-image/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt00.crd.yaml index fa8c15b6ea..bc25479052 100644 --- a/deploy/index-image/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt00.crd.yaml +++ b/deploy/index-image/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt00.crd.yaml @@ -90,6 +90,16 @@ spec: configuration: description: holds kubevirt configurations. same as the virt-configMap properties: + additionalGuestMemoryOverheadRatio: + description: AdditionalGuestMemoryOverheadRatio can be used to + increase the virtualization infrastructure overhead. This is + useful, since the calculation of this overhead is not accurate + and cannot be entirely known in advance. The ratio that is being + set determines by which factor to increase the overhead calculated + by Kubevirt. A higher ratio means that the VMs would be less + compromised by node pressures, but would mean that fewer VMs + could be scheduled to a node. If not set, the default is 1. + type: string apiConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -166,6 +176,15 @@ spec: description: DeveloperConfiguration holds developer options properties: cpuAllocationRatio: + description: 'For each requested virtual CPU, CPUAllocationRatio + defines how much physical CPU to request per VMI from the + hosting node. The value is in fraction of a CPU thread (or + core on non-hyperthreaded nodes). For example, a value of + 1 means 1 physical CPU thread per VMI CPU thread. A value + of 100 would be 1% of a physical thread allocated for each + requested VMI thread. This option has no effect on VMIs + that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10' type: integer diskVerification: description: DiskVerification holds container disks verification @@ -181,6 +200,8 @@ spec: - memoryLimit type: object featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none items: type: string type: array @@ -206,6 +227,13 @@ spec: type: integer type: object memoryOvercommit: + description: MemoryOvercommit is the percentage of memory + we want to give VMIs compared to the amount given to its + parent pod (virt-launcher). For example, a value of 102 + means the VMI will "see" 2% more memory than its parent + pod. Values under 100 are effectively "undercommits". Overcommits + can lead to memory exhaustion, which in turn can lead to + crashes. Use carefully. Defaults to 100 type: integer minimumClusterTSCFrequency: description: Allow overriding the automatically determined @@ -214,24 +242,38 @@ spec: format: int64 type: integer minimumReservePVCBytes: + description: MinimumReservePVCBytes is the amount of space, + in bytes, to leave unused on disks. Defaults to 131072 (128KiB) format: int64 type: integer nodeSelectors: additionalProperties: type: string + description: NodeSelectors allows restricting VMI creation + to nodes that match a set of labels. Defaults to none type: object pvcTolerateLessSpaceUpToPercent: + description: LessPVCSpaceToleration determines how much smaller, + in percentage, disk PVCs are allowed to be compared to the + requested size (to account for various overheads). Defaults + to 10 type: integer useEmulation: description: UseEmulation can be set to true to allow fallback to software emulation in case hardware-assisted emulation - is not available. + is not available. Defaults to false type: boolean type: object emulatedMachines: items: type: string type: array + evictionStrategy: + description: EvictionStrategy defines at the cluster level if + the VirtualMachineInstance should be migrated instead of shut-off + in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string handlerConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -270,21 +312,33 @@ spec: machineType: type: string mediatedDevicesConfiguration: - description: MediatedDevicesConfiguration holds inforamtion about + description: MediatedDevicesConfiguration holds information about MDEV types to be defined, if available properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array x-kubernetes-list-type: atomic nodeMediatedDeviceTypes: items: - description: NodeMediatedDeviceTypesConfig holds inforamtion + description: NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specifc node that matches the NodeSelector field. properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array @@ -298,7 +352,6 @@ spec: on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object required: - - mediatedDevicesTypes - nodeSelector type: object type: array @@ -308,37 +361,80 @@ spec: format: int32 type: integer migrations: - description: MigrationConfiguration holds migration options + description: MigrationConfiguration holds migration options. Can + be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ + for more information. properties: allowAutoConverge: + description: AllowAutoConverge allows the platform to compromise + performance/availability of VMIs to guarantee successful + VMI live migrations. Defaults to false type: boolean allowPostCopy: + description: AllowPostCopy enables post-copy live migrations. + Such migrations allow even the busiest VMIs to successfully + live-migrate. However, events like a network failure can + cause a VMI crash. If set to true, migrations will still + start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB + triggers. Defaults to false type: boolean bandwidthPerMigration: anyOf: - type: integer - type: string + description: BandwidthPerMigration limits the amount of network + bandwith live migrations are allowed to use. The value is + in quantity per second. Defaults to 0 (no limit) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true completionTimeoutPerGiB: + description: CompletionTimeoutPerGiB is the maximum number + of seconds per GiB a migration is allowed to take. If a + live-migration takes longer to migrate than this value multiplied + by the size of the VMI, the migration will be cancelled, + unless AllowPostCopy is true. Defaults to 800 format: int64 type: integer disableTLS: + description: When set to true, DisableTLS will disable the + additional layer of live migration encryption provided by + KubeVirt. This is usually a bad idea. Defaults to false type: boolean network: + description: Network is the name of the CNI network to use + for live migrations. By default, migrations go through the + pod network. type: string nodeDrainTaintKey: + description: 'NodeDrainTaintKey defines the taint key that + indicates a node should be drained. Note: this option relies + on the deprecated node taint feature. Default: kubevirt.io/drain' type: string parallelMigrationsPerCluster: + description: ParallelMigrationsPerCluster is the total number + of concurrent live migrations allowed cluster-wide. Defaults + to 5 format: int32 type: integer parallelOutboundMigrationsPerNode: + description: ParallelOutboundMigrationsPerNode is the maximum + number of concurrent outgoing live migrations allowed per + node. Defaults to 2 format: int32 type: integer progressTimeout: + description: ProgressTimeout is the maximum number of seconds + a live migration is allowed to make no progress. Hitting + this timeout means a migration transferred 0 data for that + many seconds. The migration is then considered stuck and + therefore cancelled. Defaults to 150 format: int64 type: integer unsafeMigrationOverride: + description: UnsafeMigrationOverride allows live migrations + to occur even if the compatibility check indicates the migration + will be unsafe to the guest. Defaults to false type: boolean type: object minCPUModel: @@ -360,7 +456,7 @@ spec: ovmfPath: type: string permittedHostDevices: - description: PermittedHostDevices holds inforamtion about devices + description: PermittedHostDevices holds information about devices allowed for passthrough properties: mediatedDevices: @@ -408,6 +504,25 @@ spec: type: array x-kubernetes-list-type: atomic type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object selinuxLauncherType: type: string smbios: @@ -428,6 +543,28 @@ spec: items: type: string type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: "MinTLSVersion is a way to specify the minimum + protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common + TLS configurations: \n https://ssl-config.mozilla.org/ + \n Note that SSLv3.0 is not a supported protocol version + due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object virtualMachineInstancesPerNode: type: integer webhookConfiguration: @@ -506,6 +643,20 @@ spec: imagePullPolicy: description: The ImagePullPolicy to use. type: string + imagePullSecrets: + description: The imagePullSecrets to pull the container images from + Defaults to none + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + x-kubernetes-list-type: atomic imageRegistry: description: The image registry to pull the container images from Defaults to the same registry the operator's container image is @@ -828,11 +979,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -934,10 +1152,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1039,11 +1320,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -1145,10 +1493,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1224,9 +1635,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object monitorAccount: @@ -1252,6 +1665,11 @@ spec: components. Useful if KubeVirt is included as part of a product. If ProductVersion is not specified, KubeVirt's version will be used. type: string + serviceMonitorNamespace: + description: The namespace the service monitor will be deployed When + ServiceMonitorNamespace is set, then we'll install the service monitor + object in that namespace otherwise we will use the monitoring namespace. + type: string uninstallStrategy: description: Specifies if kubevirt can be deleted if workloads are still present. This is mainly a precaution to avoid accidental data @@ -1597,33 +2015,100 @@ spec: ANDed. type: object type: object - namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 type: integer required: - podAffinityTerm @@ -1703,10 +2188,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1808,11 +2356,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -1914,10 +2529,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1993,9 +2671,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object type: object @@ -2069,6 +2749,9 @@ spec: type: string observedDeploymentID: type: string + observedGeneration: + format: int64 + type: integer observedKubeVirtRegistry: type: string observedKubeVirtVersion: @@ -2169,6 +2852,16 @@ spec: configuration: description: holds kubevirt configurations. same as the virt-configMap properties: + additionalGuestMemoryOverheadRatio: + description: AdditionalGuestMemoryOverheadRatio can be used to + increase the virtualization infrastructure overhead. This is + useful, since the calculation of this overhead is not accurate + and cannot be entirely known in advance. The ratio that is being + set determines by which factor to increase the overhead calculated + by Kubevirt. A higher ratio means that the VMs would be less + compromised by node pressures, but would mean that fewer VMs + could be scheduled to a node. If not set, the default is 1. + type: string apiConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -2245,6 +2938,15 @@ spec: description: DeveloperConfiguration holds developer options properties: cpuAllocationRatio: + description: 'For each requested virtual CPU, CPUAllocationRatio + defines how much physical CPU to request per VMI from the + hosting node. The value is in fraction of a CPU thread (or + core on non-hyperthreaded nodes). For example, a value of + 1 means 1 physical CPU thread per VMI CPU thread. A value + of 100 would be 1% of a physical thread allocated for each + requested VMI thread. This option has no effect on VMIs + that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10' type: integer diskVerification: description: DiskVerification holds container disks verification @@ -2260,6 +2962,8 @@ spec: - memoryLimit type: object featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none items: type: string type: array @@ -2285,6 +2989,13 @@ spec: type: integer type: object memoryOvercommit: + description: MemoryOvercommit is the percentage of memory + we want to give VMIs compared to the amount given to its + parent pod (virt-launcher). For example, a value of 102 + means the VMI will "see" 2% more memory than its parent + pod. Values under 100 are effectively "undercommits". Overcommits + can lead to memory exhaustion, which in turn can lead to + crashes. Use carefully. Defaults to 100 type: integer minimumClusterTSCFrequency: description: Allow overriding the automatically determined @@ -2293,24 +3004,38 @@ spec: format: int64 type: integer minimumReservePVCBytes: + description: MinimumReservePVCBytes is the amount of space, + in bytes, to leave unused on disks. Defaults to 131072 (128KiB) format: int64 type: integer nodeSelectors: additionalProperties: type: string + description: NodeSelectors allows restricting VMI creation + to nodes that match a set of labels. Defaults to none type: object pvcTolerateLessSpaceUpToPercent: + description: LessPVCSpaceToleration determines how much smaller, + in percentage, disk PVCs are allowed to be compared to the + requested size (to account for various overheads). Defaults + to 10 type: integer useEmulation: description: UseEmulation can be set to true to allow fallback to software emulation in case hardware-assisted emulation - is not available. + is not available. Defaults to false type: boolean type: object emulatedMachines: items: type: string type: array + evictionStrategy: + description: EvictionStrategy defines at the cluster level if + the VirtualMachineInstance should be migrated instead of shut-off + in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string handlerConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -2349,21 +3074,33 @@ spec: machineType: type: string mediatedDevicesConfiguration: - description: MediatedDevicesConfiguration holds inforamtion about + description: MediatedDevicesConfiguration holds information about MDEV types to be defined, if available properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array x-kubernetes-list-type: atomic nodeMediatedDeviceTypes: items: - description: NodeMediatedDeviceTypesConfig holds inforamtion + description: NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specifc node that matches the NodeSelector field. properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array @@ -2377,7 +3114,6 @@ spec: on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object required: - - mediatedDevicesTypes - nodeSelector type: object type: array @@ -2387,37 +3123,80 @@ spec: format: int32 type: integer migrations: - description: MigrationConfiguration holds migration options + description: MigrationConfiguration holds migration options. Can + be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ + for more information. properties: allowAutoConverge: + description: AllowAutoConverge allows the platform to compromise + performance/availability of VMIs to guarantee successful + VMI live migrations. Defaults to false type: boolean allowPostCopy: + description: AllowPostCopy enables post-copy live migrations. + Such migrations allow even the busiest VMIs to successfully + live-migrate. However, events like a network failure can + cause a VMI crash. If set to true, migrations will still + start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB + triggers. Defaults to false type: boolean bandwidthPerMigration: anyOf: - type: integer - type: string + description: BandwidthPerMigration limits the amount of network + bandwith live migrations are allowed to use. The value is + in quantity per second. Defaults to 0 (no limit) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true completionTimeoutPerGiB: + description: CompletionTimeoutPerGiB is the maximum number + of seconds per GiB a migration is allowed to take. If a + live-migration takes longer to migrate than this value multiplied + by the size of the VMI, the migration will be cancelled, + unless AllowPostCopy is true. Defaults to 800 format: int64 type: integer disableTLS: + description: When set to true, DisableTLS will disable the + additional layer of live migration encryption provided by + KubeVirt. This is usually a bad idea. Defaults to false type: boolean network: + description: Network is the name of the CNI network to use + for live migrations. By default, migrations go through the + pod network. type: string nodeDrainTaintKey: + description: 'NodeDrainTaintKey defines the taint key that + indicates a node should be drained. Note: this option relies + on the deprecated node taint feature. Default: kubevirt.io/drain' type: string parallelMigrationsPerCluster: + description: ParallelMigrationsPerCluster is the total number + of concurrent live migrations allowed cluster-wide. Defaults + to 5 format: int32 type: integer parallelOutboundMigrationsPerNode: + description: ParallelOutboundMigrationsPerNode is the maximum + number of concurrent outgoing live migrations allowed per + node. Defaults to 2 format: int32 type: integer progressTimeout: + description: ProgressTimeout is the maximum number of seconds + a live migration is allowed to make no progress. Hitting + this timeout means a migration transferred 0 data for that + many seconds. The migration is then considered stuck and + therefore cancelled. Defaults to 150 format: int64 type: integer unsafeMigrationOverride: + description: UnsafeMigrationOverride allows live migrations + to occur even if the compatibility check indicates the migration + will be unsafe to the guest. Defaults to false type: boolean type: object minCPUModel: @@ -2439,7 +3218,7 @@ spec: ovmfPath: type: string permittedHostDevices: - description: PermittedHostDevices holds inforamtion about devices + description: PermittedHostDevices holds information about devices allowed for passthrough properties: mediatedDevices: @@ -2487,6 +3266,25 @@ spec: type: array x-kubernetes-list-type: atomic type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object selinuxLauncherType: type: string smbios: @@ -2507,6 +3305,28 @@ spec: items: type: string type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: "MinTLSVersion is a way to specify the minimum + protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common + TLS configurations: \n https://ssl-config.mozilla.org/ + \n Note that SSLv3.0 is not a supported protocol version + due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object virtualMachineInstancesPerNode: type: integer webhookConfiguration: @@ -2585,6 +3405,20 @@ spec: imagePullPolicy: description: The ImagePullPolicy to use. type: string + imagePullSecrets: + description: The imagePullSecrets to pull the container images from + Defaults to none + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + x-kubernetes-list-type: atomic imageRegistry: description: The image registry to pull the container images from Defaults to the same registry the operator's container image is @@ -2907,11 +3741,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3013,10 +3914,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -3118,11 +4082,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3224,10 +4255,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -3303,9 +4397,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object monitorAccount: @@ -3331,6 +4427,11 @@ spec: components. Useful if KubeVirt is included as part of a product. If ProductVersion is not specified, KubeVirt's version will be used. type: string + serviceMonitorNamespace: + description: The namespace the service monitor will be deployed When + ServiceMonitorNamespace is set, then we'll install the service monitor + object in that namespace otherwise we will use the monitoring namespace. + type: string uninstallStrategy: description: Specifies if kubevirt can be deleted if workloads are still present. This is mainly a precaution to avoid accidental data @@ -3676,11 +4777,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3782,10 +4950,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -3887,11 +5118,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3993,10 +5291,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -4072,9 +5433,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object type: object @@ -4148,6 +5511,9 @@ spec: type: string observedDeploymentID: type: string + observedGeneration: + format: int64 + type: integer observedKubeVirtRegistry: type: string observedKubeVirtVersion: diff --git a/deploy/olm-catalog/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt-hyperconverged-operator.v1.6.0.clusterserviceversion.yaml b/deploy/olm-catalog/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt-hyperconverged-operator.v1.6.0.clusterserviceversion.yaml index 144954fb71..c713b8f1e6 100644 --- a/deploy/olm-catalog/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt-hyperconverged-operator.v1.6.0.clusterserviceversion.yaml +++ b/deploy/olm-catalog/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt-hyperconverged-operator.v1.6.0.clusterserviceversion.yaml @@ -9,7 +9,7 @@ metadata: categories: OpenShift Optional certified: "false" containerImage: quay.io/kubevirt/hyperconverged-cluster-operator:1.6.0-unstable - createdAt: "2022-05-26 15:28:44" + createdAt: "2025-01-03 05:05:57" description: A unified operator deploying and controlling KubeVirt and its supporting operators with opinionated defaults operatorframework.io/initialization-resource: '{"apiVersion":"hco.kubevirt.io/v1beta1","kind":"HyperConverged","metadata":{"annotations":{"deployOVS":"false"},"name":"kubevirt-hyperconverged","namespace":"kubevirt-hyperconverged"},"spec":{}}' @@ -661,27 +661,30 @@ spec: - update - patch - apiGroups: - - subresources.kubevirt.io + - "" resources: - - virtualmachineinstances/pause - - virtualmachineinstances/unpause - - virtualmachineinstances/addvolume - - virtualmachineinstances/removevolume - - virtualmachineinstances/freeze - - virtualmachineinstances/unfreeze - - virtualmachineinstances/softreboot + - namespaces verbs: - - update - get + - list + - watch + - patch - apiGroups: - - "" + - flavor.kubevirt.io resources: - - namespaces + - virtualmachineflavors + - virtualmachineclusterflavors + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get + - delete + - create + - update + - patch - list - watch - - patch + - deletecollection - apiGroups: - "" resources: @@ -702,6 +705,12 @@ spec: - watch - patch - update + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get - apiGroups: - kubevirt.io resources: @@ -761,6 +770,7 @@ spec: resources: - virtualmachinesnapshots - virtualmachinerestores + - virtualmachinesnapshotcontents verbs: - get - list @@ -769,16 +779,20 @@ spec: - cdi.kubevirt.io resources: - datasources + - datavolumes verbs: - get - list - watch - apiGroups: - - flavor.kubevirt.io + - instancetype.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: + - get - list - watch - apiGroups: @@ -789,6 +803,14 @@ spec: - get - list - watch + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - list + - get - apiGroups: - "" resources: @@ -797,6 +819,15 @@ spec: - get - list - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - patch - apiGroups: - policy resources: @@ -814,6 +845,7 @@ spec: - pods - configmaps - endpoints + - services verbs: - get - list @@ -821,6 +853,7 @@ spec: - delete - update - create + - patch - apiGroups: - "" resources: @@ -829,6 +862,12 @@ spec: - update - create - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create - apiGroups: - "" resources: @@ -872,6 +911,8 @@ spec: - list - create - delete + - get + - update - apiGroups: - "" resources: @@ -890,11 +931,19 @@ spec: - '*' verbs: - '*' + - apiGroups: + - export.kubevirt.io + resources: + - '*' + verbs: + - '*' - apiGroups: - pool.kubevirt.io resources: - virtualmachinepools - virtualmachinepools/finalizers + - virtualmachinepools/status + - virtualmachinepools/scale verbs: - watch - list @@ -975,11 +1024,14 @@ spec: - list - watch - apiGroups: - - flavor.kubevirt.io + - instancetype.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: + - get - list - watch - apiGroups: @@ -990,12 +1042,56 @@ spec: - get - list - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + - virtualmachineclones/status + - virtualmachineclones/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete - apiGroups: - "" resources: - namespaces verbs: - get + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - list + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - list + - get + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - get + - watch - apiGroups: - kubevirt.io resources: @@ -1060,10 +1156,36 @@ spec: - get - list - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - kubevirt-export-ca + resources: + - configmaps + verbs: + - get + - list + - watch - apiGroups: - subresources.kubevirt.io resources: - version + - guestfs verbs: - get - list @@ -1072,6 +1194,8 @@ spec: resources: - virtualmachineinstances/console - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward - virtualmachineinstances/guestosinfo - virtualmachineinstances/filesystemlist - virtualmachineinstances/userlist @@ -1089,12 +1213,29 @@ spec: - virtualmachineinstances/softreboot verbs: - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get - apiGroups: - subresources.kubevirt.io resources: - virtualmachines/start - virtualmachines/stop - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec verbs: - update - apiGroups: @@ -1130,10 +1271,38 @@ spec: - watch - deletecollection - apiGroups: - - flavor.kubevirt.io + - export.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get - delete @@ -1169,6 +1338,8 @@ spec: resources: - virtualmachineinstances/console - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward - virtualmachineinstances/guestosinfo - virtualmachineinstances/filesystemlist - virtualmachineinstances/userlist @@ -1186,12 +1357,29 @@ spec: - virtualmachineinstances/softreboot verbs: - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get - apiGroups: - subresources.kubevirt.io resources: - virtualmachines/start - virtualmachines/stop - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec verbs: - update - apiGroups: @@ -1225,10 +1413,36 @@ spec: - list - watch - apiGroups: - - flavor.kubevirt.io + - export.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get - delete @@ -1267,11 +1481,18 @@ spec: - apiGroups: - subresources.kubevirt.io resources: + - virtualmachines/expand-spec - virtualmachineinstances/guestosinfo - virtualmachineinstances/filesystemlist - virtualmachineinstances/userlist verbs: - get + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update - apiGroups: - kubevirt.io resources: @@ -1295,10 +1516,28 @@ spec: - list - watch - apiGroups: - - flavor.kubevirt.io + - export.kubevirt.io resources: - - virtualmachineflavors - - virtualmachineclusterflavors + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences verbs: - get - list @@ -2230,7 +2469,7 @@ spec: fieldPath: metadata.name - name: WATCH_NAMESPACE - name: VIRTIOWIN_CONTAINER - value: quay.io/kubevirt/virtio-container-disk@sha256:77c448875247bf4dbeaa0b9b1b720c0f30bb8177628061c592ce7a68863a96c2 + value: quay.io/kubevirt/virtio-container-disk@sha256:5b99c78ed831401048e72d72f9ec805710ee7625131fd9ad277b38ab1e67cfb9 - name: SMBIOS value: |- Family: KubeVirt @@ -2240,7 +2479,7 @@ spec: - name: HCO_KV_IO_VERSION value: 1.6.0 - name: KUBEVIRT_VERSION - value: v0.49.0 + value: v0.59.2 - name: CDI_VERSION value: v1.43.2 - name: NETWORK_ADDONS_VERSION @@ -2482,6 +2721,7 @@ spec: app.kubernetes.io/part-of: hyperconverged-cluster app.kubernetes.io/version: 1.6.0 kubevirt.io: virt-operator + name: virt-operator prometheus.kubevirt.io: "true" name: virt-operator spec: @@ -2498,32 +2738,33 @@ spec: topologyKey: kubernetes.io/hostname weight: 1 containers: - - command: - - virt-operator + - args: - --port - "8443" - -v - "2" + command: + - virt-operator env: - - name: OPERATOR_IMAGE - value: quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 + - name: VIRT_OPERATOR_IMAGE + value: quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - - name: KUBEVIRT_VERSION - value: v0.49.0 - name: VIRT_API_SHASUM - value: sha256:b06b273aa75d9cc39e282ea4401e8f2efb342ec553237a39c81f1b550b3b1cc9 + value: sha256:2bb3e1227651779f1222ce3b9fbd701226450875ad1f985c098b90b76ea9819b - name: VIRT_CONTROLLER_SHASUM - value: sha256:7f7832a9bc58f86b6056024cd883947bd3e277a6c2a8758baff6623635421807 + value: sha256:37d65a4d4e49ae83a631f052dfcc69a47fd044302be9b7e7a4309513bc9efefd - name: VIRT_HANDLER_SHASUM - value: sha256:95138a19a335e5f0b2932217dea792b10f8976fa170b630d4a783fe5642dcee4 + value: sha256:26734e9d4c41a11919661543c3d0c5a9cbd920eec6e8fa2f75426aee4c131e8b - name: VIRT_LAUNCHER_SHASUM - value: sha256:a32c275197763387f089b14000c82a7eddce0f1770cf44d83784951b78dd8c94 + value: sha256:c510629d04bab4cb621e9f2ccd2503f02a7051a0128a1f17e4faa34eacef8430 - name: GS_SHASUM - value: sha256:5b02b557b41fed00fad2bde1526c068e883c9ca56a48c087242a6f18e374d0dc - image: quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 + value: sha256:149b1def5f2f3c629b514c3168aad68b6888c328c27f9f014e2a5303ddd29ff4 + - name: KUBEVIRT_VERSION + value: v0.59.2 + image: quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 imagePullPolicy: IfNotPresent name: virt-operator ports: @@ -2543,16 +2784,27 @@ spec: resources: requests: cpu: 10m - memory: 150Mi + memory: 450Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/virt-operator/certificates name: kubevirt-operator-certs readOnly: true - mountPath: /profile-data name: profile-data + nodeSelector: + kubernetes.io/os: linux priorityClassName: kubevirt-cluster-critical securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: kubevirt-operator tolerations: - key: CriticalAddonsOnly @@ -2900,6 +3152,23 @@ spec: - watch - patch - delete + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create serviceAccountName: kubevirt-operator - rules: - apiGroups: @@ -3227,7 +3496,7 @@ spec: name: kubemacpool - image: quay.io/nmstate/kubernetes-nmstate-handler@sha256:d2ebaf60ba602bfd5e063ba271c766d41091f455b0f29d1ba1c626856146f8fa name: kubernetes-nmstate-handler - - image: quay.io/kubevirt/libguestfs-tools@sha256:5b02b557b41fed00fad2bde1526c068e883c9ca56a48c087242a6f18e374d0dc + - image: quay.io/kubevirt/libguestfs-tools@sha256:149b1def5f2f3c629b514c3168aad68b6888c328c27f9f014e2a5303ddd29ff4 name: libguestfs-tools - image: k8s.gcr.io/sig-storage/livenessprobe@sha256:1b7c978a792a8fa4e96244e8059bd71bb49b07e2e5a897fb0c867bdc6db20d5d name: livenessprobe @@ -3241,17 +3510,17 @@ spec: name: ovs-cni-plugin - image: quay.io/kubevirt/ssp-operator@sha256:522549d048596366f5dc3aa1f454b2e82e892bf9a38b87431b67a79602de715f name: ssp-operator - - image: quay.io/kubevirt/virt-api@sha256:b06b273aa75d9cc39e282ea4401e8f2efb342ec553237a39c81f1b550b3b1cc9 + - image: quay.io/kubevirt/virt-api@sha256:2bb3e1227651779f1222ce3b9fbd701226450875ad1f985c098b90b76ea9819b name: virt-api - - image: quay.io/kubevirt/virt-controller@sha256:7f7832a9bc58f86b6056024cd883947bd3e277a6c2a8758baff6623635421807 + - image: quay.io/kubevirt/virt-controller@sha256:37d65a4d4e49ae83a631f052dfcc69a47fd044302be9b7e7a4309513bc9efefd name: virt-controller - - image: quay.io/kubevirt/virt-handler@sha256:95138a19a335e5f0b2932217dea792b10f8976fa170b630d4a783fe5642dcee4 + - image: quay.io/kubevirt/virt-handler@sha256:26734e9d4c41a11919661543c3d0c5a9cbd920eec6e8fa2f75426aee4c131e8b name: virt-handler - - image: quay.io/kubevirt/virt-launcher@sha256:a32c275197763387f089b14000c82a7eddce0f1770cf44d83784951b78dd8c94 + - image: quay.io/kubevirt/virt-launcher@sha256:c510629d04bab4cb621e9f2ccd2503f02a7051a0128a1f17e4faa34eacef8430 name: virt-launcher - - image: quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 + - image: quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 name: virt-operator - - image: quay.io/kubevirt/virtio-container-disk@sha256:77c448875247bf4dbeaa0b9b1b720c0f30bb8177628061c592ce7a68863a96c2 + - image: quay.io/kubevirt/virtio-container-disk@sha256:5b99c78ed831401048e72d72f9ec805710ee7625131fd9ad277b38ab1e67cfb9 name: virtio-container-disk replaces: kubevirt-hyperconverged-operator.v1.5.0 selector: diff --git a/deploy/olm-catalog/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt00.crd.yaml b/deploy/olm-catalog/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt00.crd.yaml index fa8c15b6ea..bc25479052 100644 --- a/deploy/olm-catalog/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt00.crd.yaml +++ b/deploy/olm-catalog/community-kubevirt-hyperconverged/1.6.0/manifests/kubevirt00.crd.yaml @@ -90,6 +90,16 @@ spec: configuration: description: holds kubevirt configurations. same as the virt-configMap properties: + additionalGuestMemoryOverheadRatio: + description: AdditionalGuestMemoryOverheadRatio can be used to + increase the virtualization infrastructure overhead. This is + useful, since the calculation of this overhead is not accurate + and cannot be entirely known in advance. The ratio that is being + set determines by which factor to increase the overhead calculated + by Kubevirt. A higher ratio means that the VMs would be less + compromised by node pressures, but would mean that fewer VMs + could be scheduled to a node. If not set, the default is 1. + type: string apiConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -166,6 +176,15 @@ spec: description: DeveloperConfiguration holds developer options properties: cpuAllocationRatio: + description: 'For each requested virtual CPU, CPUAllocationRatio + defines how much physical CPU to request per VMI from the + hosting node. The value is in fraction of a CPU thread (or + core on non-hyperthreaded nodes). For example, a value of + 1 means 1 physical CPU thread per VMI CPU thread. A value + of 100 would be 1% of a physical thread allocated for each + requested VMI thread. This option has no effect on VMIs + that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10' type: integer diskVerification: description: DiskVerification holds container disks verification @@ -181,6 +200,8 @@ spec: - memoryLimit type: object featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none items: type: string type: array @@ -206,6 +227,13 @@ spec: type: integer type: object memoryOvercommit: + description: MemoryOvercommit is the percentage of memory + we want to give VMIs compared to the amount given to its + parent pod (virt-launcher). For example, a value of 102 + means the VMI will "see" 2% more memory than its parent + pod. Values under 100 are effectively "undercommits". Overcommits + can lead to memory exhaustion, which in turn can lead to + crashes. Use carefully. Defaults to 100 type: integer minimumClusterTSCFrequency: description: Allow overriding the automatically determined @@ -214,24 +242,38 @@ spec: format: int64 type: integer minimumReservePVCBytes: + description: MinimumReservePVCBytes is the amount of space, + in bytes, to leave unused on disks. Defaults to 131072 (128KiB) format: int64 type: integer nodeSelectors: additionalProperties: type: string + description: NodeSelectors allows restricting VMI creation + to nodes that match a set of labels. Defaults to none type: object pvcTolerateLessSpaceUpToPercent: + description: LessPVCSpaceToleration determines how much smaller, + in percentage, disk PVCs are allowed to be compared to the + requested size (to account for various overheads). Defaults + to 10 type: integer useEmulation: description: UseEmulation can be set to true to allow fallback to software emulation in case hardware-assisted emulation - is not available. + is not available. Defaults to false type: boolean type: object emulatedMachines: items: type: string type: array + evictionStrategy: + description: EvictionStrategy defines at the cluster level if + the VirtualMachineInstance should be migrated instead of shut-off + in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string handlerConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -270,21 +312,33 @@ spec: machineType: type: string mediatedDevicesConfiguration: - description: MediatedDevicesConfiguration holds inforamtion about + description: MediatedDevicesConfiguration holds information about MDEV types to be defined, if available properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array x-kubernetes-list-type: atomic nodeMediatedDeviceTypes: items: - description: NodeMediatedDeviceTypesConfig holds inforamtion + description: NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specifc node that matches the NodeSelector field. properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array @@ -298,7 +352,6 @@ spec: on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object required: - - mediatedDevicesTypes - nodeSelector type: object type: array @@ -308,37 +361,80 @@ spec: format: int32 type: integer migrations: - description: MigrationConfiguration holds migration options + description: MigrationConfiguration holds migration options. Can + be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ + for more information. properties: allowAutoConverge: + description: AllowAutoConverge allows the platform to compromise + performance/availability of VMIs to guarantee successful + VMI live migrations. Defaults to false type: boolean allowPostCopy: + description: AllowPostCopy enables post-copy live migrations. + Such migrations allow even the busiest VMIs to successfully + live-migrate. However, events like a network failure can + cause a VMI crash. If set to true, migrations will still + start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB + triggers. Defaults to false type: boolean bandwidthPerMigration: anyOf: - type: integer - type: string + description: BandwidthPerMigration limits the amount of network + bandwith live migrations are allowed to use. The value is + in quantity per second. Defaults to 0 (no limit) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true completionTimeoutPerGiB: + description: CompletionTimeoutPerGiB is the maximum number + of seconds per GiB a migration is allowed to take. If a + live-migration takes longer to migrate than this value multiplied + by the size of the VMI, the migration will be cancelled, + unless AllowPostCopy is true. Defaults to 800 format: int64 type: integer disableTLS: + description: When set to true, DisableTLS will disable the + additional layer of live migration encryption provided by + KubeVirt. This is usually a bad idea. Defaults to false type: boolean network: + description: Network is the name of the CNI network to use + for live migrations. By default, migrations go through the + pod network. type: string nodeDrainTaintKey: + description: 'NodeDrainTaintKey defines the taint key that + indicates a node should be drained. Note: this option relies + on the deprecated node taint feature. Default: kubevirt.io/drain' type: string parallelMigrationsPerCluster: + description: ParallelMigrationsPerCluster is the total number + of concurrent live migrations allowed cluster-wide. Defaults + to 5 format: int32 type: integer parallelOutboundMigrationsPerNode: + description: ParallelOutboundMigrationsPerNode is the maximum + number of concurrent outgoing live migrations allowed per + node. Defaults to 2 format: int32 type: integer progressTimeout: + description: ProgressTimeout is the maximum number of seconds + a live migration is allowed to make no progress. Hitting + this timeout means a migration transferred 0 data for that + many seconds. The migration is then considered stuck and + therefore cancelled. Defaults to 150 format: int64 type: integer unsafeMigrationOverride: + description: UnsafeMigrationOverride allows live migrations + to occur even if the compatibility check indicates the migration + will be unsafe to the guest. Defaults to false type: boolean type: object minCPUModel: @@ -360,7 +456,7 @@ spec: ovmfPath: type: string permittedHostDevices: - description: PermittedHostDevices holds inforamtion about devices + description: PermittedHostDevices holds information about devices allowed for passthrough properties: mediatedDevices: @@ -408,6 +504,25 @@ spec: type: array x-kubernetes-list-type: atomic type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object selinuxLauncherType: type: string smbios: @@ -428,6 +543,28 @@ spec: items: type: string type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: "MinTLSVersion is a way to specify the minimum + protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common + TLS configurations: \n https://ssl-config.mozilla.org/ + \n Note that SSLv3.0 is not a supported protocol version + due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object virtualMachineInstancesPerNode: type: integer webhookConfiguration: @@ -506,6 +643,20 @@ spec: imagePullPolicy: description: The ImagePullPolicy to use. type: string + imagePullSecrets: + description: The imagePullSecrets to pull the container images from + Defaults to none + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + x-kubernetes-list-type: atomic imageRegistry: description: The image registry to pull the container images from Defaults to the same registry the operator's container image is @@ -828,11 +979,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -934,10 +1152,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1039,11 +1320,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -1145,10 +1493,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1224,9 +1635,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object monitorAccount: @@ -1252,6 +1665,11 @@ spec: components. Useful if KubeVirt is included as part of a product. If ProductVersion is not specified, KubeVirt's version will be used. type: string + serviceMonitorNamespace: + description: The namespace the service monitor will be deployed When + ServiceMonitorNamespace is set, then we'll install the service monitor + object in that namespace otherwise we will use the monitoring namespace. + type: string uninstallStrategy: description: Specifies if kubevirt can be deleted if workloads are still present. This is mainly a precaution to avoid accidental data @@ -1597,33 +2015,100 @@ spec: ANDed. type: object type: object - namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 type: integer required: - podAffinityTerm @@ -1703,10 +2188,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1808,11 +2356,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -1914,10 +2529,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -1993,9 +2671,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object type: object @@ -2069,6 +2749,9 @@ spec: type: string observedDeploymentID: type: string + observedGeneration: + format: int64 + type: integer observedKubeVirtRegistry: type: string observedKubeVirtVersion: @@ -2169,6 +2852,16 @@ spec: configuration: description: holds kubevirt configurations. same as the virt-configMap properties: + additionalGuestMemoryOverheadRatio: + description: AdditionalGuestMemoryOverheadRatio can be used to + increase the virtualization infrastructure overhead. This is + useful, since the calculation of this overhead is not accurate + and cannot be entirely known in advance. The ratio that is being + set determines by which factor to increase the overhead calculated + by Kubevirt. A higher ratio means that the VMs would be less + compromised by node pressures, but would mean that fewer VMs + could be scheduled to a node. If not set, the default is 1. + type: string apiConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -2245,6 +2938,15 @@ spec: description: DeveloperConfiguration holds developer options properties: cpuAllocationRatio: + description: 'For each requested virtual CPU, CPUAllocationRatio + defines how much physical CPU to request per VMI from the + hosting node. The value is in fraction of a CPU thread (or + core on non-hyperthreaded nodes). For example, a value of + 1 means 1 physical CPU thread per VMI CPU thread. A value + of 100 would be 1% of a physical thread allocated for each + requested VMI thread. This option has no effect on VMIs + that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10' type: integer diskVerification: description: DiskVerification holds container disks verification @@ -2260,6 +2962,8 @@ spec: - memoryLimit type: object featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none items: type: string type: array @@ -2285,6 +2989,13 @@ spec: type: integer type: object memoryOvercommit: + description: MemoryOvercommit is the percentage of memory + we want to give VMIs compared to the amount given to its + parent pod (virt-launcher). For example, a value of 102 + means the VMI will "see" 2% more memory than its parent + pod. Values under 100 are effectively "undercommits". Overcommits + can lead to memory exhaustion, which in turn can lead to + crashes. Use carefully. Defaults to 100 type: integer minimumClusterTSCFrequency: description: Allow overriding the automatically determined @@ -2293,24 +3004,38 @@ spec: format: int64 type: integer minimumReservePVCBytes: + description: MinimumReservePVCBytes is the amount of space, + in bytes, to leave unused on disks. Defaults to 131072 (128KiB) format: int64 type: integer nodeSelectors: additionalProperties: type: string + description: NodeSelectors allows restricting VMI creation + to nodes that match a set of labels. Defaults to none type: object pvcTolerateLessSpaceUpToPercent: + description: LessPVCSpaceToleration determines how much smaller, + in percentage, disk PVCs are allowed to be compared to the + requested size (to account for various overheads). Defaults + to 10 type: integer useEmulation: description: UseEmulation can be set to true to allow fallback to software emulation in case hardware-assisted emulation - is not available. + is not available. Defaults to false type: boolean type: object emulatedMachines: items: type: string type: array + evictionStrategy: + description: EvictionStrategy defines at the cluster level if + the VirtualMachineInstance should be migrated instead of shut-off + in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string handlerConfiguration: description: ReloadableComponentConfiguration holds all generic k8s configuration options which can be reloaded by components @@ -2349,21 +3074,33 @@ spec: machineType: type: string mediatedDevicesConfiguration: - description: MediatedDevicesConfiguration holds inforamtion about + description: MediatedDevicesConfiguration holds information about MDEV types to be defined, if available properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array x-kubernetes-list-type: atomic nodeMediatedDeviceTypes: items: - description: NodeMediatedDeviceTypesConfig holds inforamtion + description: NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specifc node that matches the NodeSelector field. properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. items: type: string type: array @@ -2377,7 +3114,6 @@ spec: on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object required: - - mediatedDevicesTypes - nodeSelector type: object type: array @@ -2387,37 +3123,80 @@ spec: format: int32 type: integer migrations: - description: MigrationConfiguration holds migration options + description: MigrationConfiguration holds migration options. Can + be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ + for more information. properties: allowAutoConverge: + description: AllowAutoConverge allows the platform to compromise + performance/availability of VMIs to guarantee successful + VMI live migrations. Defaults to false type: boolean allowPostCopy: + description: AllowPostCopy enables post-copy live migrations. + Such migrations allow even the busiest VMIs to successfully + live-migrate. However, events like a network failure can + cause a VMI crash. If set to true, migrations will still + start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB + triggers. Defaults to false type: boolean bandwidthPerMigration: anyOf: - type: integer - type: string + description: BandwidthPerMigration limits the amount of network + bandwith live migrations are allowed to use. The value is + in quantity per second. Defaults to 0 (no limit) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true completionTimeoutPerGiB: + description: CompletionTimeoutPerGiB is the maximum number + of seconds per GiB a migration is allowed to take. If a + live-migration takes longer to migrate than this value multiplied + by the size of the VMI, the migration will be cancelled, + unless AllowPostCopy is true. Defaults to 800 format: int64 type: integer disableTLS: + description: When set to true, DisableTLS will disable the + additional layer of live migration encryption provided by + KubeVirt. This is usually a bad idea. Defaults to false type: boolean network: + description: Network is the name of the CNI network to use + for live migrations. By default, migrations go through the + pod network. type: string nodeDrainTaintKey: + description: 'NodeDrainTaintKey defines the taint key that + indicates a node should be drained. Note: this option relies + on the deprecated node taint feature. Default: kubevirt.io/drain' type: string parallelMigrationsPerCluster: + description: ParallelMigrationsPerCluster is the total number + of concurrent live migrations allowed cluster-wide. Defaults + to 5 format: int32 type: integer parallelOutboundMigrationsPerNode: + description: ParallelOutboundMigrationsPerNode is the maximum + number of concurrent outgoing live migrations allowed per + node. Defaults to 2 format: int32 type: integer progressTimeout: + description: ProgressTimeout is the maximum number of seconds + a live migration is allowed to make no progress. Hitting + this timeout means a migration transferred 0 data for that + many seconds. The migration is then considered stuck and + therefore cancelled. Defaults to 150 format: int64 type: integer unsafeMigrationOverride: + description: UnsafeMigrationOverride allows live migrations + to occur even if the compatibility check indicates the migration + will be unsafe to the guest. Defaults to false type: boolean type: object minCPUModel: @@ -2439,7 +3218,7 @@ spec: ovmfPath: type: string permittedHostDevices: - description: PermittedHostDevices holds inforamtion about devices + description: PermittedHostDevices holds information about devices allowed for passthrough properties: mediatedDevices: @@ -2487,6 +3266,25 @@ spec: type: array x-kubernetes-list-type: atomic type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object selinuxLauncherType: type: string smbios: @@ -2507,6 +3305,28 @@ spec: items: type: string type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: "MinTLSVersion is a way to specify the minimum + protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common + TLS configurations: \n https://ssl-config.mozilla.org/ + \n Note that SSLv3.0 is not a supported protocol version + due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object virtualMachineInstancesPerNode: type: integer webhookConfiguration: @@ -2585,6 +3405,20 @@ spec: imagePullPolicy: description: The ImagePullPolicy to use. type: string + imagePullSecrets: + description: The imagePullSecrets to pull the container images from + Defaults to none + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + x-kubernetes-list-type: atomic imageRegistry: description: The image registry to pull the container images from Defaults to the same registry the operator's container image is @@ -2907,11 +3741,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3013,10 +3914,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -3118,11 +4082,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3224,10 +4255,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -3303,9 +4397,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object monitorAccount: @@ -3331,6 +4427,11 @@ spec: components. Useful if KubeVirt is included as part of a product. If ProductVersion is not specified, KubeVirt's version will be used. type: string + serviceMonitorNamespace: + description: The namespace the service monitor will be deployed When + ServiceMonitorNamespace is set, then we'll install the service monitor + object in that namespace otherwise we will use the monitoring namespace. + type: string uninstallStrategy: description: Specifies if kubevirt can be deleted if workloads are still present. This is mainly a precaution to avoid accidental data @@ -3676,11 +4777,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3782,10 +4950,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -3887,11 +5118,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is beta-level and is only honored + when PodAffinityNamespaceSelector feature + is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies to - (matches against); null or empty list - means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" items: type: string type: array @@ -3993,10 +5291,73 @@ spec: only "value". The requirements are ANDed. type: object type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" items: type: string type: array @@ -4072,9 +5433,11 @@ spec: type: array type: object replicas: - description: replicas indicates how many replicas should be created + description: 'replicas indicates how many replicas should be created for each KubeVirt infrastructure component (like virt-api or - virt-controller). Defaults to 2. + virt-controller). Defaults to 2. WARNING: this is an advanced + feature that prevents auto-scaling for core kubevirt components. + Please use with caution!' type: integer type: object type: object @@ -4148,6 +5511,9 @@ spec: type: string observedDeploymentID: type: string + observedGeneration: + format: int64 + type: integer observedKubeVirtRegistry: type: string observedKubeVirtVersion: diff --git a/deploy/operator.yaml b/deploy/operator.yaml index c815a4675d..6712bee5dd 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -44,7 +44,7 @@ spec: fieldPath: metadata.name - name: WATCH_NAMESPACE - name: VIRTIOWIN_CONTAINER - value: quay.io/kubevirt/virtio-container-disk@sha256:77c448875247bf4dbeaa0b9b1b720c0f30bb8177628061c592ce7a68863a96c2 + value: quay.io/kubevirt/virtio-container-disk@sha256:5b99c78ed831401048e72d72f9ec805710ee7625131fd9ad277b38ab1e67cfb9 - name: SMBIOS value: |- Family: KubeVirt @@ -54,7 +54,7 @@ spec: - name: HCO_KV_IO_VERSION value: 1.6.0 - name: KUBEVIRT_VERSION - value: v0.49.0 + value: v0.59.2 - name: CDI_VERSION value: v1.43.2 - name: NETWORK_ADDONS_VERSION @@ -318,6 +318,7 @@ spec: app.kubernetes.io/part-of: hyperconverged-cluster app.kubernetes.io/version: 1.6.0 kubevirt.io: virt-operator + name: virt-operator prometheus.kubevirt.io: "true" name: virt-operator spec: @@ -334,32 +335,33 @@ spec: topologyKey: kubernetes.io/hostname weight: 1 containers: - - command: - - virt-operator + - args: - --port - "8443" - -v - "2" + command: + - virt-operator env: - - name: OPERATOR_IMAGE - value: quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 + - name: VIRT_OPERATOR_IMAGE + value: quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - - name: KUBEVIRT_VERSION - value: v0.49.0 - name: VIRT_API_SHASUM - value: sha256:b06b273aa75d9cc39e282ea4401e8f2efb342ec553237a39c81f1b550b3b1cc9 + value: sha256:2bb3e1227651779f1222ce3b9fbd701226450875ad1f985c098b90b76ea9819b - name: VIRT_CONTROLLER_SHASUM - value: sha256:7f7832a9bc58f86b6056024cd883947bd3e277a6c2a8758baff6623635421807 + value: sha256:37d65a4d4e49ae83a631f052dfcc69a47fd044302be9b7e7a4309513bc9efefd - name: VIRT_HANDLER_SHASUM - value: sha256:95138a19a335e5f0b2932217dea792b10f8976fa170b630d4a783fe5642dcee4 + value: sha256:26734e9d4c41a11919661543c3d0c5a9cbd920eec6e8fa2f75426aee4c131e8b - name: VIRT_LAUNCHER_SHASUM - value: sha256:a32c275197763387f089b14000c82a7eddce0f1770cf44d83784951b78dd8c94 + value: sha256:c510629d04bab4cb621e9f2ccd2503f02a7051a0128a1f17e4faa34eacef8430 - name: GS_SHASUM - value: sha256:5b02b557b41fed00fad2bde1526c068e883c9ca56a48c087242a6f18e374d0dc - image: quay.io/kubevirt/virt-operator@sha256:df8ecfb6f82b744504d646535f8d75cd03c1709283e368cca84ec71bed584b64 + value: sha256:149b1def5f2f3c629b514c3168aad68b6888c328c27f9f014e2a5303ddd29ff4 + - name: KUBEVIRT_VERSION + value: v0.59.2 + image: quay.io/kubevirt/virt-operator@sha256:5bfc28d150e853eda38b6d2e4f0cf68e6ade1040718cf7598e11cb32058d7c57 imagePullPolicy: IfNotPresent name: virt-operator ports: @@ -379,16 +381,27 @@ spec: resources: requests: cpu: 10m - memory: 150Mi + memory: 450Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /etc/virt-operator/certificates name: kubevirt-operator-certs readOnly: true - mountPath: /profile-data name: profile-data + nodeSelector: + kubernetes.io/os: linux priorityClassName: kubevirt-cluster-critical securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: kubevirt-operator tolerations: - key: CriticalAddonsOnly diff --git a/go.mod b/go.mod index 14287c7b86..9ddf3afc01 100644 --- a/go.mod +++ b/go.mod @@ -6,14 +6,14 @@ require ( github.com/blang/semver/v4 v4.0.0 github.com/evanphx/json-patch v5.6.0+incompatible github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 - github.com/go-logr/logr v1.2.2 + github.com/go-logr/logr v1.2.3 github.com/google/uuid v1.3.0 github.com/imdario/mergo v0.3.12 github.com/kubevirt/cluster-network-addons-operator v0.65.6 github.com/onsi/ginkgo v1.16.5 github.com/onsi/gomega v1.18.1 github.com/openshift/api v3.9.1-0.20190924102528-32369d4db2ad+incompatible - github.com/openshift/custom-resource-status v1.1.0 + github.com/openshift/custom-resource-status v1.1.2 github.com/operator-framework/api v0.11.1 github.com/operator-framework/operator-lib v0.10.0 github.com/pkg/errors v0.9.1 @@ -22,14 +22,14 @@ require ( github.com/prometheus/client_model v0.2.0 github.com/spf13/pflag v1.0.5 golang.org/x/tools v0.6.0 - k8s.io/api v0.23.3 - k8s.io/apiextensions-apiserver v0.23.0 - k8s.io/apimachinery v0.23.3 + k8s.io/api v0.23.5 + k8s.io/apiextensions-apiserver v0.23.5 + k8s.io/apimachinery v0.23.5 k8s.io/client-go v12.0.0+incompatible k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf - k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b - kubevirt.io/api v0.49.0 - kubevirt.io/containerized-data-importer-api v1.43.2 + k8s.io/utils v0.0.0-20211116205334-6203023598ed + kubevirt.io/api v0.59.2 + kubevirt.io/containerized-data-importer-api v1.55.0 kubevirt.io/controller-lifecycle-operator-sdk v0.2.3 kubevirt.io/node-maintenance-operator v0.11.3 kubevirt.io/ssp-operator v0.13.2 @@ -44,7 +44,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful v2.10.0+incompatible // indirect + github.com/emicklei/go-restful v2.15.0+incompatible // indirect github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-logr/zapr v1.2.0 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect @@ -87,6 +87,7 @@ require ( gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect k8s.io/component-base v0.23.2 // indirect k8s.io/klog/v2 v2.40.1 // indirect + kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 // indirect sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect diff --git a/go.sum b/go.sum index 50bd39d944..306798a1ec 100644 --- a/go.sum +++ b/go.sum @@ -334,8 +334,9 @@ github.com/emicklei/go-restful v2.8.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT github.com/emicklei/go-restful v2.8.1+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.6+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.10.0+incompatible h1:l6Soi8WCOOVAeCo4W98iBFC6Og7/X8bpRt51oNLZ2C8= github.com/emicklei/go-restful v2.10.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful v2.15.0+incompatible h1:8KpYO/Xl/ZudZs5RNOEhWMBY4hmzlZhhRd9cu+jrZP4= +github.com/emicklei/go-restful v2.15.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful-openapi v1.2.0/go.mod h1:cy7o3Ge8ZWZ5E90mpEY81sJZZFs2pkuYcLvfngYy1l0= github.com/emicklei/go-restful-swagger12 v0.0.0-20170926063155-7524189396c6/go.mod h1:qr0VowGBT4CS4Q8vFF8BSeKz34PuqKGxs/L0IAQA9DQ= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= @@ -419,8 +420,9 @@ github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v0.3.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= github.com/go-logr/zapr v0.1.1/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= github.com/go-logr/zapr v0.2.0/go.mod h1:qhKdvif7YF5GI9NWEpyxTSSBdGmzkNguibrdCNVPunU= @@ -1014,8 +1016,9 @@ github.com/openshift/client-go v0.0.0-20200521150516-05eb9880269c/go.mod h1:kCMe github.com/openshift/cluster-network-operator v0.0.0-20200324123637-74e803688dd9/go.mod h1:M9dusM6U0OOmpKjTacoXquDKPhRPu23PvFA/ws8QML0= github.com/openshift/custom-resource-status v0.0.0-20190822192428-e62f2f3b79f3/go.mod h1:GDjWl0tX6FNIj82vIxeudWeSx2Ff6nDZ8uJn0ohUFvo= github.com/openshift/custom-resource-status v0.0.0-20200602122900-c002fd1547ca/go.mod h1:GDjWl0tX6FNIj82vIxeudWeSx2Ff6nDZ8uJn0ohUFvo= -github.com/openshift/custom-resource-status v1.1.0 h1:EjSh0f3vF6eaS3zAToVHUXcS7N2jVEosUFJ0sRKvmZ0= github.com/openshift/custom-resource-status v1.1.0/go.mod h1:GDjWl0tX6FNIj82vIxeudWeSx2Ff6nDZ8uJn0ohUFvo= +github.com/openshift/custom-resource-status v1.1.2 h1:C3DL44LEbvlbItfd8mT5jWrqPfHnSOQoQf/sypqA6A4= +github.com/openshift/custom-resource-status v1.1.2/go.mod h1:DB/Mf2oTeiAmVVX1gN+NEqweonAPY0TKUwADizj8+ZA= github.com/openshift/origin v0.0.0-20160503220234-8f127d736703/go.mod h1:0Rox5r9C8aQn6j1oAOQ0c1uC86mYbUFObzjBRvUKHII= github.com/openshift/origin v4.1.0+incompatible/go.mod h1:0Rox5r9C8aQn6j1oAOQ0c1uC86mYbUFObzjBRvUKHII= github.com/openshift/prom-label-proxy v0.1.1-0.20191016113035-b8153a7f39f1/go.mod h1:p5MuxzsYP1JPsNGwtjtcgRHHlGziCJJfztff91nNixw= @@ -1992,20 +1995,22 @@ k8s.io/utils v0.0.0-20210527160623-6fdb442a123b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20210709001253-0e1f9d693477/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b h1:wxEMGetGMur3J1xuGLQY7GEQYg9bZxKn3tKo5k/eYcs= k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -kubevirt.io/api v0.49.0 h1:KQsZHxsU4kyTT/rF8HHMhyqs3lNggliS+wEozcOe+uU= -kubevirt.io/api v0.49.0/go.mod h1:aQbwZbjpFeYiWZJmgPzId0Re3Qjx+I/k1k6/hOzmcHY= +k8s.io/utils v0.0.0-20211116205334-6203023598ed h1:ck1fRPWPJWsMd8ZRFsWc6mh/zHp5fZ/shhbrgPUxDAE= +k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +kubevirt.io/api v0.59.2 h1:t37z6+o1t/l09Ted4DrG5YkYjCasp3TAw3TZOgUC1xI= +kubevirt.io/api v0.59.2/go.mod h1:zts/6mioR8vGgvYmQ17Cb9XsUR9e/WjJcdokmrE38wY= kubevirt.io/client-go v0.47.1/go.mod h1:mhK3air2UNH/qQfGCqmvZZpCZgvBV3mAbyHCyG9hGZA= kubevirt.io/containerized-data-importer v1.36.0/go.mod h1:4TbKL1HJekxbv2DtuaCu2BlQxwU9YkYxgb1qU3HTF4s= -kubevirt.io/containerized-data-importer-api v1.41.0/go.mod h1:0xadDFtaMd8iy+/oD2+dYoPxACZ/YizKqay5QIrQ6cw= kubevirt.io/containerized-data-importer-api v1.42.1/go.mod h1:Ty5GJ+6nKlpcBKjeebb/e6IrF8bNFgOus9hfuMjEt6A= -kubevirt.io/containerized-data-importer-api v1.43.2 h1:h0YwF/mzJ4+ufExkaWrAS7aluwFzK5TvvOcpT6V4lX0= -kubevirt.io/containerized-data-importer-api v1.43.2/go.mod h1:NHg5vXGs/B/QUaAwyLwmxkEShlCxYDWtNaHXRwptJr4= +kubevirt.io/containerized-data-importer-api v1.55.0 h1:IQNc8PYVq1cTwKNPEJza5xSlcnXeYVNt76M5kZ8X7xo= +kubevirt.io/containerized-data-importer-api v1.55.0/go.mod h1:92HiQEyzPoeMiCbgfG5Qe10JQVbtWMZOXucy56dKdGg= kubevirt.io/controller-lifecycle-operator-sdk v0.2.0/go.mod h1:ZJhLceiY2Gl5CXFGSp5eMGt/sksOiJP0289nAZFCQf0= kubevirt.io/controller-lifecycle-operator-sdk v0.2.1/go.mod h1:ZJhLceiY2Gl5CXFGSp5eMGt/sksOiJP0289nAZFCQf0= kubevirt.io/controller-lifecycle-operator-sdk v0.2.3 h1:auv8LrA7gnLfQREnlGVPwgJpTxOEgnw4+mzXlUqKTxY= kubevirt.io/controller-lifecycle-operator-sdk v0.2.3/go.mod h1:ZJhLceiY2Gl5CXFGSp5eMGt/sksOiJP0289nAZFCQf0= +kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 h1:QMrd0nKP0BGbnxTqakhDZAUhGKxPiPiN5gSDqKUmGGc= +kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90/go.mod h1:018lASpFYBsYN6XwmA2TIrPCx6e0gviTd/ZNtSitKgc= kubevirt.io/node-maintenance-operator v0.11.3 h1:DNCChJMFtIURjT6mZZaevrH1BenVUkprDu1OhIP6KRQ= kubevirt.io/node-maintenance-operator v0.11.3/go.mod h1:2hXTz8940TJQNv1POow5qHGl0b/N0zDlUQZI13ADUww= kubevirt.io/qe-tools v0.1.6/go.mod h1:PJyH/YXC4W0AmxfheDmXWMbLNsMSboVGXKpMAwfKzVE= diff --git a/hack/config b/hack/config index aa8a635923..af560bb990 100644 --- a/hack/config +++ b/hack/config @@ -1,6 +1,6 @@ #!/bin/bash -KUBEVIRT_VERSION="v0.49.0" +KUBEVIRT_VERSION="v0.59.2" CDI_VERSION="v1.43.2" NETWORK_ADDONS_VERSION="v0.65.6" SSP_VERSION="v0.13.2" diff --git a/vendor/github.com/emicklei/go-restful/.travis.yml b/vendor/github.com/emicklei/go-restful/.travis.yml index b22f8f547e..3a0bf5ff1b 100644 --- a/vendor/github.com/emicklei/go-restful/.travis.yml +++ b/vendor/github.com/emicklei/go-restful/.travis.yml @@ -3,4 +3,11 @@ language: go go: - 1.x -script: go test -v \ No newline at end of file +before_install: + - go test -v + +script: + - go test -race -coverprofile=coverage.txt -covermode=atomic + +after_success: + - bash <(curl -s https://codecov.io/bash) \ No newline at end of file diff --git a/vendor/github.com/emicklei/go-restful/CHANGES.md b/vendor/github.com/emicklei/go-restful/CHANGES.md index cd5b4a60ec..f7409d546a 100644 --- a/vendor/github.com/emicklei/go-restful/CHANGES.md +++ b/vendor/github.com/emicklei/go-restful/CHANGES.md @@ -1,70 +1,100 @@ -## Change history of go-restful +# Change history of go-restful (v2 only) -v2.10.0 +## v2.15.0 - 2020-11-10 -- support for Custom Verbs (thanks Vinci Xu <277040271@qq.com>) -- fixed static example (thanks Arthur ) -- simplify code (thanks Christian Muehlhaeuser ) -- added JWT HMAC with SHA-512 authentication code example (thanks Amim Knabben ) +- Add OPTIONS in Webservice -v2.9.6 +## v2.14.3 - 2020-08-31 +- Fixed duplicate compression in dispatch. #449 -- small optimization in filter code -v2.9.5 +## v2.14.2 - 2020-08-31 + +- Added check on writer to prevent compression of response twice. #447 + +## v2.14.0 - 2020-08-19 + +- Enable content encoding on Handle and ServeHTTP (#446) +- List available representations in 406 body (#437) +- Convert to string using rune() (#443) + +## v2.13.0 - 2020-06-21 + +- 405 Method Not Allowed must have Allow header (#436) +- add field allowedMethodsWithoutContentType (#424) + +## v2.12.0 + +- support describing response headers (#426) +- fix openapi examples (#425) +- merge v3 fix (#422) + +## v2.11.1 + +- fix WriteError return value (#415) + +## v2.11.0 + +- allow prefix and suffix in path variable expression (#414) + +## v2.9.6 + +- support google custome verb (#413) + +## v2.9.5 - fix panic in Response.WriteError if err == nil -v2.9.4 +## v2.9.4 - fix issue #400 , parsing mime type quality - Route Builder added option for contentEncodingEnabled (#398) -v2.9.3 +## v2.9.3 - Avoid return of 415 Unsupported Media Type when request body is empty (#396) -v2.9.2 +## v2.9.2 - Reduce allocations in per-request methods to improve performance (#395) -v2.9.1 +## v2.9.1 - Fix issue with default responses and invalid status code 0. (#393) -v2.9.0 +## v2.9.0 - add per Route content encoding setting (overrides container setting) -v2.8.0 +## v2.8.0 - add Request.QueryParameters() - add json-iterator (via build tag) - disable vgo module (until log is moved) -v2.7.1 +## v2.7.1 - add vgo module -v2.6.1 +## v2.6.1 - add JSONNewDecoderFunc to allow custom JSON Decoder usage (go 1.10+) -v2.6.0 +## v2.6.0 - Make JSR 311 routing and path param processing consistent - Adding description to RouteBuilder.Reads() - Update example for Swagger12 and OpenAPI -2017-09-13 +## 2017-09-13 - added route condition functions using `.If(func)` in route building. -2017-02-16 +## 2017-02-16 - solved issue #304, make operation names unique -2017-01-30 +## 2017-01-30 [IMPORTANT] For swagger users, change your import statement to: swagger "github.com/emicklei/go-restful-swagger12" @@ -72,60 +102,60 @@ v2.6.0 - moved swagger 1.2 code to go-restful-swagger12 - created TAG 2.0.0 -2017-01-27 +## 2017-01-27 - remove defer request body close - expose Dispatch for testing filters and Routefunctions - swagger response model cannot be array - created TAG 1.0.0 -2016-12-22 +## 2016-12-22 - (API change) Remove code related to caching request content. Removes SetCacheReadEntity(doCache bool) -2016-11-26 +## 2016-11-26 - Default change! now use CurlyRouter (was RouterJSR311) - Default change! no more caching of request content - Default change! do not recover from panics -2016-09-22 +## 2016-09-22 - fix the DefaultRequestContentType feature -2016-02-14 +## 2016-02-14 - take the qualify factor of the Accept header mediatype into account when deciding the contentype of the response - add constructors for custom entity accessors for xml and json -2015-09-27 +## 2015-09-27 - rename new WriteStatusAnd... to WriteHeaderAnd... for consistency -2015-09-25 +## 2015-09-25 - fixed problem with changing Header after WriteHeader (issue 235) -2015-09-14 +## 2015-09-14 - changed behavior of WriteHeader (immediate write) and WriteEntity (no status write) - added support for custom EntityReaderWriters. -2015-08-06 +## 2015-08-06 - add support for reading entities from compressed request content - use sync.Pool for compressors of http response and request body - add Description to Parameter for documentation in Swagger UI -2015-03-20 +## 2015-03-20 - add configurable logging -2015-03-18 +## 2015-03-18 - if not specified, the Operation is derived from the Route function -2015-03-17 +## 2015-03-17 - expose Parameter creation functions - make trace logger an interface @@ -134,26 +164,26 @@ v2.6.0 - JSR311 router now handles wildcards - add Notes to Route -2014-11-27 +## 2014-11-27 - (api add) PrettyPrint per response. (as proposed in #167) -2014-11-12 +## 2014-11-12 - (api add) ApiVersion(.) for documentation in Swagger UI -2014-11-10 +## 2014-11-10 - (api change) struct fields tagged with "description" show up in Swagger UI -2014-10-31 +## 2014-10-31 - (api change) ReturnsError -> Returns - (api add) RouteBuilder.Do(aBuilder) for DRY use of RouteBuilder - fix swagger nested structs - sort Swagger response messages by code -2014-10-23 +## 2014-10-23 - (api add) ReturnsError allows you to document Http codes in swagger - fixed problem with greedy CurlyRouter @@ -167,73 +197,73 @@ v2.6.0 - (api add) added AllowedDomains in CORS - (api add) ParameterNamed for detailed documentation -2014-04-16 +## 2014-04-16 - (api add) expose constructor of Request for testing. -2014-06-27 +## 2014-06-27 - (api add) ParameterNamed gives access to a Parameter definition and its data (for further specification). - (api add) SetCacheReadEntity allow scontrol over whether or not the request body is being cached (default true for compatibility reasons). -2014-07-03 +## 2014-07-03 - (api add) CORS can be configured with a list of allowed domains -2014-03-12 +## 2014-03-12 - (api add) Route path parameters can use wildcard or regular expressions. (requires CurlyRouter) -2014-02-26 +## 2014-02-26 - (api add) Request now provides information about the matched Route, see method SelectedRoutePath -2014-02-17 +## 2014-02-17 - (api change) renamed parameter constants (go-lint checks) -2014-01-10 +## 2014-01-10 - (api add) support for CloseNotify, see http://golang.org/pkg/net/http/#CloseNotifier -2014-01-07 +## 2014-01-07 - (api change) Write* methods in Response now return the error or nil. - added example of serving HTML from a Go template. - fixed comparing Allowed headers in CORS (is now case-insensitive) -2013-11-13 +## 2013-11-13 - (api add) Response knows how many bytes are written to the response body. -2013-10-29 +## 2013-10-29 - (api add) RecoverHandler(handler RecoverHandleFunction) to change how panic recovery is handled. Default behavior is to log and return a stacktrace. This may be a security issue as it exposes sourcecode information. -2013-10-04 +## 2013-10-04 - (api add) Response knows what HTTP status has been written - (api add) Request can have attributes (map of string->interface, also called request-scoped variables -2013-09-12 +## 2013-09-12 - (api change) Router interface simplified - Implemented CurlyRouter, a Router that does not use|allow regular expressions in paths -2013-08-05 +## 2013-08-05 - add OPTIONS support - add CORS support -2013-08-27 +## 2013-08-27 - fixed some reported issues (see github) - (api change) deprecated use of WriteError; use WriteErrorString instead -2014-04-15 +## 2014-04-15 - (fix) v1.0.1 tag: fix Issue 111: WriteErrorString -2013-08-08 +## 2013-08-08 - (api add) Added implementation Container: a WebServices collection with its own http.ServeMux allowing multiple endpoints per program. Existing uses of go-restful will register their services to the DefaultContainer. - (api add) the swagger package has be extended to have a UI per container. @@ -246,38 +276,38 @@ Important API changes: - (api remove) package variable EnableContentEncoding no longer works ; use restful.DefaultContainer.EnableContentEncoding(true) instead. -2013-07-06 +## 2013-07-06 - (api add) Added support for response encoding (gzip and deflate(zlib)). This feature is disabled on default (for backwards compatibility). Use restful.EnableContentEncoding = true in your initialization to enable this feature. -2013-06-19 +## 2013-06-19 - (improve) DoNotRecover option, moved request body closer, improved ReadEntity -2013-06-03 +## 2013-06-03 - (api change) removed Dispatcher interface, hide PathExpression - changed receiver names of type functions to be more idiomatic Go -2013-06-02 +## 2013-06-02 - (optimize) Cache the RegExp compilation of Paths. -2013-05-22 +## 2013-05-22 - (api add) Added support for request/response filter functions -2013-05-18 +## 2013-05-18 - (api add) Added feature to change the default Http Request Dispatch function (travis cline) - (api change) Moved Swagger Webservice to swagger package (see example restful-user) -[2012-11-14 .. 2013-05-18> +## [2012-11-14 .. 2013-05-18> - See https://github.com/emicklei/go-restful/commits -2012-11-14 +## 2012-11-14 - Initial commit diff --git a/vendor/github.com/emicklei/go-restful/Makefile b/vendor/github.com/emicklei/go-restful/Makefile index b40081cc0e..3a824ac3df 100644 --- a/vendor/github.com/emicklei/go-restful/Makefile +++ b/vendor/github.com/emicklei/go-restful/Makefile @@ -1,7 +1,5 @@ all: test test: - go test -v . - -ex: - cd examples && ls *.go | xargs go build -o /tmp/ignore \ No newline at end of file + go vet . + go test -cover -v . \ No newline at end of file diff --git a/vendor/github.com/emicklei/go-restful/README.md b/vendor/github.com/emicklei/go-restful/README.md index 4fdbc27316..e5878a668d 100644 --- a/vendor/github.com/emicklei/go-restful/README.md +++ b/vendor/github.com/emicklei/go-restful/README.md @@ -4,9 +4,10 @@ package for building REST-style Web Services using Google Go [![Build Status](https://travis-ci.org/emicklei/go-restful.png)](https://travis-ci.org/emicklei/go-restful) [![Go Report Card](https://goreportcard.com/badge/github.com/emicklei/go-restful)](https://goreportcard.com/report/github.com/emicklei/go-restful) -[![GoDoc](https://godoc.org/github.com/emicklei/go-restful?status.svg)](https://godoc.org/github.com/emicklei/go-restful) +[![GoDoc](https://godoc.org/github.com/emicklei/go-restful?status.svg)](https://pkg.go.dev/github.com/emicklei/go-restful) +[![codecov](https://codecov.io/gh/emicklei/go-restful/branch/master/graph/badge.svg)](https://codecov.io/gh/emicklei/go-restful) -- [Code examples](https://github.com/emicklei/go-restful/tree/master/examples) +- [Code examples using v3](https://github.com/emicklei/go-restful/tree/master/examples) REST asks developers to use HTTP methods explicitly and in a way that's consistent with the protocol definition. This basic REST design principle establishes a one-to-one mapping between create, read, update, and delete (CRUD) operations and HTTP methods. According to this mapping: @@ -18,6 +19,28 @@ REST asks developers to use HTTP methods explicitly and in a way that's consiste - PATCH = Update partial content of a resource - OPTIONS = Get information about the communication options for the request URI +### Usage + +#### Using Go Modules + +As of version `v3.0.0` (on the v3 branch), this package supports Go modules. + +``` +import ( + restful "github.com/emicklei/go-restful/v3" +) +``` + +#### Without Go Modules + +All versions up to `v2.*.*` (on the master) are not supporting Go modules. + +``` +import ( + restful "github.com/emicklei/go-restful" +) +``` + ### Example ```Go @@ -38,12 +61,12 @@ func (u UserResource) findUser(request *restful.Request, response *restful.Respo ... } ``` - -[Full API of a UserResource](https://github.com/emicklei/go-restful/tree/master/examples/restful-user-resource.go) - + +[Full API of a UserResource](https://github.com/emicklei/go-restful/tree/master/examples/user-resource/restful-user-resource.go) + ### Features -- Routes for request → function mapping with path parameter (e.g. {id}) support +- Routes for request → function mapping with path parameter (e.g. {id} but also prefix_{var} and {var}_suffix) support - Configurable router: - (default) Fast routing algorithm that allows static elements, [google custom method](https://cloud.google.com/apis/design/custom_methods), regular expressions and dynamic parameters in the URL path (e.g. /resource/name:customVerb, /meetings/{id} or /static/{subpath:*}) - Routing algorithm after [JSR311](http://jsr311.java.net/nonav/releases/1.1/spec/spec.html) that is implemented using (but does **not** accept) regular expressions @@ -85,4 +108,4 @@ TODO: write examples of these. Type ```git shortlog -s``` for a full list of contributors. -© 2012 - 2018, http://ernestmicklei.com. MIT License. Contributions are welcome. +© 2012 - 2020, http://ernestmicklei.com. MIT License. Contributions are welcome. diff --git a/vendor/github.com/emicklei/go-restful/container.go b/vendor/github.com/emicklei/go-restful/container.go index 2638cb292b..afca312a4f 100644 --- a/vendor/github.com/emicklei/go-restful/container.go +++ b/vendor/github.com/emicklei/go-restful/container.go @@ -185,6 +185,11 @@ func logStackOnRecover(panicReason interface{}, httpWriter http.ResponseWriter) // when a ServiceError is returned during route selection. Default implementation // calls resp.WriteErrorString(err.Code, err.Message) func writeServiceError(err ServiceError, req *Request, resp *Response) { + for header, values := range err.Header { + for _, value := range values { + resp.Header().Add(header, value) + } + } resp.WriteErrorString(err.Code, err.Message) } @@ -201,6 +206,7 @@ func (c *Container) Dispatch(httpWriter http.ResponseWriter, httpRequest *http.R // Dispatch the incoming Http Request to a matching WebService. func (c *Container) dispatch(httpWriter http.ResponseWriter, httpRequest *http.Request) { + // so we can assign a compressing one later writer := httpWriter // CompressingResponseWriter should be closed after all operations are done @@ -231,28 +237,8 @@ func (c *Container) dispatch(httpWriter http.ResponseWriter, httpRequest *http.R c.webServices, httpRequest) }() - - // Detect if compression is needed - // assume without compression, test for override - contentEncodingEnabled := c.contentEncodingEnabled - if route != nil && route.contentEncodingEnabled != nil { - contentEncodingEnabled = *route.contentEncodingEnabled - } - if contentEncodingEnabled { - doCompress, encoding := wantsCompressedResponse(httpRequest) - if doCompress { - var err error - writer, err = NewCompressingResponseWriter(httpWriter, encoding) - if err != nil { - log.Print("unable to install compressor: ", err) - httpWriter.WriteHeader(http.StatusInternalServerError) - return - } - } - } - if err != nil { - // a non-200 response has already been written + // a non-200 response (may be compressed) has already been written // run container filters anyway ; they should not touch the response... chain := FilterChain{Filters: c.containerFilters, Target: func(req *Request, resp *Response) { switch err.(type) { @@ -265,6 +251,29 @@ func (c *Container) dispatch(httpWriter http.ResponseWriter, httpRequest *http.R chain.ProcessFilter(NewRequest(httpRequest), NewResponse(writer)) return } + + // Unless httpWriter is already an CompressingResponseWriter see if we need to install one + if _, isCompressing := httpWriter.(*CompressingResponseWriter); !isCompressing { + // Detect if compression is needed + // assume without compression, test for override + contentEncodingEnabled := c.contentEncodingEnabled + if route != nil && route.contentEncodingEnabled != nil { + contentEncodingEnabled = *route.contentEncodingEnabled + } + if contentEncodingEnabled { + doCompress, encoding := wantsCompressedResponse(httpRequest) + if doCompress { + var err error + writer, err = NewCompressingResponseWriter(httpWriter, encoding) + if err != nil { + log.Print("unable to install compressor: ", err) + httpWriter.WriteHeader(http.StatusInternalServerError) + return + } + } + } + } + pathProcessor, routerProcessesPath := c.router.(PathProcessor) if !routerProcessesPath { pathProcessor = defaultPathProcessor{} @@ -296,13 +305,75 @@ func fixedPrefixPath(pathspec string) string { } // ServeHTTP implements net/http.Handler therefore a Container can be a Handler in a http.Server -func (c *Container) ServeHTTP(httpwriter http.ResponseWriter, httpRequest *http.Request) { - c.ServeMux.ServeHTTP(httpwriter, httpRequest) +func (c *Container) ServeHTTP(httpWriter http.ResponseWriter, httpRequest *http.Request) { + // Skip, if content encoding is disabled + if !c.contentEncodingEnabled { + c.ServeMux.ServeHTTP(httpWriter, httpRequest) + return + } + // content encoding is enabled + + // Skip, if httpWriter is already an CompressingResponseWriter + if _, ok := httpWriter.(*CompressingResponseWriter); ok { + c.ServeMux.ServeHTTP(httpWriter, httpRequest) + return + } + + writer := httpWriter + // CompressingResponseWriter should be closed after all operations are done + defer func() { + if compressWriter, ok := writer.(*CompressingResponseWriter); ok { + compressWriter.Close() + } + }() + + doCompress, encoding := wantsCompressedResponse(httpRequest) + if doCompress { + var err error + writer, err = NewCompressingResponseWriter(httpWriter, encoding) + if err != nil { + log.Print("unable to install compressor: ", err) + httpWriter.WriteHeader(http.StatusInternalServerError) + return + } + } + + c.ServeMux.ServeHTTP(writer, httpRequest) } // Handle registers the handler for the given pattern. If a handler already exists for pattern, Handle panics. func (c *Container) Handle(pattern string, handler http.Handler) { - c.ServeMux.Handle(pattern, handler) + c.ServeMux.Handle(pattern, http.HandlerFunc(func(httpWriter http.ResponseWriter, httpRequest *http.Request) { + // Skip, if httpWriter is already an CompressingResponseWriter + if _, ok := httpWriter.(*CompressingResponseWriter); ok { + handler.ServeHTTP(httpWriter, httpRequest) + return + } + + writer := httpWriter + + // CompressingResponseWriter should be closed after all operations are done + defer func() { + if compressWriter, ok := writer.(*CompressingResponseWriter); ok { + compressWriter.Close() + } + }() + + if c.contentEncodingEnabled { + doCompress, encoding := wantsCompressedResponse(httpRequest) + if doCompress { + var err error + writer, err = NewCompressingResponseWriter(httpWriter, encoding) + if err != nil { + log.Print("unable to install compressor: ", err) + httpWriter.WriteHeader(http.StatusInternalServerError) + return + } + } + } + + handler.ServeHTTP(writer, httpRequest) + })) } // HandleWithFilter registers the handler for the given pattern. @@ -316,7 +387,7 @@ func (c *Container) HandleWithFilter(pattern string, handler http.Handler) { } chain := FilterChain{Filters: c.containerFilters, Target: func(req *Request, resp *Response) { - handler.ServeHTTP(httpResponse, httpRequest) + handler.ServeHTTP(resp, req.Request) }} chain.ProcessFilter(NewRequest(httpRequest), NewResponse(httpResponse)) } diff --git a/vendor/github.com/emicklei/go-restful/jsr311.go b/vendor/github.com/emicklei/go-restful/jsr311.go index 3ede1891ec..9cfd59a1ce 100644 --- a/vendor/github.com/emicklei/go-restful/jsr311.go +++ b/vendor/github.com/emicklei/go-restful/jsr311.go @@ -9,6 +9,7 @@ import ( "fmt" "net/http" "sort" + "strings" ) // RouterJSR311 implements the flow for matching Requests to Routes (and consequently Resource Functions) @@ -98,7 +99,18 @@ func (r RouterJSR311) detectRoute(routes []Route, httpRequest *http.Request) (*R if trace { traceLogger.Printf("no Route found (in %d routes) that matches HTTP method %s\n", len(previous), httpRequest.Method) } - return nil, NewError(http.StatusMethodNotAllowed, "405: Method Not Allowed") + allowed := []string{} + allowedLoop: + for _, candidate := range previous { + for _, method := range allowed { + if method == candidate.Method { + continue allowedLoop + } + } + allowed = append(allowed, candidate.Method) + } + header := http.Header{"Allow": []string{strings.Join(allowed, ", ")}} + return nil, NewErrorWithHeader(http.StatusMethodNotAllowed, "405: Method Not Allowed", header) } // content-type @@ -135,7 +147,14 @@ func (r RouterJSR311) detectRoute(routes []Route, httpRequest *http.Request) (*R if trace { traceLogger.Printf("no Route found (from %d) that matches HTTP Accept: %s\n", len(previous), accept) } - return nil, NewError(http.StatusNotAcceptable, "406: Not Acceptable") + available := []string{} + for _, candidate := range previous { + available = append(available, candidate.Produces...) + } + return nil, NewError( + http.StatusNotAcceptable, + fmt.Sprintf("406: Not Acceptable\n\nAvailable representations: %s", strings.Join(available, ", ")), + ) } // return r.bestMatchByMedia(outputMediaOk, contentType, accept), nil return candidates[0], nil diff --git a/vendor/github.com/emicklei/go-restful/path_processor.go b/vendor/github.com/emicklei/go-restful/path_processor.go index 0141b7f3d2..1415732450 100644 --- a/vendor/github.com/emicklei/go-restful/path_processor.go +++ b/vendor/github.com/emicklei/go-restful/path_processor.go @@ -34,7 +34,7 @@ func (d defaultPathProcessor) ExtractParameters(r *Route, _ *WebService, urlPath value = removeCustomVerb(value) } - if strings.HasPrefix(key, "{") { // path-parameter + if strings.Index(key, "{") > -1 { // path-parameter if colon := strings.Index(key, ":"); colon != -1 { // extract by regex regPart := key[colon+1 : len(key)-1] @@ -47,7 +47,13 @@ func (d defaultPathProcessor) ExtractParameters(r *Route, _ *WebService, urlPath } } else { // without enclosing {} - pathParameters[key[1:len(key)-1]] = value + startIndex := strings.Index(key, "{") + endKeyIndex := strings.Index(key, "}") + + suffixLength := len(key) - endKeyIndex - 1 + endValueIndex := len(value) - suffixLength + + pathParameters[key[startIndex+1:endKeyIndex]] = value[startIndex:endValueIndex] } } } diff --git a/vendor/github.com/emicklei/go-restful/response.go b/vendor/github.com/emicklei/go-restful/response.go index fbb48f2da8..e2f78f00f7 100644 --- a/vendor/github.com/emicklei/go-restful/response.go +++ b/vendor/github.com/emicklei/go-restful/response.go @@ -174,15 +174,16 @@ func (r *Response) WriteHeaderAndJson(status int, value interface{}, contentType return writeJSON(r, status, contentType, value) } -// WriteError write the http status and the error string on the response. err can be nil. -func (r *Response) WriteError(httpStatus int, err error) error { +// WriteError writes the http status and the error string on the response. err can be nil. +// Return an error if writing was not succesful. +func (r *Response) WriteError(httpStatus int, err error) (writeErr error) { r.err = err if err == nil { - r.WriteErrorString(httpStatus, "") + writeErr = r.WriteErrorString(httpStatus, "") } else { - r.WriteErrorString(httpStatus, err.Error()) + writeErr = r.WriteErrorString(httpStatus, err.Error()) } - return err + return writeErr } // WriteServiceError is a convenience method for a responding with a status and a ServiceError diff --git a/vendor/github.com/emicklei/go-restful/route.go b/vendor/github.com/emicklei/go-restful/route.go index fbac6ca14b..598aa57a76 100644 --- a/vendor/github.com/emicklei/go-restful/route.go +++ b/vendor/github.com/emicklei/go-restful/route.go @@ -52,6 +52,11 @@ type Route struct { // indicate route path has custom verb hasCustomVerb bool + + // if a request does not include a content-type header then + // depending on the method, it may return a 415 Unsupported Media + // Must have uppercase HTTP Method names such as GET,HEAD,OPTIONS,... + allowedMethodsWithoutContentType []string } // Initialize for Route @@ -114,8 +119,17 @@ func (r Route) matchesContentType(mimeTypes string) bool { if len(mimeTypes) == 0 { // idempotent methods with (most-likely or guaranteed) empty content match missing Content-Type m := r.Method - if m == "GET" || m == "HEAD" || m == "OPTIONS" || m == "DELETE" || m == "TRACE" { - return true + // if route specifies less or non-idempotent methods then use that + if len(r.allowedMethodsWithoutContentType) > 0 { + for _, each := range r.allowedMethodsWithoutContentType { + if m == each { + return true + } + } + } else { + if m == "GET" || m == "HEAD" || m == "OPTIONS" || m == "DELETE" || m == "TRACE" { + return true + } } // proceed with default mimeTypes = MIME_OCTET diff --git a/vendor/github.com/emicklei/go-restful/route_builder.go b/vendor/github.com/emicklei/go-restful/route_builder.go index 0fccf61e94..1d67a4c235 100644 --- a/vendor/github.com/emicklei/go-restful/route_builder.go +++ b/vendor/github.com/emicklei/go-restful/route_builder.go @@ -17,14 +17,15 @@ import ( // RouteBuilder is a helper to construct Routes. type RouteBuilder struct { - rootPath string - currentPath string - produces []string - consumes []string - httpMethod string // required - function RouteFunction // required - filters []FilterFunction - conditions []RouteSelectionConditionFunction + rootPath string + currentPath string + produces []string + consumes []string + httpMethod string // required + function RouteFunction // required + filters []FilterFunction + conditions []RouteSelectionConditionFunction + allowedMethodsWithoutContentType []string // see Route typeNameHandleFunc TypeNameHandleFunction // required @@ -176,6 +177,15 @@ func (b *RouteBuilder) Returns(code int, message string, model interface{}) *Rou return b } +// ReturnsWithHeaders is similar to Returns, but can specify response headers +func (b *RouteBuilder) ReturnsWithHeaders(code int, message string, model interface{}, headers map[string]Header) *RouteBuilder { + b.Returns(code, message, model) + err := b.errorMap[code] + err.Headers = headers + b.errorMap[code] = err + return b +} + // DefaultReturns is a special Returns call that sets the default of the response. func (b *RouteBuilder) DefaultReturns(message string, model interface{}) *RouteBuilder { b.defaultResponse = &ResponseError{ @@ -200,14 +210,41 @@ func (b *RouteBuilder) Deprecate() *RouteBuilder { return b } +// AllowedMethodsWithoutContentType overides the default list GET,HEAD,OPTIONS,DELETE,TRACE +// If a request does not include a content-type header then +// depending on the method, it may return a 415 Unsupported Media. +// Must have uppercase HTTP Method names such as GET,HEAD,OPTIONS,... +func (b *RouteBuilder) AllowedMethodsWithoutContentType(methods []string) *RouteBuilder { + b.allowedMethodsWithoutContentType = methods + return b +} + // ResponseError represents a response; not necessarily an error. type ResponseError struct { Code int Message string Model interface{} + Headers map[string]Header IsDefault bool } +// Header describes a header for a response of the API +// +// For more information: http://goo.gl/8us55a#headerObject +type Header struct { + *Items + Description string +} + +// Items describe swagger simple schemas for headers +type Items struct { + Type string + Format string + Items *Items + CollectionFormat string + Default interface{} +} + func (b *RouteBuilder) servicePath(path string) *RouteBuilder { b.rootPath = path return b @@ -276,26 +313,27 @@ func (b *RouteBuilder) Build() Route { operationName = nameOfFunction(b.function) } route := Route{ - Method: b.httpMethod, - Path: concatPath(b.rootPath, b.currentPath), - Produces: b.produces, - Consumes: b.consumes, - Function: b.function, - Filters: b.filters, - If: b.conditions, - relativePath: b.currentPath, - pathExpr: pathExpr, - Doc: b.doc, - Notes: b.notes, - Operation: operationName, - ParameterDocs: b.parameters, - ResponseErrors: b.errorMap, - DefaultResponse: b.defaultResponse, - ReadSample: b.readSample, - WriteSample: b.writeSample, - Metadata: b.metadata, - Deprecated: b.deprecated, - contentEncodingEnabled: b.contentEncodingEnabled, + Method: b.httpMethod, + Path: concatPath(b.rootPath, b.currentPath), + Produces: b.produces, + Consumes: b.consumes, + Function: b.function, + Filters: b.filters, + If: b.conditions, + relativePath: b.currentPath, + pathExpr: pathExpr, + Doc: b.doc, + Notes: b.notes, + Operation: operationName, + ParameterDocs: b.parameters, + ResponseErrors: b.errorMap, + DefaultResponse: b.defaultResponse, + ReadSample: b.readSample, + WriteSample: b.writeSample, + Metadata: b.metadata, + Deprecated: b.deprecated, + contentEncodingEnabled: b.contentEncodingEnabled, + allowedMethodsWithoutContentType: b.allowedMethodsWithoutContentType, } route.postBuild() return route diff --git a/vendor/github.com/emicklei/go-restful/service_error.go b/vendor/github.com/emicklei/go-restful/service_error.go index 62d1108bbd..a415754694 100644 --- a/vendor/github.com/emicklei/go-restful/service_error.go +++ b/vendor/github.com/emicklei/go-restful/service_error.go @@ -4,12 +4,16 @@ package restful // Use of this source code is governed by a license // that can be found in the LICENSE file. -import "fmt" +import ( + "fmt" + "net/http" +) // ServiceError is a transport object to pass information about a non-Http error occurred in a WebService while processing a request. type ServiceError struct { Code int Message string + Header http.Header } // NewError returns a ServiceError using the code and reason @@ -17,6 +21,11 @@ func NewError(code int, message string) ServiceError { return ServiceError{Code: code, Message: message} } +// NewErrorWithHeader returns a ServiceError using the code, reason and header +func NewErrorWithHeader(code int, message string, header http.Header) ServiceError { + return ServiceError{Code: code, Message: message, Header: header} +} + // Error returns a text representation of the service error func (s ServiceError) Error() string { return fmt.Sprintf("[ServiceError:%v] %v", s.Code, s.Message) diff --git a/vendor/github.com/emicklei/go-restful/web_service.go b/vendor/github.com/emicklei/go-restful/web_service.go index 4f90796744..2c164a2a2c 100644 --- a/vendor/github.com/emicklei/go-restful/web_service.go +++ b/vendor/github.com/emicklei/go-restful/web_service.go @@ -288,3 +288,8 @@ func (w *WebService) PATCH(subPath string) *RouteBuilder { func (w *WebService) DELETE(subPath string) *RouteBuilder { return new(RouteBuilder).typeNameHandler(w.typeNameHandleFunc).servicePath(w.rootPath).Method("DELETE").Path(subPath) } + +// OPTIONS is a shortcut for .Method("OPTIONS").Path(subPath) +func (w *WebService) OPTIONS(subPath string) *RouteBuilder { + return new(RouteBuilder).typeNameHandler(w.typeNameHandleFunc).servicePath(w.rootPath).Method("OPTIONS").Path(subPath) +} diff --git a/vendor/github.com/go-logr/logr/README.md b/vendor/github.com/go-logr/logr/README.md index ad825f5f0a..ab59311813 100644 --- a/vendor/github.com/go-logr/logr/README.md +++ b/vendor/github.com/go-logr/logr/README.md @@ -105,14 +105,18 @@ with higher verbosity means more (and less important) logs will be generated. There are implementations for the following logging libraries: - **a function** (can bridge to non-structured libraries): [funcr](https://github.com/go-logr/logr/tree/master/funcr) +- **a testing.T** (for use in Go tests, with JSON-like output): [testr](https://github.com/go-logr/logr/tree/master/testr) - **github.com/google/glog**: [glogr](https://github.com/go-logr/glogr) - **k8s.io/klog** (for Kubernetes): [klogr](https://git.k8s.io/klog/klogr) +- **a testing.T** (with klog-like text output): [ktesting](https://git.k8s.io/klog/ktesting) - **go.uber.org/zap**: [zapr](https://github.com/go-logr/zapr) - **log** (the Go standard library logger): [stdr](https://github.com/go-logr/stdr) - **github.com/sirupsen/logrus**: [logrusr](https://github.com/bombsimon/logrusr) - **github.com/wojas/genericr**: [genericr](https://github.com/wojas/genericr) (makes it easy to implement your own backend) - **logfmt** (Heroku style [logging](https://www.brandur.org/logfmt)): [logfmtr](https://github.com/iand/logfmtr) - **github.com/rs/zerolog**: [zerologr](https://github.com/go-logr/zerologr) +- **github.com/go-kit/log**: [gokitlogr](https://github.com/tonglil/gokitlogr) (also compatible with github.com/go-kit/kit/log since v0.12.0) +- **bytes.Buffer** (writing to a buffer): [bufrlogr](https://github.com/tonglil/buflogr) (useful for ensuring values were logged, like during testing) ## FAQ diff --git a/vendor/github.com/go-logr/logr/logr.go b/vendor/github.com/go-logr/logr/logr.go index c05482a203..c3b56b3d2c 100644 --- a/vendor/github.com/go-logr/logr/logr.go +++ b/vendor/github.com/go-logr/logr/logr.go @@ -115,6 +115,15 @@ limitations under the License. // may be any Go value, but how the value is formatted is determined by the // LogSink implementation. // +// Logger instances are meant to be passed around by value. Code that receives +// such a value can call its methods without having to check whether the +// instance is ready for use. +// +// Calling methods with the null logger (Logger{}) as instance will crash +// because it has no LogSink. Therefore this null logger should never be passed +// around. For cases where passing a logger is optional, a pointer to Logger +// should be used. +// // Key Naming Conventions // // Keys are not strictly required to conform to any specification or regex, but diff --git a/vendor/kubevirt.io/api/core/v1/componentconfig.go b/vendor/kubevirt.io/api/core/v1/componentconfig.go index 52d7be9425..4d26dbd2f3 100644 --- a/vendor/kubevirt.io/api/core/v1/componentconfig.go +++ b/vendor/kubevirt.io/api/core/v1/componentconfig.go @@ -42,6 +42,7 @@ type ComponentConfig struct { NodePlacement *NodePlacement `json:"nodePlacement,omitempty"` // replicas indicates how many replicas should be created for each KubeVirt infrastructure // component (like virt-api or virt-controller). Defaults to 2. + // WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! //+optional Replicas *uint8 `json:"replicas,omitempty"` } diff --git a/vendor/kubevirt.io/api/core/v1/deepcopy_generated.go b/vendor/kubevirt.io/api/core/v1/deepcopy_generated.go index 7da3beaa20..b6a50d1598 100644 --- a/vendor/kubevirt.io/api/core/v1/deepcopy_generated.go +++ b/vendor/kubevirt.io/api/core/v1/deepcopy_generated.go @@ -1,7 +1,8 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated /* -Copyright 2022 The KubeVirt Authors. +Copyright 2023 The KubeVirt Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -25,7 +26,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" types "k8s.io/apimachinery/pkg/types" - v1beta1 "kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1" ) @@ -573,6 +573,27 @@ func (in *CustomBlockSize) DeepCopy() *CustomBlockSize { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomProfile) DeepCopyInto(out *CustomProfile) { + *out = *in + if in.LocalhostProfile != nil { + in, out := &in.LocalhostProfile, &out.LocalhostProfile + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomProfile. +func (in *CustomProfile) DeepCopy() *CustomProfile { + if in == nil { + return nil + } + out := new(CustomProfile) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomizeComponents) DeepCopyInto(out *CustomizeComponents) { *out = *in @@ -808,6 +829,16 @@ func (in *Devices) DeepCopyInto(out *Devices) { *out = new(bool) **out = **in } + if in.AutoattachInputDevice != nil { + in, out := &in.AutoattachInputDevice, &out.AutoattachInputDevice + *out = new(bool) + **out = **in + } + if in.AutoattachVSOCK != nil { + in, out := &in.AutoattachVSOCK, &out.AutoattachVSOCK + *out = new(bool) + **out = **in + } if in.Rng != nil { in, out := &in.Rng, &out.Rng *out = new(Rng) @@ -852,6 +883,11 @@ func (in *Devices) DeepCopyInto(out *Devices) { *out = new(SoundDevice) **out = **in } + if in.TPM != nil { + in, out := &in.TPM, &out.TPM + *out = new(TPMDevice) + **out = **in + } return } @@ -884,6 +920,11 @@ func (in *Disk) DeepCopyInto(out *Disk) { *out = new(BlockSize) (*in).DeepCopyInto(*out) } + if in.Shareable != nil { + in, out := &in.Shareable, &out.Shareable + *out = new(bool) + **out = **in + } return } @@ -910,11 +951,6 @@ func (in *DiskDevice) DeepCopyInto(out *DiskDevice) { *out = new(LunTarget) **out = **in } - if in.Floppy != nil { - in, out := &in.Floppy, &out.Floppy - *out = new(FloppyTarget) - **out = **in - } if in.CDRom != nil { in, out := &in.CDRom, &out.CDRom *out = new(CDRomTarget) @@ -970,6 +1006,30 @@ func (in *DiskVerification) DeepCopy() *DiskVerification { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DomainMemoryDumpInfo) DeepCopyInto(out *DomainMemoryDumpInfo) { + *out = *in + if in.StartTimestamp != nil { + in, out := &in.StartTimestamp, &out.StartTimestamp + *out = (*in).DeepCopy() + } + if in.EndTimestamp != nil { + in, out := &in.EndTimestamp, &out.EndTimestamp + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainMemoryDumpInfo. +func (in *DomainMemoryDumpInfo) DeepCopy() *DomainMemoryDumpInfo { + if in == nil { + return nil + } + out := new(DomainMemoryDumpInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DomainSpec) DeepCopyInto(out *DomainSpec) { *out = *in @@ -1464,38 +1524,6 @@ func (in *Flags) DeepCopy() *Flags { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlavorMatcher) DeepCopyInto(out *FlavorMatcher) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlavorMatcher. -func (in *FlavorMatcher) DeepCopy() *FlavorMatcher { - if in == nil { - return nil - } - out := new(FlavorMatcher) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FloppyTarget) DeepCopyInto(out *FloppyTarget) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FloppyTarget. -func (in *FloppyTarget) DeepCopy() *FloppyTarget { - if in == nil { - return nil - } - out := new(FloppyTarget) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FreezeUnfreezeTimeout) DeepCopyInto(out *FreezeUnfreezeTimeout) { *out = *in @@ -1792,6 +1820,22 @@ func (in *Input) DeepCopy() *Input { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstancetypeMatcher) DeepCopyInto(out *InstancetypeMatcher) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstancetypeMatcher. +func (in *InstancetypeMatcher) DeepCopy() *InstancetypeMatcher { + if in == nil { + return nil + } + out := new(InstancetypeMatcher) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Interface) DeepCopyInto(out *Interface) { *out = *in @@ -1852,6 +1896,11 @@ func (in *InterfaceBindingMethod) DeepCopyInto(out *InterfaceBindingMethod) { *out = new(InterfaceMacvtap) **out = **in } + if in.Passt != nil { + in, out := &in.Passt, &out.Passt + *out = new(InterfacePasst) + **out = **in + } return } @@ -1913,6 +1962,22 @@ func (in *InterfaceMasquerade) DeepCopy() *InterfaceMasquerade { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InterfacePasst) DeepCopyInto(out *InterfacePasst) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InterfacePasst. +func (in *InterfacePasst) DeepCopy() *InterfacePasst { + if in == nil { + return nil + } + out := new(InterfacePasst) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InterfaceSRIOV) DeepCopyInto(out *InterfaceSRIOV) { *out = *in @@ -2103,6 +2168,16 @@ func (in *KubeVirtConfiguration) DeepCopyInto(out *KubeVirtConfiguration) { *out = new(SMBiosConfiguration) **out = **in } + if in.EvictionStrategy != nil { + in, out := &in.EvictionStrategy, &out.EvictionStrategy + *out = new(EvictionStrategy) + **out = **in + } + if in.AdditionalGuestMemoryOverheadRatio != nil { + in, out := &in.AdditionalGuestMemoryOverheadRatio, &out.AdditionalGuestMemoryOverheadRatio + *out = new(string) + **out = **in + } if in.SupportedGuestAgentVersions != nil { in, out := &in.SupportedGuestAgentVersions, &out.SupportedGuestAgentVersions *out = make([]string, len(*in)) @@ -2155,6 +2230,16 @@ func (in *KubeVirtConfiguration) DeepCopyInto(out *KubeVirtConfiguration) { *out = new(ReloadableComponentConfiguration) (*in).DeepCopyInto(*out) } + if in.TLSConfiguration != nil { + in, out := &in.TLSConfiguration, &out.TLSConfiguration + *out = new(TLSConfiguration) + (*in).DeepCopyInto(*out) + } + if in.SeccompConfiguration != nil { + in, out := &in.SeccompConfiguration, &out.SeccompConfiguration + *out = new(SeccompConfiguration) + (*in).DeepCopyInto(*out) + } return } @@ -2245,6 +2330,11 @@ func (in *KubeVirtSelfSignConfiguration) DeepCopy() *KubeVirtSelfSignConfigurati // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubeVirtSpec) DeepCopyInto(out *KubeVirtSpec) { *out = *in + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]corev1.LocalObjectReference, len(*in)) + copy(*out, *in) + } in.WorkloadUpdateStrategy.DeepCopyInto(&out.WorkloadUpdateStrategy) in.CertificateRotationStrategy.DeepCopyInto(&out.CertificateRotationStrategy) in.Configuration.DeepCopyInto(&out.Configuration) @@ -2287,6 +2377,11 @@ func (in *KubeVirtStatus) DeepCopyInto(out *KubeVirtStatus) { *out = new(int) **out = **in } + if in.ObservedGeneration != nil { + in, out := &in.ObservedGeneration, &out.ObservedGeneration + *out = new(int64) + **out = **in + } if in.Generations != nil { in, out := &in.Generations, &out.Generations *out = make([]GenerationStatus, len(*in)) @@ -2420,6 +2515,11 @@ func (in *MediatedDevicesConfiguration) DeepCopyInto(out *MediatedDevicesConfigu *out = make([]string, len(*in)) copy(*out, *in) } + if in.MediatedDeviceTypes != nil { + in, out := &in.MediatedDeviceTypes, &out.MediatedDeviceTypes + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.NodeMediatedDeviceTypes != nil { in, out := &in.NodeMediatedDeviceTypes, &out.NodeMediatedDeviceTypes *out = make([]NodeMediatedDeviceTypesConfig, len(*in)) @@ -2482,6 +2582,23 @@ func (in *Memory) DeepCopy() *Memory { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MemoryDumpVolumeSource) DeepCopyInto(out *MemoryDumpVolumeSource) { + *out = *in + out.PersistentVolumeClaimVolumeSource = in.PersistentVolumeClaimVolumeSource + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MemoryDumpVolumeSource. +func (in *MemoryDumpVolumeSource) DeepCopy() *MemoryDumpVolumeSource { + if in == nil { + return nil + } + out := new(MemoryDumpVolumeSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MigrateOptions) DeepCopyInto(out *MigrateOptions) { *out = *in @@ -2712,6 +2829,11 @@ func (in *NodeMediatedDeviceTypesConfig) DeepCopyInto(out *NodeMediatedDeviceTyp *out = make([]string, len(*in)) copy(*out, *in) } + if in.MediatedDeviceTypes != nil { + in, out := &in.MediatedDeviceTypes, &out.MediatedDeviceTypes + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -2865,6 +2987,13 @@ func (in *PersistentVolumeClaimInfo) DeepCopyInto(out *PersistentVolumeClaimInfo (*out)[key] = val.DeepCopy() } } + if in.Requests != nil { + in, out := &in.Requests, &out.Requests + *out = make(corev1.ResourceList, len(*in)) + for key, val := range *in { + (*out)[key] = val.DeepCopy() + } + } if in.FilesystemOverhead != nil { in, out := &in.FilesystemOverhead, &out.FilesystemOverhead *out = new(v1beta1.Percent) @@ -2932,6 +3061,22 @@ func (in *Port) DeepCopy() *Port { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreferenceMatcher) DeepCopyInto(out *PreferenceMatcher) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreferenceMatcher. +func (in *PreferenceMatcher) DeepCopy() *PreferenceMatcher { + if in == nil { + return nil + } + out := new(PreferenceMatcher) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Probe) DeepCopyInto(out *Probe) { *out = *in @@ -3308,6 +3453,43 @@ func (in *SSHPublicKeyAccessCredentialSource) DeepCopy() *SSHPublicKeyAccessCred return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScreenshotOptions) DeepCopyInto(out *ScreenshotOptions) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScreenshotOptions. +func (in *ScreenshotOptions) DeepCopy() *ScreenshotOptions { + if in == nil { + return nil + } + out := new(ScreenshotOptions) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SeccompConfiguration) DeepCopyInto(out *SeccompConfiguration) { + *out = *in + if in.VirtualMachineInstanceProfile != nil { + in, out := &in.VirtualMachineInstanceProfile, &out.VirtualMachineInstanceProfile + *out = new(VirtualMachineInstanceProfile) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SeccompConfiguration. +func (in *SeccompConfiguration) DeepCopy() *SeccompConfiguration { + if in == nil { + return nil + } + out := new(SeccompConfiguration) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretVolumeSource) DeepCopyInto(out *SecretVolumeSource) { *out = *in @@ -3462,6 +3644,43 @@ func (in *SysprepSource) DeepCopy() *SysprepSource { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSConfiguration) DeepCopyInto(out *TLSConfiguration) { + *out = *in + if in.Ciphers != nil { + in, out := &in.Ciphers, &out.Ciphers + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfiguration. +func (in *TLSConfiguration) DeepCopy() *TLSConfiguration { + if in == nil { + return nil + } + out := new(TLSConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TPMDevice) DeepCopyInto(out *TPMDevice) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TPMDevice. +func (in *TPMDevice) DeepCopy() *TPMDevice { + if in == nil { + return nil + } + out := new(TPMDevice) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Timer) DeepCopyInto(out *Timer) { *out = *in @@ -3685,6 +3904,27 @@ func (in *VMISelector) DeepCopy() *VMISelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSOCKOptions) DeepCopyInto(out *VSOCKOptions) { + *out = *in + if in.UseTLS != nil { + in, out := &in.UseTLS, &out.UseTLS + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSOCKOptions. +func (in *VSOCKOptions) DeepCopy() *VSOCKOptions { + if in == nil { + return nil + } + out := new(VSOCKOptions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VirtualMachine) DeepCopyInto(out *VirtualMachine) { *out = *in @@ -4057,6 +4297,23 @@ func (in *VirtualMachineInstanceMigrationList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VirtualMachineInstanceMigrationPhaseTransitionTimestamp) DeepCopyInto(out *VirtualMachineInstanceMigrationPhaseTransitionTimestamp) { + *out = *in + in.PhaseTransitionTimestamp.DeepCopyInto(&out.PhaseTransitionTimestamp) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualMachineInstanceMigrationPhaseTransitionTimestamp. +func (in *VirtualMachineInstanceMigrationPhaseTransitionTimestamp) DeepCopy() *VirtualMachineInstanceMigrationPhaseTransitionTimestamp { + if in == nil { + return nil + } + out := new(VirtualMachineInstanceMigrationPhaseTransitionTimestamp) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VirtualMachineInstanceMigrationSpec) DeepCopyInto(out *VirtualMachineInstanceMigrationSpec) { *out = *in @@ -4101,6 +4358,11 @@ func (in *VirtualMachineInstanceMigrationState) DeepCopyInto(out *VirtualMachine *out = new(MigrationConfiguration) (*in).DeepCopyInto(*out) } + if in.TargetCPUSet != nil { + in, out := &in.TargetCPUSet, &out.TargetCPUSet + *out = make([]int, len(*in)) + copy(*out, *in) + } return } @@ -4124,6 +4386,18 @@ func (in *VirtualMachineInstanceMigrationStatus) DeepCopyInto(out *VirtualMachin (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PhaseTransitionTimestamps != nil { + in, out := &in.PhaseTransitionTimestamps, &out.PhaseTransitionTimestamps + *out = make([]VirtualMachineInstanceMigrationPhaseTransitionTimestamp, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.MigrationState != nil { + in, out := &in.MigrationState, &out.MigrationState + *out = new(VirtualMachineInstanceMigrationState) + (*in).DeepCopyInto(*out) + } return } @@ -4257,6 +4531,27 @@ func (in *VirtualMachineInstancePresetSpec) DeepCopy() *VirtualMachineInstancePr return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VirtualMachineInstanceProfile) DeepCopyInto(out *VirtualMachineInstanceProfile) { + *out = *in + if in.CustomProfile != nil { + in, out := &in.CustomProfile, &out.CustomProfile + *out = new(CustomProfile) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualMachineInstanceProfile. +func (in *VirtualMachineInstanceProfile) DeepCopy() *VirtualMachineInstanceProfile { + if in == nil { + return nil + } + out := new(VirtualMachineInstanceProfile) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VirtualMachineInstanceReplicaSet) DeepCopyInto(out *VirtualMachineInstanceReplicaSet) { *out = *in @@ -4413,6 +4708,13 @@ func (in *VirtualMachineInstanceSpec) DeepCopyInto(out *VirtualMachineInstanceSp (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]corev1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.EvictionStrategy != nil { in, out := &in.EvictionStrategy, &out.EvictionStrategy *out = new(EvictionStrategy) @@ -4531,6 +4833,11 @@ func (in *VirtualMachineInstanceStatus) DeepCopyInto(out *VirtualMachineInstance *out = new(TopologyHints) (*in).DeepCopyInto(*out) } + if in.VSOCKCID != nil { + in, out := &in.VSOCKCID, &out.VSOCKCID + *out = new(uint32) + **out = **in + } return } @@ -4595,6 +4902,35 @@ func (in *VirtualMachineList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VirtualMachineMemoryDumpRequest) DeepCopyInto(out *VirtualMachineMemoryDumpRequest) { + *out = *in + if in.StartTimestamp != nil { + in, out := &in.StartTimestamp, &out.StartTimestamp + *out = (*in).DeepCopy() + } + if in.EndTimestamp != nil { + in, out := &in.EndTimestamp, &out.EndTimestamp + *out = (*in).DeepCopy() + } + if in.FileName != nil { + in, out := &in.FileName, &out.FileName + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualMachineMemoryDumpRequest. +func (in *VirtualMachineMemoryDumpRequest) DeepCopy() *VirtualMachineMemoryDumpRequest { + if in == nil { + return nil + } + out := new(VirtualMachineMemoryDumpRequest) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VirtualMachineSpec) DeepCopyInto(out *VirtualMachineSpec) { *out = *in @@ -4608,9 +4944,14 @@ func (in *VirtualMachineSpec) DeepCopyInto(out *VirtualMachineSpec) { *out = new(VirtualMachineRunStrategy) **out = **in } - if in.Flavor != nil { - in, out := &in.Flavor, &out.Flavor - *out = new(FlavorMatcher) + if in.Instancetype != nil { + in, out := &in.Instancetype, &out.Instancetype + *out = new(InstancetypeMatcher) + **out = **in + } + if in.Preference != nil { + in, out := &in.Preference, &out.Preference + *out = new(PreferenceMatcher) **out = **in } if in.Template != nil { @@ -4730,6 +5071,11 @@ func (in *VirtualMachineStatus) DeepCopyInto(out *VirtualMachineStatus) { *out = new(VirtualMachineStartFailure) (*in).DeepCopyInto(*out) } + if in.MemoryDumpRequest != nil { + in, out := &in.MemoryDumpRequest, &out.MemoryDumpRequest + *out = new(VirtualMachineMemoryDumpRequest) + (*in).DeepCopyInto(*out) + } return } @@ -4875,6 +5221,11 @@ func (in *VolumeSource) DeepCopyInto(out *VolumeSource) { *out = new(DownwardMetricsVolumeSource) **out = **in } + if in.MemoryDump != nil { + in, out := &in.MemoryDump, &out.MemoryDump + *out = new(MemoryDumpVolumeSource) + **out = **in + } return } @@ -4901,6 +5252,11 @@ func (in *VolumeStatus) DeepCopyInto(out *VolumeStatus) { *out = new(HotplugVolumeStatus) **out = **in } + if in.MemoryDumpVolume != nil { + in, out := &in.MemoryDumpVolume, &out.MemoryDumpVolume + *out = new(DomainMemoryDumpInfo) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/kubevirt.io/api/core/v1/defaults.go b/vendor/kubevirt.io/api/core/v1/defaults.go index 5255346718..c87451c617 100644 --- a/vendor/kubevirt.io/api/core/v1/defaults.go +++ b/vendor/kubevirt.io/api/core/v1/defaults.go @@ -69,7 +69,6 @@ func SetDefaults_FeatureVendorID(obj *FeatureVendorID) { func SetDefaults_DiskDevice(obj *DiskDevice) { if obj.Disk == nil && obj.CDRom == nil && - obj.Floppy == nil && obj.LUN == nil { obj.Disk = &DiskTarget{} } @@ -90,12 +89,6 @@ func SetDefaults_CDRomTarget(obj *CDRomTarget) { } } -func SetDefaults_FloppyTarget(obj *FloppyTarget) { - if obj.Tray == "" { - obj.Tray = TrayStateClosed - } -} - func SetDefaults_FeatureSpinlocks(obj *FeatureSpinlocks) { if obj.Enabled == nil { obj.Enabled = _true @@ -127,29 +120,28 @@ func SetDefaults_VirtualMachineInstance(obj *VirtualMachineInstance) { } setDefaults_Disk(obj) + setDefaults_Input(obj) SetDefaults_Probe(obj.Spec.ReadinessProbe) SetDefaults_Probe(obj.Spec.LivenessProbe) } func setDefaults_Disk(obj *VirtualMachineInstance) { - // Setting SATA as the default bus since it is typically supported out of the box by - // guest operating systems (we support only q35 and therefore IDE is not supported) - // TODO: consider making this OS-specific (VIRTIO for linux, SATA for others) - bus := "sata" - for i := range obj.Spec.Domain.Devices.Disks { disk := &obj.Spec.Domain.Devices.Disks[i].DiskDevice - SetDefaults_DiskDevice(disk) + } +} - if disk.Disk != nil && disk.Disk.Bus == "" { - disk.Disk.Bus = bus - } - if disk.CDRom != nil && disk.CDRom.Bus == "" { - disk.CDRom.Bus = bus +func setDefaults_Input(obj *VirtualMachineInstance) { + for i := range obj.Spec.Domain.Devices.Inputs { + input := &obj.Spec.Domain.Devices.Inputs[i] + + if input.Bus == "" { + input.Bus = InputBusUSB } - if disk.LUN != nil && disk.LUN.Bus == "" { - disk.LUN.Bus = bus + + if input.Type == "" { + input.Type = InputTypeTablet } } } diff --git a/vendor/kubevirt.io/api/core/v1/sanitizers.go b/vendor/kubevirt.io/api/core/v1/sanitizers.go new file mode 100644 index 0000000000..5df10477e8 --- /dev/null +++ b/vendor/kubevirt.io/api/core/v1/sanitizers.go @@ -0,0 +1,45 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package v1 + +import ( + "fmt" + + netutils "k8s.io/utils/net" +) + +func sanitizeIP(address string) (string, error) { + sanitizedAddress := netutils.ParseIPSloppy(address) + if sanitizedAddress == nil { + return "", fmt.Errorf("not a valid IP address") + } + + return sanitizedAddress.String(), nil +} + +func sanitizeCIDR(cidr string) (string, error) { + ip, net, err := netutils.ParseCIDRSloppy(cidr) + if err != nil { + return "", err + } + + netMaskSize, _ := net.Mask.Size() + return fmt.Sprintf("%s/%d", ip.String(), netMaskSize), nil +} diff --git a/vendor/kubevirt.io/api/core/v1/schema.go b/vendor/kubevirt.io/api/core/v1/schema.go index b501022a41..73e63a29cb 100644 --- a/vendor/kubevirt.io/api/core/v1/schema.go +++ b/vendor/kubevirt.io/api/core/v1/schema.go @@ -20,6 +20,8 @@ package v1 import ( + "encoding/json" + v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/types" @@ -35,6 +37,8 @@ const ( DefaultCPUModel = CPUModeHostModel ) +const HotplugDiskDir = "/var/run/kubevirt/hotplug-disks/" + /* ATTENTION: Rerun code generators when comments on structs or fields are modified. */ @@ -402,7 +406,7 @@ type Devices struct { UseVirtioTransitional *bool `json:"useVirtioTransitional,omitempty"` // DisableHotplug disabled the ability to hotplug disks. DisableHotplug bool `json:"disableHotplug,omitempty"` - // Disks describes disks, cdroms, floppy and luns which are connected to the vmi. + // Disks describes disks, cdroms and luns which are connected to the vmi. Disks []Disk `json:"disks,omitempty"` // Watchdog describes a watchdog device which can be added to the vmi. Watchdog *Watchdog `json:"watchdog,omitempty"` @@ -423,6 +427,13 @@ type Devices struct { // Defaults to true. // +optional AutoattachMemBalloon *bool `json:"autoattachMemBalloon,omitempty"` + // Whether to attach an Input Device. + // Defaults to false. + // +optional + AutoattachInputDevice *bool `json:"autoattachInputDevice,omitempty"` + // Whether to attach the VSOCK CID to the VM or not. + // VSOCK access will be available if set to true. Defaults to false. + AutoattachVSOCK *bool `json:"autoattachVSOCK,omitempty"` // Whether to have random number generator from host // +optional Rng *Rng `json:"rng,omitempty"` @@ -451,6 +462,9 @@ type Devices struct { // Whether to emulate a sound device. // +optional Sound *SoundDevice `json:"sound,omitempty"` + // Whether to emulate a TPM device. + // +optional + TPM *TPMDevice `json:"tpm,omitempty"` } // Represent a subset of client devices that can be accessed by VMI. At the @@ -479,13 +493,29 @@ type SoundDevice struct { Model string `json:"model,omitempty"` } +type TPMDevice struct{} + +type InputBus string + +const ( + InputBusUSB InputBus = "usb" + InputBusVirtio InputBus = "virtio" +) + +type InputType string + +const ( + InputTypeTablet InputType = "tablet" + InputTypeKeyboard InputType = "keyboard" +) + type Input struct { // Bus indicates the bus of input device to emulate. // Supported values: virtio, usb. - Bus string `json:"bus,omitempty"` + Bus InputBus `json:"bus,omitempty"` // Type indicated the type of input device. // Supported values: tablet. - Type string `json:"type"` + Type InputType `json:"type"` // Name is the device name Name string `json:"name"` } @@ -504,6 +534,9 @@ type GPU struct { Name string `json:"name"` DeviceName string `json:"deviceName"` VirtualGPUOptions *VGPUOptions `json:"virtualGPUOptions,omitempty"` + // If specified, the virtual network interface address and its tag will be provided to the guest via config drive + // +optional + Tag string `json:"tag,omitempty"` } type VGPUOptions struct { @@ -525,6 +558,9 @@ type HostDevice struct { Name string `json:"name"` // DeviceName is the resource name of the host device exposed by a device plugin DeviceName string `json:"deviceName"` + // If specified, the virtual network interface address and its tag will be provided to the guest via config drive + // +optional + Tag string `json:"tag,omitempty"` } type Disk struct { @@ -561,6 +597,9 @@ type Disk struct { // If specified, the virtual disk will be presented with the given block sizes. // +optional BlockSize *BlockSize `json:"blockSize,omitempty"` + // If specified the disk is made sharable and multiple write from different VMs are permitted + // +optional + Shareable *bool `json:"shareable,omitempty"` } // CustomBlockSize represents the desired logical and physical block size for a VM disk. @@ -583,16 +622,23 @@ type DiskDevice struct { Disk *DiskTarget `json:"disk,omitempty"` // Attach a volume as a LUN to the vmi. LUN *LunTarget `json:"lun,omitempty"` - // Attach a volume as a floppy to the vmi. - Floppy *FloppyTarget `json:"floppy,omitempty"` // Attach a volume as a cdrom to the vmi. CDRom *CDRomTarget `json:"cdrom,omitempty"` } +type DiskBus string + +const ( + DiskBusSCSI DiskBus = "scsi" + DiskBusSATA DiskBus = "sata" + DiskBusVirtio DiskBus = VirtIO + DiskBusUSB DiskBus = "usb" +) + type DiskTarget struct { // Bus indicates the type of disk device to emulate. - // supported values: virtio, sata, scsi. - Bus string `json:"bus,omitempty"` + // supported values: virtio, sata, scsi, usb. + Bus DiskBus `json:"bus,omitempty"` // ReadOnly. // Defaults to false. ReadOnly bool `json:"readonly,omitempty"` @@ -612,37 +658,26 @@ type SEV struct { type LunTarget struct { // Bus indicates the type of disk device to emulate. // supported values: virtio, sata, scsi. - Bus string `json:"bus,omitempty"` + Bus DiskBus `json:"bus,omitempty"` // ReadOnly. // Defaults to false. ReadOnly bool `json:"readonly,omitempty"` } -type FloppyTarget struct { - // ReadOnly. - // Defaults to false. - ReadOnly bool `json:"readonly,omitempty"` - // Tray indicates if the tray of the device is open or closed. - // Allowed values are "open" and "closed". - // Defaults to closed. - // +optional - Tray TrayState `json:"tray,omitempty"` -} - -// TrayState indicates if a tray of a cdrom or floppy is open or closed. +// TrayState indicates if a tray of a cdrom is open or closed. type TrayState string const ( - // TrayStateOpen indicates that the tray of a cdrom or floppy is open. + // TrayStateOpen indicates that the tray of a cdrom is open. TrayStateOpen TrayState = "open" - // TrayStateClosed indicates that the tray of a cdrom or floppy is closed. + // TrayStateClosed indicates that the tray of a cdrom is closed. TrayStateClosed TrayState = "closed" ) type CDRomTarget struct { // Bus indicates the type of disk device to emulate. // supported values: virtio, sata, scsi. - Bus string `json:"bus,omitempty"` + Bus DiskBus `json:"bus,omitempty"` // ReadOnly. // Defaults to true. ReadOnly *bool `json:"readonly,omitempty"` @@ -722,6 +757,8 @@ type VolumeSource struct { // DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest // metrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics. DownwardMetrics *DownwardMetricsVolumeSource `json:"downwardMetrics,omitempty"` + // MemoryDump is attached to the virt launcher and is populated with a memory dump of the vmi + MemoryDump *MemoryDumpVolumeSource `json:"memoryDump,omitempty"` } // HotplugVolumeSource Represents the source of a volume to mount which are capable @@ -740,7 +777,8 @@ type HotplugVolumeSource struct { } type DataVolumeSource struct { - // Name represents the name of the DataVolume in the same namespace + // Name of both the DataVolume and the PVC in the same namespace. + // After PVC population the DataVolume is garbage collected by default. Name string `json:"name"` // Hotpluggable indicates whether the volume can be hotplugged and hotunplugged. // +optional @@ -757,6 +795,13 @@ type PersistentVolumeClaimVolumeSource struct { Hotpluggable bool `json:"hotpluggable,omitempty"` } +type MemoryDumpVolumeSource struct { + // PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. + // Directly attached to the virt launcher + // +optional + PersistentVolumeClaimVolumeSource `json:",inline"` +} + type EphemeralVolumeSource struct { // PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. // Directly attached to the vmi via qemu. @@ -816,7 +861,7 @@ type Clock struct { ClockOffset `json:",inline"` // Timer specifies whih timers are attached to the vmi. // +optional - Timer *Timer `json:"timer"` + Timer *Timer `json:"timer,omitempty"` } // Represents all available timers in a vmi. @@ -1131,6 +1176,11 @@ type Interface struct { // If specified, the virtual network interface address and its tag will be provided to the guest via config drive // +optional Tag string `json:"tag,omitempty"` + // If specified, the ACPI index is used to provide network interface device naming, that is stable across changes + // in PCI addresses assigned to the device. + // This value is required to be unique across all devices and be between 1 and (16*1024-1). + // +optional + ACPIIndex int `json:"acpiIndex,omitempty"` } // Extra DHCP options to use in the interface. @@ -1149,6 +1199,24 @@ type DHCPOptions struct { PrivateOptions []DHCPPrivateOptions `json:"privateOptions,omitempty"` } +func (d *DHCPOptions) UnmarshalJSON(data []byte) error { + type DHCPOptionsAlias DHCPOptions + var dhcpOptionsAlias DHCPOptionsAlias + + if err := json.Unmarshal(data, &dhcpOptionsAlias); err != nil { + return err + } + + for i, ntpServer := range dhcpOptionsAlias.NTPServers { + if sanitizedIP, err := sanitizeIP(ntpServer); err == nil { + dhcpOptionsAlias.NTPServers[i] = sanitizedIP + } + } + + *d = DHCPOptions(dhcpOptionsAlias) + return nil +} + // DHCPExtraOptions defines Extra DHCP options for a VM. type DHCPPrivateOptions struct { // Option is an Integer value from 224-254 @@ -1167,18 +1235,27 @@ type InterfaceBindingMethod struct { Masquerade *InterfaceMasquerade `json:"masquerade,omitempty"` SRIOV *InterfaceSRIOV `json:"sriov,omitempty"` Macvtap *InterfaceMacvtap `json:"macvtap,omitempty"` + Passt *InterfacePasst `json:"passt,omitempty"` } +// InterfaceBridge connects to a given network via a linux bridge. type InterfaceBridge struct{} +// InterfaceSlirp connects to a given network using QEMU user networking mode. type InterfaceSlirp struct{} +// InterfaceMasquerade connects to a given network using netfilter rules to nat the traffic. type InterfaceMasquerade struct{} +// InterfaceSRIOV connects to a given network by passing-through an SR-IOV PCI device via vfio. type InterfaceSRIOV struct{} +// InterfaceMacvtap connects to a given network by extending the Kubernetes node's L2 networks via a macvtap interface. type InterfaceMacvtap struct{} +// InterfacePasst connects to a given network. +type InterfacePasst struct{} + // Port represents a port to expose from the virtual machine. // Default protocol TCP. // The port field is mandatory @@ -1331,6 +1408,22 @@ type PodNetwork struct { VMIPv6NetworkCIDR string `json:"vmIPv6NetworkCIDR,omitempty"` } +func (podNet *PodNetwork) UnmarshalJSON(data []byte) error { + type PodNetworkAlias PodNetwork + var podNetAlias PodNetworkAlias + + if err := json.Unmarshal(data, &podNetAlias); err != nil { + return err + } + + if sanitizedCIDR, err := sanitizeCIDR(podNetAlias.VMNetworkCIDR); err == nil { + podNetAlias.VMNetworkCIDR = sanitizedCIDR + } + + *podNet = PodNetwork(podNetAlias) + return nil +} + // Rng represents the random device passed from host type Rng struct { } diff --git a/vendor/kubevirt.io/api/core/v1/schema_swagger_generated.go b/vendor/kubevirt.io/api/core/v1/schema_swagger_generated.go index 17da30af34..5afc9bf97f 100644 --- a/vendor/kubevirt.io/api/core/v1/schema_swagger_generated.go +++ b/vendor/kubevirt.io/api/core/v1/schema_swagger_generated.go @@ -229,7 +229,7 @@ func (Devices) SwaggerDoc() map[string]string { return map[string]string{ "useVirtioTransitional": "Fall back to legacy virtio 0.9 support if virtio bus is selected on devices.\nThis is helpful for old machines like CentOS6 or RHEL6 which\ndo not understand virtio_non_transitional (virtio 1.0).", "disableHotplug": "DisableHotplug disabled the ability to hotplug disks.", - "disks": "Disks describes disks, cdroms, floppy and luns which are connected to the vmi.", + "disks": "Disks describes disks, cdroms and luns which are connected to the vmi.", "watchdog": "Watchdog describes a watchdog device which can be added to the vmi.", "interfaces": "Interfaces describe network interfaces which are added to the vmi.", "inputs": "Inputs describe input devices", @@ -237,6 +237,8 @@ func (Devices) SwaggerDoc() map[string]string { "autoattachGraphicsDevice": "Whether to attach the default graphics device or not.\nVNC will not be available if set to false. Defaults to true.", "autoattachSerialConsole": "Whether to attach the default serial console or not.\nSerial console access will not be available if set to false. Defaults to true.", "autoattachMemBalloon": "Whether to attach the Memory balloon device with default period.\nPeriod can be adjusted in virt-config.\nDefaults to true.\n+optional", + "autoattachInputDevice": "Whether to attach an Input Device.\nDefaults to false.\n+optional", + "autoattachVSOCK": "Whether to attach the VSOCK CID to the VM or not.\nVSOCK access will be available if set to true. Defaults to false.", "rng": "Whether to have random number generator from host\n+optional", "blockMultiQueue": "Whether or not to enable virtio multi-queue for block devices.\nDefaults to false.\n+optional", "networkInterfaceMultiqueue": "If specified, virtual network interfaces configured with a virtio bus will also enable the vhost multiqueue feature for network devices. The number of queues created depends on additional factors of the VirtualMachineInstance, like the number of guest CPUs.\n+optional", @@ -245,6 +247,7 @@ func (Devices) SwaggerDoc() map[string]string { "hostDevices": "Whether to attach a host device to the vmi.\n+optional\n+listType=atomic", "clientPassthrough": "To configure and access client devices such as redirecting USB\n+optional", "sound": "Whether to emulate a sound device.\n+optional", + "tpm": "Whether to emulate a TPM device.\n+optional", } } @@ -262,6 +265,10 @@ func (SoundDevice) SwaggerDoc() map[string]string { } } +func (TPMDevice) SwaggerDoc() map[string]string { + return map[string]string{} +} + func (Input) SwaggerDoc() map[string]string { return map[string]string{ "bus": "Bus indicates the bus of input device to emulate.\nSupported values: virtio, usb.", @@ -284,6 +291,7 @@ func (FilesystemVirtiofs) SwaggerDoc() map[string]string { func (GPU) SwaggerDoc() map[string]string { return map[string]string{ "name": "Name of the GPU device as exposed by a device plugin", + "tag": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive\n+optional", } } @@ -301,6 +309,7 @@ func (VGPUDisplayOptions) SwaggerDoc() map[string]string { func (HostDevice) SwaggerDoc() map[string]string { return map[string]string{ "deviceName": "DeviceName is the resource name of the host device exposed by a device plugin", + "tag": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive\n+optional", } } @@ -314,6 +323,7 @@ func (Disk) SwaggerDoc() map[string]string { "io": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.\n+optional", "tag": "If specified, disk address and its tag will be provided to the guest via config drive metadata\n+optional", "blockSize": "If specified, the virtual disk will be presented with the given block sizes.\n+optional", + "shareable": "If specified the disk is made sharable and multiple write from different VMs are permitted\n+optional", } } @@ -331,17 +341,16 @@ func (BlockSize) SwaggerDoc() map[string]string { func (DiskDevice) SwaggerDoc() map[string]string { return map[string]string{ - "": "Represents the target of a volume to mount.\nOnly one of its members may be specified.", - "disk": "Attach a volume as a disk to the vmi.", - "lun": "Attach a volume as a LUN to the vmi.", - "floppy": "Attach a volume as a floppy to the vmi.", - "cdrom": "Attach a volume as a cdrom to the vmi.", + "": "Represents the target of a volume to mount.\nOnly one of its members may be specified.", + "disk": "Attach a volume as a disk to the vmi.", + "lun": "Attach a volume as a LUN to the vmi.", + "cdrom": "Attach a volume as a cdrom to the vmi.", } } func (DiskTarget) SwaggerDoc() map[string]string { return map[string]string{ - "bus": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "bus": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", "readonly": "ReadOnly.\nDefaults to false.", "pciAddress": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10\n+optional", } @@ -364,13 +373,6 @@ func (LunTarget) SwaggerDoc() map[string]string { } } -func (FloppyTarget) SwaggerDoc() map[string]string { - return map[string]string{ - "readonly": "ReadOnly.\nDefaults to false.", - "tray": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.\n+optional", - } -} - func (CDRomTarget) SwaggerDoc() map[string]string { return map[string]string{ "bus": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", @@ -403,6 +405,7 @@ func (VolumeSource) SwaggerDoc() map[string]string { "downwardAPI": "DownwardAPI represents downward API about the pod that should populate this volume\n+optional", "serviceAccount": "ServiceAccountVolumeSource represents a reference to a service account.\nThere can only be one volume of this type!\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n+optional", "downwardMetrics": "DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest\nmetrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics.", + "memoryDump": "MemoryDump is attached to the virt launcher and is populated with a memory dump of the vmi", } } @@ -416,7 +419,7 @@ func (HotplugVolumeSource) SwaggerDoc() map[string]string { func (DataVolumeSource) SwaggerDoc() map[string]string { return map[string]string{ - "name": "Name represents the name of the DataVolume in the same namespace", + "name": "Name of both the DataVolume and the PVC in the same namespace.\nAfter PVC population the DataVolume is garbage collected by default.", "hotpluggable": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.\n+optional", } } @@ -428,6 +431,10 @@ func (PersistentVolumeClaimVolumeSource) SwaggerDoc() map[string]string { } } +func (MemoryDumpVolumeSource) SwaggerDoc() map[string]string { + return map[string]string{} +} + func (EphemeralVolumeSource) SwaggerDoc() map[string]string { return map[string]string{ "persistentVolumeClaim": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims\n+optional", @@ -618,6 +625,7 @@ func (Interface) SwaggerDoc() map[string]string { "pciAddress": "If specified, the virtual network interface will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10\n+optional", "dhcpOptions": "If specified the network interface will pass additional DHCP options to the VMI\n+optional", "tag": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive\n+optional", + "acpiIndex": "If specified, the ACPI index is used to provide network interface device naming, that is stable across changes\nin PCI addresses assigned to the device.\nThis value is required to be unique across all devices and be between 1 and (16*1024-1).\n+optional", } } @@ -646,23 +654,39 @@ func (InterfaceBindingMethod) SwaggerDoc() map[string]string { } func (InterfaceBridge) SwaggerDoc() map[string]string { - return map[string]string{} + return map[string]string{ + "": "InterfaceBridge connects to a given network via a linux bridge.", + } } func (InterfaceSlirp) SwaggerDoc() map[string]string { - return map[string]string{} + return map[string]string{ + "": "InterfaceSlirp connects to a given network using QEMU user networking mode.", + } } func (InterfaceMasquerade) SwaggerDoc() map[string]string { - return map[string]string{} + return map[string]string{ + "": "InterfaceMasquerade connects to a given network using netfilter rules to nat the traffic.", + } } func (InterfaceSRIOV) SwaggerDoc() map[string]string { - return map[string]string{} + return map[string]string{ + "": "InterfaceSRIOV connects to a given network by passing-through an SR-IOV PCI device via vfio.", + } } func (InterfaceMacvtap) SwaggerDoc() map[string]string { - return map[string]string{} + return map[string]string{ + "": "InterfaceMacvtap connects to a given network by extending the Kubernetes node's L2 networks via a macvtap interface.", + } +} + +func (InterfacePasst) SwaggerDoc() map[string]string { + return map[string]string{ + "": "InterfacePasst connects to a given network.", + } } func (Port) SwaggerDoc() map[string]string { diff --git a/vendor/kubevirt.io/api/core/v1/types.go b/vendor/kubevirt.io/api/core/v1/types.go index 58383d0646..41ba167ede 100644 --- a/vendor/kubevirt.io/api/core/v1/types.go +++ b/vendor/kubevirt.io/api/core/v1/types.go @@ -100,7 +100,15 @@ type VirtualMachineInstanceSpec struct { SchedulerName string `json:"schedulerName,omitempty"` // If toleration is specified, obey all the toleration rules. Tolerations []k8sv1.Toleration `json:"tolerations,omitempty"` - + // TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology + // domains. K8s scheduler will schedule VMI pods in a way which abides by the constraints. + // +optional + // +patchMergeKey=topologyKey + // +patchStrategy=merge + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + TopologySpreadConstraints []k8sv1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty" patchStrategy:"merge" patchMergeKey:"topologyKey"` // EvictionStrategy can be set to "LiveMigrate" if the VirtualMachineInstance should be // migrated instead of shut-off in case of a node drain. // @@ -156,6 +164,26 @@ type VirtualMachineInstanceSpec struct { AccessCredentials []AccessCredential `json:"accessCredentials,omitempty"` } +func (vmiSpec *VirtualMachineInstanceSpec) UnmarshalJSON(data []byte) error { + type VMISpecAlias VirtualMachineInstanceSpec + var vmiSpecAlias VMISpecAlias + + if err := json.Unmarshal(data, &vmiSpecAlias); err != nil { + return err + } + + if vmiSpecAlias.DNSConfig != nil { + for i, ns := range vmiSpecAlias.DNSConfig.Nameservers { + if sanitizedIP, err := sanitizeIP(ns); err == nil { + vmiSpecAlias.DNSConfig.Nameservers[i] = sanitizedIP + } + } + } + + *vmiSpec = VirtualMachineInstanceSpec(vmiSpecAlias) + return nil +} + // VirtualMachineInstancePhaseTransitionTimestamp gives a timestamp in relation to when a phase is set on a vmi type VirtualMachineInstancePhaseTransitionTimestamp struct { // Phase is the status of the VirtualMachineInstance in kubernetes world. It is not the VirtualMachineInstance status, but partially correlates to it. @@ -229,6 +257,18 @@ type VirtualMachineInstanceStatus struct { // an online vm snapshot // +optional VirtualMachineRevisionName string `json:"virtualMachineRevisionName,omitempty"` + + // RuntimeUser is used to determine what user will be used in launcher + // +optional + RuntimeUser uint64 `json:"runtimeUser"` + + // VSOCKCID is used to track the allocated VSOCK CID in the VM. + // +optional + VSOCKCID *uint32 `json:"VSOCKCID,omitempty"` + + // SELinuxContext is the actual SELinux context of the virt-launcher pod + // +optional + SelinuxContext string `json:"selinuxContext,omitempty"` } // PersistentVolumeClaimInfo contains the relavant information virt-handler needs cached about a PVC @@ -244,10 +284,14 @@ type PersistentVolumeClaimInfo struct { // +optional VolumeMode *k8sv1.PersistentVolumeMode `json:"volumeMode,omitempty"` - // Capacity represents the capacity set on the corresponding PVC spec + // Capacity represents the capacity set on the corresponding PVC status // +optional Capacity k8sv1.ResourceList `json:"capacity,omitempty"` + // Requests represents the resources requested by the corresponding PVC spec + // +optional + Requests k8sv1.ResourceList `json:"requests,omitempty"` + // Preallocated indicates if the PVC's storage is preallocated or not // +optional Preallocated bool `json:"preallocated,omitempty"` @@ -275,6 +319,20 @@ type VolumeStatus struct { HotplugVolume *HotplugVolumeStatus `json:"hotplugVolume,omitempty"` // Represents the size of the volume Size int64 `json:"size,omitempty"` + // If the volume is memorydump volume, this will contain the memorydump info. + MemoryDumpVolume *DomainMemoryDumpInfo `json:"memoryDumpVolume,omitempty"` +} + +// DomainMemoryDumpInfo represents the memory dump information +type DomainMemoryDumpInfo struct { + // StartTimestamp is the time when the memory dump started + StartTimestamp *metav1.Time `json:"startTimestamp,omitempty"` + // EndTimestamp is the time when the memory dump completed + EndTimestamp *metav1.Time `json:"endTimestamp,omitempty"` + // ClaimName is the name of the pvc the memory was dumped to + ClaimName string `json:"claimName,omitempty"` + // TargetFileName is the name of the memory dump output + TargetFileName string `json:"targetFileName,omitempty"` } // HotplugVolumeStatus represents the hotplug status of the volume @@ -303,6 +361,12 @@ const ( HotplugVolumeDetaching VolumePhase = "Detaching" // HotplugVolumeUnMounted means the volume has been unmounted from the virt-launcer pod. HotplugVolumeUnMounted VolumePhase = "UnMountedFromPod" + // MemoryDumpVolumeCompleted means that the requested memory dump was completed and the dump is ready in the volume + MemoryDumpVolumeCompleted VolumePhase = "MemoryDumpCompleted" + // MemoryDumpVolumeInProgress means that the volume for the memory dump was attached, and now the command is being triggered + MemoryDumpVolumeInProgress VolumePhase = "MemoryDumpInProgress" + // MemoryDumpVolumeInProgress means that the volume for the memory dump was attached, and now the command is being triggered + MemoryDumpVolumeFailed VolumePhase = "MemoryDumpFailed" ) func (v *VirtualMachineInstance) IsScheduling() bool { @@ -330,10 +394,6 @@ func (v *VirtualMachineInstance) IsMigratable() bool { return false } -func (v *VirtualMachineInstance) IsEvictable() bool { - return v.Spec.EvictionStrategy != nil && *v.Spec.EvictionStrategy == EvictionStrategyLiveMigrate -} - func (v *VirtualMachineInstance) IsFinal() bool { return v.Status.Phase == Failed || v.Status.Phase == Succeeded } @@ -421,6 +481,8 @@ const ( VirtualMachineInstanceReasonHostDeviceNotMigratable = "HostDeviceNotLiveMigratable" // Reason means that VMI is not live migratable because it uses Secure Encrypted Virtualization (SEV) VirtualMachineInstanceReasonSEVNotMigratable = "SEVNotLiveMigratable" + // Reason means that VMI is not live migratable because it uses HyperV Reenlightenment while TSC Frequency is not available + VirtualMachineInstanceReasonNoTSCFrequencyMigratable = "NoTSCFrequencyNotLiveMigratable" ) const ( @@ -442,7 +504,8 @@ type VirtualMachineInstanceMigrationConditionType string // These are valid conditions of VMIs. const ( // VirtualMachineInstanceMigrationAbortRequested indicates that live migration abort has been requested - VirtualMachineInstanceMigrationAbortRequested VirtualMachineInstanceMigrationConditionType = "migrationAbortRequested" + VirtualMachineInstanceMigrationAbortRequested VirtualMachineInstanceMigrationConditionType = "migrationAbortRequested" + VirtualMachineInstanceMigrationRejectedByResourceQuota VirtualMachineInstanceMigrationConditionType = "migrationRejectedByResourceQuota" ) type VirtualMachineInstanceCondition struct { @@ -506,6 +569,10 @@ type VirtualMachineInstanceNetworkInterface struct { IPs []string `json:"ipAddresses,omitempty"` // The interface name inside the Virtual Machine InterfaceName string `json:"interfaceName,omitempty"` + // Specifies the origin of the interface data collected. values: domain, guest-agent, or both + InfoSource string `json:"infoSource,omitempty"` + // Specifies how many queues are allocated by MultiQueue + QueueCount int32 `json:"queueCount,omitempty"` } type VirtualMachineInstanceGuestOSInfo struct { @@ -540,6 +607,7 @@ type VirtualMachineInstanceMigrationState struct { // The time the migration action ended // +nullable EndTimestamp *metav1.Time `json:"endTimestamp,omitempty"` + // The Target Node has seen the Domain Start Event TargetNodeDomainDetected bool `json:"targetNodeDomainDetected,omitempty"` // The address of the target node to use for the migration @@ -570,6 +638,13 @@ type VirtualMachineInstanceMigrationState struct { MigrationPolicyName *string `json:"migrationPolicyName,omitempty"` // Migration configurations to apply MigrationConfiguration *MigrationConfiguration `json:"migrationConfiguration,omitempty"` + // If the VMI requires dedicated CPUs, this field will + // hold the dedicated CPU set on the target node + // +listType=atomic + TargetCPUSet []int `json:"targetCPUSet,omitempty"` + // If the VMI requires dedicated CPUs, this field will + // hold the numa topology on the target node + TargetNodeTopology string `json:"targetNodeTopology,omitempty"` } type MigrationAbortStatus string @@ -635,9 +710,10 @@ const ( ) const ( - // This label marks resources that belong to KubeVirt. An optional value + // AppLabel and AppName labels marks resources that belong to KubeVirt. An optional value // may indicate which specific KubeVirt component a resource belongs to. AppLabel string = "kubevirt.io" + AppName string = "name" // This annotation is used to match virtual machine instances represented as // libvirt XML domains with their pods. Among other things, the annotation is // used to detect virtual machines with dead pods. Used on Pod. @@ -656,6 +732,10 @@ const ( // Used by functional tests to simulate virt-launcher crash looping FuncTestLauncherFailFastAnnotation string = "kubevirt.io/func-test-virt-launcher-fail-fast" + + // Used by functional tests to ignore backoff applied to migrations + FuncTestForceIgnoreMigrationBackoffAnnotation string = "kubevirt.io/func-test-ignore-migration-backoff" + // This label is used to match virtual machine instance IDs with pods. // Similar to kubevirt.io/domain. Used on Pod. // Internal use only. @@ -727,6 +807,9 @@ const ( // This label indicates the object is a part of the install strategy retrieval process. InstallStrategyLabel = "kubevirt.io/install-strategy" + // Set by virt-operator to coordinate component deletion + VirtOperatorComponentFinalizer string = "kubevirt.io/virtOperatorFinalizer" + // Set by VMI controller to ensure VMIs are processed during deletion VirtualMachineInstanceFinalizer string = "foregroundDeleteVirtualMachine" // Set By VM controller on VMIs to ensure VMIs are processed by VM controller during deletion @@ -741,17 +824,21 @@ const ( // This label represents supported cpu features on the node CPUFeatureLabel = "cpu-feature.node.kubevirt.io/" // This label represents supported cpu models on the node - CPUModelLabel = "cpu-model.node.kubevirt.io/" - CPUTimerLabel = "cpu-timer.node.kubevirt.io/" + CPUModelLabel = "cpu-model.node.kubevirt.io/" + SupportedHostModelMigrationCPU = "cpu-model-migration.node.kubevirt.io/" + CPUTimerLabel = "cpu-timer.node.kubevirt.io/" // This label represents supported HyperV features on the node HypervLabel = "hyperv.node.kubevirt.io/" // This label represents vendor of cpu model on the node CPUModelVendorLabel = "cpu-vendor.node.kubevirt.io/" + VirtIO = "virtio" + // This label represents the host model CPU name HostModelCPULabel = "host-model-cpu.node.kubevirt.io/" // This label represents the host model required features HostModelRequiredFeaturesLabel = "host-model-required-features.node.kubevirt.io/" + NodeHostModelIsObsoleteLabel = "node-labeller.kubevirt.io/obsolete-host-model" LabellerSkipNodeAnnotation = "node-labeller.kubevirt.io/skip-node" VirtualMachineLabel = AppLabel + "/vm" @@ -760,7 +847,7 @@ const ( MigrationSelectorLabel = "kubevirt.io/vmi-name" // This annotation represents vmi running nonroot implementation - NonRootVMIAnnotation = "kubevirt.io/nonroot" + DeprecatedNonRootVMIAnnotation = "kubevirt.io/nonroot" // This annotation is to keep virt launcher container alive when an VMI encounters a failure for debugging purpose KeepLauncherAfterFailureAnnotation string = "kubevirt.io/keep-launcher-alive-after-failure" @@ -776,6 +863,11 @@ const ( // This exists for functional testing MigrationPendingPodTimeoutSecondsAnnotation string = "kubevirt.io/migrationPendingPodTimeoutSeconds" + // CustomLibvirtLogFiltersAnnotation can be used to customized libvirt log filters. Example value could be + // "3:remote 4:event 3:util.json 3:util.object 3:util.dbus 3:util.netlink 3:node_device 3:rpc 3:access 1:*". + // For more info: https://libvirt.org/kbase/debuglogs.html + CustomLibvirtLogFiltersAnnotation string = "kubevirt.io/libvirt-log-filters" + // RealtimeLabel marks the node as capable of running realtime workloads RealtimeLabel string = "kubevirt.io/realtime" @@ -783,14 +875,31 @@ const ( // It's used as a readiness gate to prevent paused VMs from being marked as ready. VirtualMachineUnpaused k8sv1.PodConditionType = "kubevirt.io/virtual-machine-unpaused" - // VirtualMahcineTemplateHash is used by the pool controller to determine when a VM needs to be updated - VirtualMachineTemplateHash string = "kubevirt.io/vm-template-hash" - - // VirtualMahcineInstanceTemplateHash is used by the pool controller to determine when a VMI needs to be updated - VirtualMachineInstanceTemplateHash string = "kubevirt.io/vmi-template-hash" - // SEVLabel marks the node as capable of running workloads with SEV SEVLabel string = "kubevirt.io/sev" + + // InstancetypeAnnotation is the name of a VirtualMachineInstancetype + InstancetypeAnnotation string = "kubevirt.io/instancetype-name" + + // ClusterInstancetypeAnnotation is the name of a VirtualMachineClusterInstancetype + ClusterInstancetypeAnnotation string = "kubevirt.io/cluster-instancetype-name" + + // InstancetypeAnnotation is the name of a VirtualMachinePreference + PreferenceAnnotation string = "kubevirt.io/preference-name" + + // ClusterInstancetypeAnnotation is the name of a VirtualMachinePreferenceInstancetype + ClusterPreferenceAnnotation string = "kubevirt.io/cluster-preference-name" + + // VirtualMachinePoolRevisionName is used to store the vmpool revision's name this object + // originated from. + VirtualMachinePoolRevisionName string = "kubevirt.io/vm-pool-revision-name" + + // VirtualMachineNameLabel is the name of the Virtual Machine + VirtualMachineNameLabel string = "vm.kubevirt.io/name" + + // PVCMemoryDumpAnnotation is the name of the memory dump representing the vm name, + // pvc name and the timestamp the memory dump was collected + PVCMemoryDumpAnnotation string = "kubevirt.io/memory-dump" ) func NewVMI(name string, uid types.UID) *VirtualMachineInstance { @@ -1052,10 +1161,24 @@ type VirtualMachineInstanceMigrationSpec struct { VMIName string `json:"vmiName,omitempty" valid:"required"` } +// VirtualMachineInstanceMigrationPhaseTransitionTimestamp gives a timestamp in relation to when a phase is set on a vmi +type VirtualMachineInstanceMigrationPhaseTransitionTimestamp struct { + // Phase is the status of the VirtualMachineInstanceMigrationPhase in kubernetes world. It is not the VirtualMachineInstanceMigrationPhase status, but partially correlates to it. + Phase VirtualMachineInstanceMigrationPhase `json:"phase,omitempty"` + // PhaseTransitionTimestamp is the timestamp of when the phase change occurred + PhaseTransitionTimestamp metav1.Time `json:"phaseTransitionTimestamp,omitempty"` +} + // VirtualMachineInstanceMigration reprents information pertaining to a VMI's migration. type VirtualMachineInstanceMigrationStatus struct { Phase VirtualMachineInstanceMigrationPhase `json:"phase,omitempty"` Conditions []VirtualMachineInstanceMigrationCondition `json:"conditions,omitempty"` + // PhaseTransitionTimestamp is the timestamp of when the last phase change occurred + // +listType=atomic + // +optional + PhaseTransitionTimestamps []VirtualMachineInstanceMigrationPhaseTransitionTimestamp `json:"phaseTransitionTimestamps,omitempty"` + // Represents the status of a live migration + MigrationState *VirtualMachineInstanceMigrationState `json:"migrationState,omitempty"` } // VirtualMachineInstanceMigrationPhase is a label for the condition of a VirtualMachineInstanceMigration at the current time. @@ -1082,6 +1205,8 @@ const ( MigrationFailed VirtualMachineInstanceMigrationPhase = "Failed" ) +// Deprecated for removal in v2, please use VirtualMachineInstanceType and VirtualMachinePreference instead. +// // VirtualMachineInstancePreset defines a VMI spec.domain to be applied to all VMIs that match the provided label selector // More info: https://kubevirt.io/user-guide/virtual_machines/presets/#overrides // @@ -1148,8 +1273,9 @@ type VirtualMachine struct { // Return the current runStrategy for the VirtualMachine // if vm.spec.running is set, that will be mapped to runStrategy: -// false: RunStrategyHalted -// true: RunStrategyAlways +// +// false: RunStrategyHalted +// true: RunStrategyAlways func (vm *VirtualMachine) RunStrategy() (VirtualMachineRunStrategy, error) { if vm.Spec.Running != nil && vm.Spec.RunStrategy != nil { return RunStrategyUnknown, fmt.Errorf("running and runstrategy are mutually exclusive") @@ -1190,6 +1316,9 @@ const ( // VMI will initially be running--and restarted if a failure occurs. // It will not be restarted upon successful completion. RunStrategyRerunOnFailure VirtualMachineRunStrategy = "RerunOnFailure" + // VMI will run once and not be restarted upon completion regardless + // if the completion is of phase Failure or Success + RunStrategyOnce VirtualMachineRunStrategy = "Once" ) // VirtualMachineSpec describes how the proper VirtualMachine @@ -1203,8 +1332,11 @@ type VirtualMachineSpec struct { // mutually exclusive with Running RunStrategy *VirtualMachineRunStrategy `json:"runStrategy,omitempty" optional:"true"` - // FlavorMatcher references a flavor that is used to fill fields in Template - Flavor *FlavorMatcher `json:"flavor,omitempty" optional:"true"` + // InstancetypeMatcher references a instancetype that is used to fill fields in Template + Instancetype *InstancetypeMatcher `json:"instancetype,omitempty" optional:"true"` + + // PreferenceMatcher references a set of preference that is used to fill fields in Template + Preference *PreferenceMatcher `json:"preference,omitempty" optional:"true"` // Template is the direct specification of VirtualMachineInstance Template *VirtualMachineInstanceTemplateSpec `json:"template"` @@ -1263,8 +1395,6 @@ const ( VirtualMachineStatusImagePullBackOff VirtualMachinePrintableStatus = "ImagePullBackOff" // VirtualMachineStatusPvcNotFound indicates that the virtual machine references a PVC volume which doesn't exist. VirtualMachineStatusPvcNotFound VirtualMachinePrintableStatus = "ErrorPvcNotFound" - // VirtualMachineStatusDataVolumeNotFound indicates that the virtual machine references a DataVolume volume which doesn't exist. - VirtualMachineStatusDataVolumeNotFound VirtualMachinePrintableStatus = "ErrorDataVolumeNotFound" // VirtualMachineStatusDataVolumeError indicates that an error has been reported by one of the DataVolumes // referenced by the virtual machines. VirtualMachineStatusDataVolumeError VirtualMachinePrintableStatus = "DataVolumeError" @@ -1313,6 +1443,12 @@ type VirtualMachineStatus struct { // +nullable // +optional StartFailure *VirtualMachineStartFailure `json:"startFailure,omitempty" optional:"true"` + + // MemoryDumpRequest tracks memory dump request phase and info of getting a memory + // dump to the given pvc + // +nullable + // +optional + MemoryDumpRequest *VirtualMachineMemoryDumpRequest `json:"memoryDumpRequest,omitempty" optional:"true"` } type VolumeSnapshotStatus struct { @@ -1389,6 +1525,8 @@ const ( SlirpInterface NetworkInterfaceType = "slirp" // Virtual machine instance masquerade interface MasqueradeInterface NetworkInterfaceType = "masquerade" + // Virtual machine instance passt interface + PasstInterface NetworkInterfaceType = "passt" ) type DriverCache string @@ -1400,6 +1538,8 @@ const ( CacheNone DriverCache = "none" // CacheWriteThrough - I/O from the guest is cached on the host but written through to the physical medium. CacheWriteThrough DriverCache = "writethrough" + // CacheWriteBack - I/O from the guest is cached on the host. + CacheWriteBack DriverCache = "writeback" // IOThreads - User mode based threads with a shared lock that perform I/O tasks. Can impact performance but offers // more predictable behaviour. This method is also takes fewer CPU cycles to submit I/O requests. @@ -1407,9 +1547,6 @@ const ( // IONative - Kernel native I/O tasks (AIO) offer a better performance but can block the VM if the file is not fully // allocated so this method recommended only when the backing file/disk/etc is fully preallocated. IONative DriverIO = "native" - // IODefault - Fallback to the default value from the kernel. With recent Kernel versions (for example RHEL-7) the - // default is AIO. - IODefault DriverIO = "default" ) // Handler defines a specific action that should be taken @@ -1531,7 +1668,6 @@ const ( WorkloadUpdateMethodEvict WorkloadUpdateMethod = "Evict" ) -// // KubeVirtWorkloadUpdateStrategy defines options related to updating a KubeVirt install type KubeVirtWorkloadUpdateStrategy struct { // WorkloadUpdateMethods defines the methods that can be used to disrupt workloads @@ -1574,10 +1710,20 @@ type KubeVirtSpec struct { // The ImagePullPolicy to use. ImagePullPolicy k8sv1.PullPolicy `json:"imagePullPolicy,omitempty" valid:"required"` + // The imagePullSecrets to pull the container images from + // Defaults to none + // +listType=atomic + ImagePullSecrets []k8sv1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + // The namespace Prometheus is deployed in // Defaults to openshift-monitor MonitorNamespace string `json:"monitorNamespace,omitempty"` + // The namespace the service monitor will be deployed + // When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace + // otherwise we will use the monitoring namespace. + ServiceMonitorNamespace string `json:"serviceMonitorNamespace,omitempty"` + // The name of the Prometheus service account that needs read-access to KubeVirt endpoints // Defaults to prometheus-k8s MonitorAccount string `json:"monitorAccount,omitempty"` @@ -1696,6 +1842,7 @@ type KubeVirtStatus struct { ObservedDeploymentConfig string `json:"observedDeploymentConfig,omitempty" optional:"true"` ObservedDeploymentID string `json:"observedDeploymentID,omitempty" optional:"true"` OutdatedVirtualMachineInstanceWorkloads *int `json:"outdatedVirtualMachineInstanceWorkloads,omitempty" optional:"true"` + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` // +listType=atomic Generations []GenerationStatus `json:"generations,omitempty" optional:"true"` } @@ -1748,7 +1895,9 @@ const ( ) const ( + EvictionStrategyNone EvictionStrategy = "None" EvictionStrategyLiveMigrate EvictionStrategy = "LiveMigrate" + EvictionStrategyExternal EvictionStrategy = "External" ) // RestartOptions may be provided when deleting an API object. @@ -1928,6 +2077,46 @@ type FreezeUnfreezeTimeout struct { UnfreezeTimeout *metav1.Duration `json:"unfreezeTimeout"` } +// VirtualMachineMemoryDumpRequest represent the memory dump request phase and info +type VirtualMachineMemoryDumpRequest struct { + // ClaimName is the name of the pvc that will contain the memory dump + ClaimName string `json:"claimName"` + // Phase represents the memory dump phase + Phase MemoryDumpPhase `json:"phase"` + // Remove represents request of dissociating the memory dump pvc + // +optional + Remove bool `json:"remove,omitempty"` + // StartTimestamp represents the time the memory dump started + // +optional + StartTimestamp *metav1.Time `json:"startTimestamp,omitempty"` + // EndTimestamp represents the time the memory dump was completed + // +optional + EndTimestamp *metav1.Time `json:"endTimestamp,omitempty"` + // FileName represents the name of the output file + // +optional + FileName *string `json:"fileName,omitempty"` + // Message is a detailed message about failure of the memory dump + // +optional + Message string `json:"message,omitempty"` +} + +type MemoryDumpPhase string + +const ( + // The memorydump is during pvc Associating + MemoryDumpAssociating MemoryDumpPhase = "Associating" + // The memorydump is in progress + MemoryDumpInProgress MemoryDumpPhase = "InProgress" + // The memorydump is being unmounted + MemoryDumpUnmounting MemoryDumpPhase = "Unmounting" + // The memorydump is completed + MemoryDumpCompleted MemoryDumpPhase = "Completed" + // The memorydump is being unbound + MemoryDumpDissociating MemoryDumpPhase = "Dissociating" + // The memorydump failed + MemoryDumpFailed MemoryDumpPhase = "Failed" +) + // AddVolumeOptions is provided when dynamically hot plugging a volume and disk type AddVolumeOptions struct { // Name represents the name that will be used to map the @@ -1948,6 +2137,15 @@ type AddVolumeOptions struct { DryRun []string `json:"dryRun,omitempty"` } +type ScreenshotOptions struct { + MoveCursor bool `json:"moveCursor"` +} + +type VSOCKOptions struct { + TargetPort uint32 `json:"targetPort"` + UseTLS *bool `json:"useTLS,omitempty"` +} + // RemoveVolumeOptions is provided when dynamically hot unplugging volume and disk type RemoveVolumeOptions struct { // Name represents the name that maps to both the disk and volume that @@ -2004,6 +2202,20 @@ type KubeVirtConfiguration struct { SELinuxLauncherType string `json:"selinuxLauncherType,omitempty"` DefaultRuntimeClass string `json:"defaultRuntimeClass,omitempty"` SMBIOSConfig *SMBiosConfiguration `json:"smbios,omitempty"` + + // EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be + // migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific + // field is set it overrides the cluster level one. + EvictionStrategy *EvictionStrategy `json:"evictionStrategy,omitempty"` + + // AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure + // overhead. This is useful, since the calculation of this overhead is not accurate and cannot + // be entirely known in advance. The ratio that is being set determines by which factor to increase + // the overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised + // by node pressures, but would mean that fewer VMs could be scheduled to a node. + // If not set, the default is 1. + AdditionalGuestMemoryOverheadRatio *string `json:"additionalGuestMemoryOverheadRatio,omitempty"` + // deprecated SupportedGuestAgentVersions []string `json:"supportedGuestAgentVersions,omitempty"` MemBalloonStatsPeriod *uint32 `json:"memBalloonStatsPeriod,omitempty"` @@ -2016,6 +2228,8 @@ type KubeVirtConfiguration struct { WebhookConfiguration *ReloadableComponentConfiguration `json:"webhookConfiguration,omitempty"` ControllerConfiguration *ReloadableComponentConfiguration `json:"controllerConfiguration,omitempty"` HandlerConfiguration *ReloadableComponentConfiguration `json:"handlerConfiguration,omitempty"` + TLSConfiguration *TLSConfiguration `json:"tlsConfiguration,omitempty"` + SeccompConfiguration *SeccompConfiguration `json:"seccompConfiguration,omitempty"` } type SMBiosConfiguration struct { @@ -2026,19 +2240,91 @@ type SMBiosConfiguration struct { Family string `json:"family,omitempty"` } -// MigrationConfiguration holds migration options +type TLSProtocolVersion string + +const ( + // VersionTLS10 is version 1.0 of the TLS security protocol. + VersionTLS10 TLSProtocolVersion = "VersionTLS10" + // VersionTLS11 is version 1.1 of the TLS security protocol. + VersionTLS11 TLSProtocolVersion = "VersionTLS11" + // VersionTLS12 is version 1.2 of the TLS security protocol. + VersionTLS12 TLSProtocolVersion = "VersionTLS12" + // VersionTLS13 is version 1.3 of the TLS security protocol. + VersionTLS13 TLSProtocolVersion = "VersionTLS13" +) + +type CustomProfile struct { + LocalhostProfile *string `json:"localhostProfile,omitempty"` + RuntimeDefaultProfile bool `json:"runtimeDefaultProfile,omitempty"` +} + +type VirtualMachineInstanceProfile struct { + // CustomProfile allows to request arbitrary profile for virt-launcher + CustomProfile *CustomProfile `json:"customProfile,omitempty"` +} + +// SeccompConfiguration holds Seccomp configuration for Kubevirt components +type SeccompConfiguration struct { + // VirtualMachineInstanceProfile defines what profile should be used with virt-launcher. Defaults to none + VirtualMachineInstanceProfile *VirtualMachineInstanceProfile `json:"virtualMachineInstanceProfile,omitempty"` +} + +// TLSConfiguration holds TLS options +type TLSConfiguration struct { + // MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections. + // Protocol versions are based on the following most common TLS configurations: + // + // https://ssl-config.mozilla.org/ + // + // Note that SSLv3.0 is not a supported protocol version due to well known + // vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE + // +kubebuilder:validation:Enum=VersionTLS10;VersionTLS11;VersionTLS12;VersionTLS13 + MinTLSVersion TLSProtocolVersion `json:"minTLSVersion,omitempty"` + // +listType=set + Ciphers []string `json:"ciphers,omitempty"` +} + +// MigrationConfiguration holds migration options. +// Can be overridden for specific groups of VMs though migration policies. +// Visit https://kubevirt.io/user-guide/operations/migration_policies/ for more information. type MigrationConfiguration struct { - NodeDrainTaintKey *string `json:"nodeDrainTaintKey,omitempty"` - ParallelOutboundMigrationsPerNode *uint32 `json:"parallelOutboundMigrationsPerNode,omitempty"` - ParallelMigrationsPerCluster *uint32 `json:"parallelMigrationsPerCluster,omitempty"` - AllowAutoConverge *bool `json:"allowAutoConverge,omitempty"` - BandwidthPerMigration *resource.Quantity `json:"bandwidthPerMigration,omitempty"` - CompletionTimeoutPerGiB *int64 `json:"completionTimeoutPerGiB,omitempty"` - ProgressTimeout *int64 `json:"progressTimeout,omitempty"` - UnsafeMigrationOverride *bool `json:"unsafeMigrationOverride,omitempty"` - AllowPostCopy *bool `json:"allowPostCopy,omitempty"` - DisableTLS *bool `json:"disableTLS,omitempty"` - Network *string `json:"network,omitempty"` + // NodeDrainTaintKey defines the taint key that indicates a node should be drained. + // Note: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain + NodeDrainTaintKey *string `json:"nodeDrainTaintKey,omitempty"` + // ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations + // allowed per node. Defaults to 2 + ParallelOutboundMigrationsPerNode *uint32 `json:"parallelOutboundMigrationsPerNode,omitempty"` + // ParallelMigrationsPerCluster is the total number of concurrent live migrations + // allowed cluster-wide. Defaults to 5 + ParallelMigrationsPerCluster *uint32 `json:"parallelMigrationsPerCluster,omitempty"` + // AllowAutoConverge allows the platform to compromise performance/availability of VMIs to + // guarantee successful VMI live migrations. Defaults to false + AllowAutoConverge *bool `json:"allowAutoConverge,omitempty"` + // BandwidthPerMigration limits the amount of network bandwith live migrations are allowed to use. + // The value is in quantity per second. Defaults to 0 (no limit) + BandwidthPerMigration *resource.Quantity `json:"bandwidthPerMigration,omitempty"` + // CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. + // If a live-migration takes longer to migrate than this value multiplied by the size of the VMI, + // the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800 + CompletionTimeoutPerGiB *int64 `json:"completionTimeoutPerGiB,omitempty"` + // ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress. + // Hitting this timeout means a migration transferred 0 data for that many seconds. The migration is + // then considered stuck and therefore cancelled. Defaults to 150 + ProgressTimeout *int64 `json:"progressTimeout,omitempty"` + // UnsafeMigrationOverride allows live migrations to occur even if the compatibility check + // indicates the migration will be unsafe to the guest. Defaults to false + UnsafeMigrationOverride *bool `json:"unsafeMigrationOverride,omitempty"` + // AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs + // to successfully live-migrate. However, events like a network failure can cause a VMI crash. + // If set to true, migrations will still start in pre-copy, but switch to post-copy when + // CompletionTimeoutPerGiB triggers. Defaults to false + AllowPostCopy *bool `json:"allowPostCopy,omitempty"` + // When set to true, DisableTLS will disable the additional layer of live migration encryption + // provided by KubeVirt. This is usually a bad idea. Defaults to false + DisableTLS *bool `json:"disableTLS,omitempty"` + // Network is the name of the CNI network to use for live migrations. By default, migrations go + // through the pod network. + Network *string `json:"network,omitempty"` } // DiskVerification holds container disks verification limits @@ -2048,15 +2334,35 @@ type DiskVerification struct { // DeveloperConfiguration holds developer options type DeveloperConfiguration struct { - FeatureGates []string `json:"featureGates,omitempty"` - LessPVCSpaceToleration int `json:"pvcTolerateLessSpaceUpToPercent,omitempty"` - MinimumReservePVCBytes uint64 `json:"minimumReservePVCBytes,omitempty"` - MemoryOvercommit int `json:"memoryOvercommit,omitempty"` - NodeSelectors map[string]string `json:"nodeSelectors,omitempty"` + // FeatureGates is the list of experimental features to enable. Defaults to none + FeatureGates []string `json:"featureGates,omitempty"` + // LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are + // allowed to be compared to the requested size (to account for various overheads). + // Defaults to 10 + LessPVCSpaceToleration int `json:"pvcTolerateLessSpaceUpToPercent,omitempty"` + // MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks. + // Defaults to 131072 (128KiB) + MinimumReservePVCBytes uint64 `json:"minimumReservePVCBytes,omitempty"` + // MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount + // given to its parent pod (virt-launcher). For example, a value of 102 means the VMI will + // "see" 2% more memory than its parent pod. Values under 100 are effectively "undercommits". + // Overcommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully. + // Defaults to 100 + MemoryOvercommit int `json:"memoryOvercommit,omitempty"` + // NodeSelectors allows restricting VMI creation to nodes that match a set of labels. + // Defaults to none + NodeSelectors map[string]string `json:"nodeSelectors,omitempty"` // UseEmulation can be set to true to allow fallback to software emulation - // in case hardware-assisted emulation is not available. - UseEmulation bool `json:"useEmulation,omitempty"` - CPUAllocationRatio int `json:"cpuAllocationRatio,omitempty"` + // in case hardware-assisted emulation is not available. Defaults to false + UseEmulation bool `json:"useEmulation,omitempty"` + // For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI + // from the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes). + // For example, a value of 1 means 1 physical CPU thread per VMI CPU thread. + // A value of 100 would be 1% of a physical thread allocated for each requested VMI thread. + // This option has no effect on VMIs that request dedicated CPUs. More information at: + // https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + // Defaults to 10 + CPUAllocationRatio int `json:"cpuAllocationRatio,omitempty"` // Allow overriding the automatically determined minimum TSC frequency of the cluster // and fixate the minimum to this frequency. MinimumClusterTSCFrequency *int64 `json:"minimumClusterTSCFrequency,omitempty"` @@ -2075,7 +2381,12 @@ type LogVerbosity struct { NodeVerbosity map[string]uint `json:"nodeVerbosity,omitempty"` } -// PermittedHostDevices holds inforamtion about devices allowed for passthrough +const ( + PCIResourcePrefix = "PCI_RESOURCE" + MDevResourcePrefix = "MDEV_PCI_RESOURCE" +) + +// PermittedHostDevices holds information about devices allowed for passthrough type PermittedHostDevices struct { // +listType=atomic PciHostDevices []PciHostDevice `json:"pciHostDevices,omitempty"` @@ -2105,24 +2416,34 @@ type MediatedHostDevice struct { ExternalResourceProvider bool `json:"externalResourceProvider,omitempty"` } -// MediatedDevicesConfiguration holds inforamtion about MDEV types to be defined, if available +// MediatedDevicesConfiguration holds information about MDEV types to be defined, if available type MediatedDevicesConfiguration struct { + // Deprecated. Use mediatedDeviceTypes instead. + // +optional // +listType=atomic MediatedDevicesTypes []string `json:"mediatedDevicesTypes,omitempty"` // +optional // +listType=atomic + MediatedDeviceTypes []string `json:"mediatedDeviceTypes,omitempty"` + // +optional + // +listType=atomic NodeMediatedDeviceTypes []NodeMediatedDeviceTypesConfig `json:"nodeMediatedDeviceTypes,omitempty"` } -// NodeMediatedDeviceTypesConfig holds inforamtion about MDEV types to be defined in a specifc node that matches the NodeSelector field. +// NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specifc node that matches the NodeSelector field. // +k8s:openapi-gen=true type NodeMediatedDeviceTypesConfig struct { // NodeSelector is a selector which must be true for the vmi to fit on a node. // Selector which must match a node's labels for the vmi to be scheduled on that node. // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ NodeSelector map[string]string `json:"nodeSelector"` + // Deprecated. Use mediatedDeviceTypes instead. + // +optional + // +listType=atomic + MediatedDevicesTypes []string `json:"mediatedDevicesTypes,omitempty"` + // +optional // +listType=atomic - MediatedDevicesTypes []string `json:"mediatedDevicesTypes"` + MediatedDeviceTypes []string `json:"mediatedDeviceTypes"` } // NetworkConfiguration holds network options @@ -2151,19 +2472,81 @@ type ClusterProfilerRequest struct { PageSize int64 `json:"pageSize"` } -// FlavorMatcher references a flavor that is used to fill fields in the VMI template. -type FlavorMatcher struct { - // Name is the name of the VirtualMachineFlavor or VirtualMachineClusterFlavor - Name string `json:"name"` +type Matcher interface { + GetName() string + GetRevisionName() string +} - // Kind specifies which flavor resource is referenced. - // Allowed values are: "VirtualMachineFlavor" and "VirtualMachineClusterFlavor". - // If not specified, "VirtualMachineClusterFlavor" is used by default. +// InstancetypeMatcher references a instancetype that is used to fill fields in the VMI template. +type InstancetypeMatcher struct { + // Name is the name of the VirtualMachineInstancetype or VirtualMachineClusterInstancetype + // + // +optional + Name string `json:"name,omitempty"` + + // Kind specifies which instancetype resource is referenced. + // Allowed values are: "VirtualMachineInstancetype" and "VirtualMachineClusterInstancetype". + // If not specified, "VirtualMachineClusterInstancetype" is used by default. // // +optional Kind string `json:"kind,omitempty"` - // Profile is the name of a custom profile in the flavor. If left empty, the default profile is used. + // RevisionName specifies a ControllerRevision containing a specific copy of the + // VirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially + // captured the first time the instancetype is applied to the VirtualMachineInstance. + // + // +optional + RevisionName string `json:"revisionName,omitempty"` + + // InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype + // to be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher + // this field is removed. + // // +optional - Profile string `json:"profile,omitempty"` + InferFromVolume string `json:"inferFromVolume,omitempty"` +} + +func (i InstancetypeMatcher) GetName() string { + return i.Name +} + +func (i InstancetypeMatcher) GetRevisionName() string { + return i.RevisionName +} + +// PreferenceMatcher references a set of preference that is used to fill fields in the VMI template. +type PreferenceMatcher struct { + // Name is the name of the VirtualMachinePreference or VirtualMachineClusterPreference + // + // +optional + Name string `json:"name,omitempty"` + + // Kind specifies which preference resource is referenced. + // Allowed values are: "VirtualMachinePreference" and "VirtualMachineClusterPreference". + // If not specified, "VirtualMachineClusterPreference" is used by default. + // + // +optional + Kind string `json:"kind,omitempty"` + + // RevisionName specifies a ControllerRevision containing a specific copy of the + // VirtualMachinePreference or VirtualMachineClusterPreference to be used. This is + // initially captured the first time the instancetype is applied to the VirtualMachineInstance. + // + // +optional + RevisionName string `json:"revisionName,omitempty"` + + // InferFromVolume lists the name of a volume that should be used to infer or discover the preference + // to be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher + // this field is removed. + // + // +optional + InferFromVolume string `json:"inferFromVolume,omitempty"` +} + +func (p PreferenceMatcher) GetName() string { + return p.Name +} + +func (p PreferenceMatcher) GetRevisionName() string { + return p.RevisionName } diff --git a/vendor/kubevirt.io/api/core/v1/types_swagger_generated.go b/vendor/kubevirt.io/api/core/v1/types_swagger_generated.go index 0f9e812148..58c9bcd5a1 100644 --- a/vendor/kubevirt.io/api/core/v1/types_swagger_generated.go +++ b/vendor/kubevirt.io/api/core/v1/types_swagger_generated.go @@ -25,6 +25,7 @@ func (VirtualMachineInstanceSpec) SwaggerDoc() map[string]string { "affinity": "If affinity is specifies, obey all the affinity rules", "schedulerName": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.\n+optional", "tolerations": "If toleration is specified, obey all the toleration rules.", + "topologySpreadConstraints": "TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology\ndomains. K8s scheduler will schedule VMI pods in a way which abides by the constraints.\n+optional\n+patchMergeKey=topologyKey\n+patchStrategy=merge\n+listType=map\n+listMapKey=topologyKey\n+listMapKey=whenUnsatisfiable", "evictionStrategy": "EvictionStrategy can be set to \"LiveMigrate\" if the VirtualMachineInstance should be\nmigrated instead of shut-off in case of a node drain.\n\n+optional", "startStrategy": "StartStrategy can be set to \"Paused\" if Virtual Machine should be started in paused state.\n\n+optional", "terminationGracePeriodSeconds": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", @@ -73,6 +74,9 @@ func (VirtualMachineInstanceStatus) SwaggerDoc() map[string]string { "fsFreezeStatus": "FSFreezeStatus is the state of the fs of the guest\nit can be either frozen or thawed\n+optional", "topologyHints": "+optional", "virtualMachineRevisionName": "VirtualMachineRevisionName is used to get the vm revision of the vmi when doing\nan online vm snapshot\n+optional", + "runtimeUser": "RuntimeUser is used to determine what user will be used in launcher\n+optional", + "VSOCKCID": "VSOCKCID is used to track the allocated VSOCK CID in the VM.\n+optional", + "selinuxContext": "SELinuxContext is the actual SELinux context of the virt-launcher pod\n+optional", } } @@ -81,7 +85,8 @@ func (PersistentVolumeClaimInfo) SwaggerDoc() map[string]string { "": "PersistentVolumeClaimInfo contains the relavant information virt-handler needs cached about a PVC", "accessModes": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1\n+listType=atomic\n+optional", "volumeMode": "VolumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.\n+optional", - "capacity": "Capacity represents the capacity set on the corresponding PVC spec\n+optional", + "capacity": "Capacity represents the capacity set on the corresponding PVC status\n+optional", + "requests": "Requests represents the resources requested by the corresponding PVC spec\n+optional", "preallocated": "Preallocated indicates if the PVC's storage is preallocated or not\n+optional", "filesystemOverhead": "Percentage of filesystem's size to be reserved when resizing the PVC\n+optional", } @@ -98,6 +103,17 @@ func (VolumeStatus) SwaggerDoc() map[string]string { "persistentVolumeClaimInfo": "PersistentVolumeClaimInfo is information about the PVC that handler requires during start flow", "hotplugVolume": "If the volume is hotplug, this will contain the hotplug status.", "size": "Represents the size of the volume", + "memoryDumpVolume": "If the volume is memorydump volume, this will contain the memorydump info.", + } +} + +func (DomainMemoryDumpInfo) SwaggerDoc() map[string]string { + return map[string]string{ + "": "DomainMemoryDumpInfo represents the memory dump information", + "startTimestamp": "StartTimestamp is the time when the memory dump started", + "endTimestamp": "EndTimestamp is the time when the memory dump completed", + "claimName": "ClaimName is the name of the pvc the memory was dumped to", + "targetFileName": "TargetFileName is the name of the memory dump output", } } @@ -130,6 +146,8 @@ func (VirtualMachineInstanceNetworkInterface) SwaggerDoc() map[string]string { "name": "Name of the interface, corresponds to name of the network assigned to the interface", "ipAddresses": "List of all IP addresses of a Virtual Machine interface", "interfaceName": "The interface name inside the Virtual Machine", + "infoSource": "Specifies the origin of the interface data collected. values: domain, guest-agent, or both", + "queueCount": "Specifies how many queues are allocated by MultiQueue", } } @@ -166,6 +184,8 @@ func (VirtualMachineInstanceMigrationState) SwaggerDoc() map[string]string { "mode": "Lets us know if the vmi is currently running pre or post copy migration", "migrationPolicyName": "Name of the migration policy. If string is empty, no policy is matched", "migrationConfiguration": "Migration configurations to apply", + "targetCPUSet": "If the VMI requires dedicated CPUs, this field will\nhold the dedicated CPU set on the target node\n+listType=atomic", + "targetNodeTopology": "If the VMI requires dedicated CPUs, this field will\nhold the numa topology on the target node", } } @@ -249,15 +269,25 @@ func (VirtualMachineInstanceMigrationSpec) SwaggerDoc() map[string]string { } } +func (VirtualMachineInstanceMigrationPhaseTransitionTimestamp) SwaggerDoc() map[string]string { + return map[string]string{ + "": "VirtualMachineInstanceMigrationPhaseTransitionTimestamp gives a timestamp in relation to when a phase is set on a vmi", + "phase": "Phase is the status of the VirtualMachineInstanceMigrationPhase in kubernetes world. It is not the VirtualMachineInstanceMigrationPhase status, but partially correlates to it.", + "phaseTransitionTimestamp": "PhaseTransitionTimestamp is the timestamp of when the phase change occurred", + } +} + func (VirtualMachineInstanceMigrationStatus) SwaggerDoc() map[string]string { return map[string]string{ - "": "VirtualMachineInstanceMigration reprents information pertaining to a VMI's migration.", + "": "VirtualMachineInstanceMigration reprents information pertaining to a VMI's migration.", + "phaseTransitionTimestamps": "PhaseTransitionTimestamp is the timestamp of when the last phase change occurred\n+listType=atomic\n+optional", + "migrationState": "Represents the status of a live migration", } } func (VirtualMachineInstancePreset) SwaggerDoc() map[string]string { return map[string]string{ - "": "VirtualMachineInstancePreset defines a VMI spec.domain to be applied to all VMIs that match the provided label selector\nMore info: https://kubevirt.io/user-guide/virtual_machines/presets/#overrides\n\n+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object\n+genclient", + "": "Deprecated for removal in v2, please use VirtualMachineInstanceType and VirtualMachinePreference instead.\n\nVirtualMachineInstancePreset defines a VMI spec.domain to be applied to all VMIs that match the provided label selector\nMore info: https://kubevirt.io/user-guide/virtual_machines/presets/#overrides\n\n+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object\n+genclient", "spec": "VirtualMachineInstance Spec contains the VirtualMachineInstance specification.", } } @@ -294,7 +324,8 @@ func (VirtualMachineSpec) SwaggerDoc() map[string]string { "": "VirtualMachineSpec describes how the proper VirtualMachine\nshould look like", "running": "Running controls whether the associatied VirtualMachineInstance is created or not\nMutually exclusive with RunStrategy", "runStrategy": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running", - "flavor": "FlavorMatcher references a flavor that is used to fill fields in Template", + "instancetype": "InstancetypeMatcher references a instancetype that is used to fill fields in Template", + "preference": "PreferenceMatcher references a set of preference that is used to fill fields in Template", "template": "Template is the direct specification of VirtualMachineInstance", "dataVolumeTemplates": "dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference.\nDataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle.", } @@ -319,6 +350,7 @@ func (VirtualMachineStatus) SwaggerDoc() map[string]string { "volumeRequests": "VolumeRequests indicates a list of volumes add or remove from the VMI template and\nhotplug on an active running VMI.\n+listType=atomic", "volumeSnapshotStatuses": "VolumeSnapshotStatuses indicates a list of statuses whether snapshotting is\nsupported by each volume.", "startFailure": "StartFailure tracks consecutive VMI startup failures for the purposes of\ncrash loop backoffs\n+nullable\n+optional", + "memoryDumpRequest": "MemoryDumpRequest tracks memory dump request phase and info of getting a memory\ndump to the given pvc\n+nullable\n+optional", } } @@ -419,19 +451,21 @@ func (KubeVirtWorkloadUpdateStrategy) SwaggerDoc() map[string]string { func (KubeVirtSpec) SwaggerDoc() map[string]string { return map[string]string{ - "imageTag": "The image tag to use for the continer images installed.\nDefaults to the same tag as the operator's container image.", - "imageRegistry": "The image registry to pull the container images from\nDefaults to the same registry the operator's container image is pulled from.", - "imagePullPolicy": "The ImagePullPolicy to use.", - "monitorNamespace": "The namespace Prometheus is deployed in\nDefaults to openshift-monitor", - "monitorAccount": "The name of the Prometheus service account that needs read-access to KubeVirt endpoints\nDefaults to prometheus-k8s", - "workloadUpdateStrategy": "WorkloadUpdateStrategy defines at the cluster level how to handle\nautomated workload updates", - "uninstallStrategy": "Specifies if kubevirt can be deleted if workloads are still present.\nThis is mainly a precaution to avoid accidental data loss", - "productVersion": "Designate the apps.kubevirt.io/version label for KubeVirt components.\nUseful if KubeVirt is included as part of a product.\nIf ProductVersion is not specified, KubeVirt's version will be used.", - "productName": "Designate the apps.kubevirt.io/part-of label for KubeVirt components.\nUseful if KubeVirt is included as part of a product.\nIf ProductName is not specified, the part-of label will be omitted.", - "productComponent": "Designate the apps.kubevirt.io/component label for KubeVirt components.\nUseful if KubeVirt is included as part of a product.\nIf ProductComponent is not specified, the component label default value is kubevirt.", - "configuration": "holds kubevirt configurations.\nsame as the virt-configMap", - "infra": "selectors and tolerations that should apply to KubeVirt infrastructure components\n+optional", - "workloads": "selectors and tolerations that should apply to KubeVirt workloads\n+optional", + "imageTag": "The image tag to use for the continer images installed.\nDefaults to the same tag as the operator's container image.", + "imageRegistry": "The image registry to pull the container images from\nDefaults to the same registry the operator's container image is pulled from.", + "imagePullPolicy": "The ImagePullPolicy to use.", + "imagePullSecrets": "The imagePullSecrets to pull the container images from\nDefaults to none\n+listType=atomic", + "monitorNamespace": "The namespace Prometheus is deployed in\nDefaults to openshift-monitor", + "serviceMonitorNamespace": "The namespace the service monitor will be deployed\n When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace\notherwise we will use the monitoring namespace.", + "monitorAccount": "The name of the Prometheus service account that needs read-access to KubeVirt endpoints\nDefaults to prometheus-k8s", + "workloadUpdateStrategy": "WorkloadUpdateStrategy defines at the cluster level how to handle\nautomated workload updates", + "uninstallStrategy": "Specifies if kubevirt can be deleted if workloads are still present.\nThis is mainly a precaution to avoid accidental data loss", + "productVersion": "Designate the apps.kubevirt.io/version label for KubeVirt components.\nUseful if KubeVirt is included as part of a product.\nIf ProductVersion is not specified, KubeVirt's version will be used.", + "productName": "Designate the apps.kubevirt.io/part-of label for KubeVirt components.\nUseful if KubeVirt is included as part of a product.\nIf ProductName is not specified, the part-of label will be omitted.", + "productComponent": "Designate the apps.kubevirt.io/component label for KubeVirt components.\nUseful if KubeVirt is included as part of a product.\nIf ProductComponent is not specified, the component label default value is kubevirt.", + "configuration": "holds kubevirt configurations.\nsame as the virt-configMap", + "infra": "selectors and tolerations that should apply to KubeVirt infrastructure components\n+optional", + "workloads": "selectors and tolerations that should apply to KubeVirt workloads\n+optional", } } @@ -583,6 +617,19 @@ func (FreezeUnfreezeTimeout) SwaggerDoc() map[string]string { } } +func (VirtualMachineMemoryDumpRequest) SwaggerDoc() map[string]string { + return map[string]string{ + "": "VirtualMachineMemoryDumpRequest represent the memory dump request phase and info", + "claimName": "ClaimName is the name of the pvc that will contain the memory dump", + "phase": "Phase represents the memory dump phase", + "remove": "Remove represents request of dissociating the memory dump pvc\n+optional", + "startTimestamp": "StartTimestamp represents the time the memory dump started\n+optional", + "endTimestamp": "EndTimestamp represents the time the memory dump was completed\n+optional", + "fileName": "FileName represents the name of the output file\n+optional", + "message": "Message is a detailed message about failure of the memory dump\n+optional", + } +} + func (AddVolumeOptions) SwaggerDoc() map[string]string { return map[string]string{ "": "AddVolumeOptions is provided when dynamically hot plugging a volume and disk", @@ -593,6 +640,14 @@ func (AddVolumeOptions) SwaggerDoc() map[string]string { } } +func (ScreenshotOptions) SwaggerDoc() map[string]string { + return map[string]string{} +} + +func (VSOCKOptions) SwaggerDoc() map[string]string { + return map[string]string{} +} + func (RemoveVolumeOptions) SwaggerDoc() map[string]string { return map[string]string{ "": "RemoveVolumeOptions is provided when dynamically hot unplugging volume and disk", @@ -628,8 +683,10 @@ func (ReloadableComponentConfiguration) SwaggerDoc() map[string]string { func (KubeVirtConfiguration) SwaggerDoc() map[string]string { return map[string]string{ - "": "KubeVirtConfiguration holds all kubevirt configurations", - "supportedGuestAgentVersions": "deprecated", + "": "KubeVirtConfiguration holds all kubevirt configurations", + "evictionStrategy": "EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be\nmigrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific\nfield is set it overrides the cluster level one.", + "additionalGuestMemoryOverheadRatio": "AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure\noverhead. This is useful, since the calculation of this overhead is not accurate and cannot\nbe entirely known in advance. The ratio that is being set determines by which factor to increase\nthe overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised\nby node pressures, but would mean that fewer VMs could be scheduled to a node.\nIf not set, the default is 1.", + "supportedGuestAgentVersions": "deprecated", } } @@ -637,9 +694,45 @@ func (SMBiosConfiguration) SwaggerDoc() map[string]string { return map[string]string{} } +func (CustomProfile) SwaggerDoc() map[string]string { + return map[string]string{} +} + +func (VirtualMachineInstanceProfile) SwaggerDoc() map[string]string { + return map[string]string{ + "customProfile": "CustomProfile allows to request arbitrary profile for virt-launcher", + } +} + +func (SeccompConfiguration) SwaggerDoc() map[string]string { + return map[string]string{ + "": "SeccompConfiguration holds Seccomp configuration for Kubevirt components", + "virtualMachineInstanceProfile": "VirtualMachineInstanceProfile defines what profile should be used with virt-launcher. Defaults to none", + } +} + +func (TLSConfiguration) SwaggerDoc() map[string]string { + return map[string]string{ + "": "TLSConfiguration holds TLS options", + "minTLSVersion": "MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections.\nProtocol versions are based on the following most common TLS configurations:\n\n https://ssl-config.mozilla.org/\n\nNote that SSLv3.0 is not a supported protocol version due to well known\nvulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE\n+kubebuilder:validation:Enum=VersionTLS10;VersionTLS11;VersionTLS12;VersionTLS13", + "ciphers": "+listType=set", + } +} + func (MigrationConfiguration) SwaggerDoc() map[string]string { return map[string]string{ - "": "MigrationConfiguration holds migration options", + "": "MigrationConfiguration holds migration options.\nCan be overridden for specific groups of VMs though migration policies.\nVisit https://kubevirt.io/user-guide/operations/migration_policies/ for more information.", + "nodeDrainTaintKey": "NodeDrainTaintKey defines the taint key that indicates a node should be drained.\nNote: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain", + "parallelOutboundMigrationsPerNode": "ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations\nallowed per node. Defaults to 2", + "parallelMigrationsPerCluster": "ParallelMigrationsPerCluster is the total number of concurrent live migrations\nallowed cluster-wide. Defaults to 5", + "allowAutoConverge": "AllowAutoConverge allows the platform to compromise performance/availability of VMIs to\nguarantee successful VMI live migrations. Defaults to false", + "bandwidthPerMigration": "BandwidthPerMigration limits the amount of network bandwith live migrations are allowed to use.\nThe value is in quantity per second. Defaults to 0 (no limit)", + "completionTimeoutPerGiB": "CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.\nIf a live-migration takes longer to migrate than this value multiplied by the size of the VMI,\nthe migration will be cancelled, unless AllowPostCopy is true. Defaults to 800", + "progressTimeout": "ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress.\nHitting this timeout means a migration transferred 0 data for that many seconds. The migration is\nthen considered stuck and therefore cancelled. Defaults to 150", + "unsafeMigrationOverride": "UnsafeMigrationOverride allows live migrations to occur even if the compatibility check\nindicates the migration will be unsafe to the guest. Defaults to false", + "allowPostCopy": "AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs\nto successfully live-migrate. However, events like a network failure can cause a VMI crash.\nIf set to true, migrations will still start in pre-copy, but switch to post-copy when\nCompletionTimeoutPerGiB triggers. Defaults to false", + "disableTLS": "When set to true, DisableTLS will disable the additional layer of live migration encryption\nprovided by KubeVirt. This is usually a bad idea. Defaults to false", + "network": "Network is the name of the CNI network to use for live migrations. By default, migrations go\nthrough the pod network.", } } @@ -651,9 +744,15 @@ func (DiskVerification) SwaggerDoc() map[string]string { func (DeveloperConfiguration) SwaggerDoc() map[string]string { return map[string]string{ - "": "DeveloperConfiguration holds developer options", - "useEmulation": "UseEmulation can be set to true to allow fallback to software emulation\nin case hardware-assisted emulation is not available.", - "minimumClusterTSCFrequency": "Allow overriding the automatically determined minimum TSC frequency of the cluster\nand fixate the minimum to this frequency.", + "": "DeveloperConfiguration holds developer options", + "featureGates": "FeatureGates is the list of experimental features to enable. Defaults to none", + "pvcTolerateLessSpaceUpToPercent": "LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are\nallowed to be compared to the requested size (to account for various overheads).\nDefaults to 10", + "minimumReservePVCBytes": "MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks.\nDefaults to 131072 (128KiB)", + "memoryOvercommit": "MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount\ngiven to its parent pod (virt-launcher). For example, a value of 102 means the VMI will\n\"see\" 2% more memory than its parent pod. Values under 100 are effectively \"undercommits\".\nOvercommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.\nDefaults to 100", + "nodeSelectors": "NodeSelectors allows restricting VMI creation to nodes that match a set of labels.\nDefaults to none", + "useEmulation": "UseEmulation can be set to true to allow fallback to software emulation\nin case hardware-assisted emulation is not available. Defaults to false", + "cpuAllocationRatio": "For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI\nfrom the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes).\nFor example, a value of 1 means 1 physical CPU thread per VMI CPU thread.\nA value of 100 would be 1% of a physical thread allocated for each requested VMI thread.\nThis option has no effect on VMIs that request dedicated CPUs. More information at:\nhttps://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio\nDefaults to 10", + "minimumClusterTSCFrequency": "Allow overriding the automatically determined minimum TSC frequency of the cluster\nand fixate the minimum to this frequency.", } } @@ -666,7 +765,7 @@ func (LogVerbosity) SwaggerDoc() map[string]string { func (PermittedHostDevices) SwaggerDoc() map[string]string { return map[string]string{ - "": "PermittedHostDevices holds inforamtion about devices allowed for passthrough", + "": "PermittedHostDevices holds information about devices allowed for passthrough", "pciHostDevices": "+listType=atomic", "mediatedDevices": "+listType=atomic", } @@ -689,17 +788,19 @@ func (MediatedHostDevice) SwaggerDoc() map[string]string { func (MediatedDevicesConfiguration) SwaggerDoc() map[string]string { return map[string]string{ - "": "MediatedDevicesConfiguration holds inforamtion about MDEV types to be defined, if available", - "mediatedDevicesTypes": "+listType=atomic", + "": "MediatedDevicesConfiguration holds information about MDEV types to be defined, if available", + "mediatedDevicesTypes": "Deprecated. Use mediatedDeviceTypes instead.\n+optional\n+listType=atomic", + "mediatedDeviceTypes": "+optional\n+listType=atomic", "nodeMediatedDeviceTypes": "+optional\n+listType=atomic", } } func (NodeMediatedDeviceTypesConfig) SwaggerDoc() map[string]string { return map[string]string{ - "": "NodeMediatedDeviceTypesConfig holds inforamtion about MDEV types to be defined in a specifc node that matches the NodeSelector field.\n+k8s:openapi-gen=true", + "": "NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specifc node that matches the NodeSelector field.\n+k8s:openapi-gen=true", "nodeSelector": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "mediatedDevicesTypes": "+listType=atomic", + "mediatedDevicesTypes": "Deprecated. Use mediatedDeviceTypes instead.\n+optional\n+listType=atomic", + "mediatedDeviceTypes": "+optional\n+listType=atomic", } } @@ -727,11 +828,22 @@ func (ClusterProfilerRequest) SwaggerDoc() map[string]string { return map[string]string{} } -func (FlavorMatcher) SwaggerDoc() map[string]string { +func (InstancetypeMatcher) SwaggerDoc() map[string]string { + return map[string]string{ + "": "InstancetypeMatcher references a instancetype that is used to fill fields in the VMI template.", + "name": "Name is the name of the VirtualMachineInstancetype or VirtualMachineClusterInstancetype\n\n+optional", + "kind": "Kind specifies which instancetype resource is referenced.\nAllowed values are: \"VirtualMachineInstancetype\" and \"VirtualMachineClusterInstancetype\".\nIf not specified, \"VirtualMachineClusterInstancetype\" is used by default.\n\n+optional", + "revisionName": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially\ncaptured the first time the instancetype is applied to the VirtualMachineInstance.\n\n+optional", + "inferFromVolume": "InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype\nto be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher\nthis field is removed.\n\n+optional", + } +} + +func (PreferenceMatcher) SwaggerDoc() map[string]string { return map[string]string{ - "": "FlavorMatcher references a flavor that is used to fill fields in the VMI template.", - "name": "Name is the name of the VirtualMachineFlavor or VirtualMachineClusterFlavor", - "kind": "Kind specifies which flavor resource is referenced.\nAllowed values are: \"VirtualMachineFlavor\" and \"VirtualMachineClusterFlavor\".\nIf not specified, \"VirtualMachineClusterFlavor\" is used by default.\n\n+optional", - "profile": "Profile is the name of a custom profile in the flavor. If left empty, the default profile is used.\n+optional", + "": "PreferenceMatcher references a set of preference that is used to fill fields in the VMI template.", + "name": "Name is the name of the VirtualMachinePreference or VirtualMachineClusterPreference\n\n+optional", + "kind": "Kind specifies which preference resource is referenced.\nAllowed values are: \"VirtualMachinePreference\" and \"VirtualMachineClusterPreference\".\nIf not specified, \"VirtualMachineClusterPreference\" is used by default.\n\n+optional", + "revisionName": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachinePreference or VirtualMachineClusterPreference to be used. This is\ninitially captured the first time the instancetype is applied to the VirtualMachineInstance.\n\n+optional", + "inferFromVolume": "InferFromVolume lists the name of a volume that should be used to infer or discover the preference\nto be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher\nthis field is removed.\n\n+optional", } } diff --git a/vendor/kubevirt.io/api/core/v1/zz_generated.defaults.go b/vendor/kubevirt.io/api/core/v1/zz_generated.defaults.go index b126c3003d..08972aea23 100644 --- a/vendor/kubevirt.io/api/core/v1/zz_generated.defaults.go +++ b/vendor/kubevirt.io/api/core/v1/zz_generated.defaults.go @@ -1,7 +1,8 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated /* -Copyright 2022 The KubeVirt Authors. +Copyright 2023 The KubeVirt Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -133,9 +134,6 @@ func SetObjectDefaults_VirtualMachine(in *VirtualMachine) { for i := range in.Spec.Template.Spec.Domain.Devices.Disks { a := &in.Spec.Template.Spec.Domain.Devices.Disks[i] SetDefaults_DiskDevice(&a.DiskDevice) - if a.DiskDevice.Floppy != nil { - SetDefaults_FloppyTarget(a.DiskDevice.Floppy) - } if a.DiskDevice.CDRom != nil { SetDefaults_CDRomTarget(a.DiskDevice.CDRom) } @@ -173,9 +171,6 @@ func SetObjectDefaults_VirtualMachine(in *VirtualMachine) { if a.AddVolumeOptions != nil { if a.AddVolumeOptions.Disk != nil { SetDefaults_DiskDevice(&a.AddVolumeOptions.Disk.DiskDevice) - if a.AddVolumeOptions.Disk.DiskDevice.Floppy != nil { - SetDefaults_FloppyTarget(a.AddVolumeOptions.Disk.DiskDevice.Floppy) - } if a.AddVolumeOptions.Disk.DiskDevice.CDRom != nil { SetDefaults_CDRomTarget(a.AddVolumeOptions.Disk.DiskDevice.CDRom) } @@ -275,9 +270,6 @@ func SetObjectDefaults_VirtualMachineInstance(in *VirtualMachineInstance) { for i := range in.Spec.Domain.Devices.Disks { a := &in.Spec.Domain.Devices.Disks[i] SetDefaults_DiskDevice(&a.DiskDevice) - if a.DiskDevice.Floppy != nil { - SetDefaults_FloppyTarget(a.DiskDevice.Floppy) - } if a.DiskDevice.CDRom != nil { SetDefaults_CDRomTarget(a.DiskDevice.CDRom) } @@ -404,9 +396,6 @@ func SetObjectDefaults_VirtualMachineInstancePreset(in *VirtualMachineInstancePr for i := range in.Spec.Domain.Devices.Disks { a := &in.Spec.Domain.Devices.Disks[i] SetDefaults_DiskDevice(&a.DiskDevice) - if a.DiskDevice.Floppy != nil { - SetDefaults_FloppyTarget(a.DiskDevice.Floppy) - } if a.DiskDevice.CDRom != nil { SetDefaults_CDRomTarget(a.DiskDevice.CDRom) } @@ -528,9 +517,6 @@ func SetObjectDefaults_VirtualMachineInstanceReplicaSet(in *VirtualMachineInstan for i := range in.Spec.Template.Spec.Domain.Devices.Disks { a := &in.Spec.Template.Spec.Domain.Devices.Disks[i] SetDefaults_DiskDevice(&a.DiskDevice) - if a.DiskDevice.Floppy != nil { - SetDefaults_FloppyTarget(a.DiskDevice.Floppy) - } if a.DiskDevice.CDRom != nil { SetDefaults_CDRomTarget(a.DiskDevice.CDRom) } diff --git a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types.go b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types.go index 25ea8aba7b..cf9a55fab6 100644 --- a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types.go +++ b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types.go @@ -17,9 +17,10 @@ limitations under the License. package v1beta1 import ( + ocpconfigv1 "github.com/openshift/api/config/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - sdkapi "kubevirt.io/controller-lifecycle-operator-sdk/pkg/sdk/api" + sdkapi "kubevirt.io/controller-lifecycle-operator-sdk/api" ) // DataVolume is an abstraction on top of PersistentVolumeClaims to allow easy population of those PersistentVolumeClaims with relation to VirtualMachines @@ -260,7 +261,7 @@ type DataVolumeStatus struct { Conditions []DataVolumeCondition `json:"conditions,omitempty" optional:"true"` } -//DataVolumeList provides the needed parameters to do request a list of Data Volumes from the system +// DataVolumeList provides the needed parameters to do request a list of Data Volumes from the system // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type DataVolumeList struct { metav1.TypeMeta `json:",inline"` @@ -358,7 +359,7 @@ const DataVolumeCloneSourceSubresource = "source" // see https://github.com/kubernetes/code-generator/issues/59 // +genclient:nonNamespaced -//StorageProfile provides a CDI specific recommendation for storage parameters +// StorageProfile provides a CDI specific recommendation for storage parameters // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true @@ -372,7 +373,7 @@ type StorageProfile struct { Status StorageProfileStatus `json:"status,omitempty"` } -//StorageProfileSpec defines specification for StorageProfile +// StorageProfileSpec defines specification for StorageProfile type StorageProfileSpec struct { // CloneStrategy defines the preferred method for performing a CDI clone CloneStrategy *CDICloneStrategy `json:"cloneStrategy,omitempty"` @@ -380,7 +381,7 @@ type StorageProfileSpec struct { ClaimPropertySets []ClaimPropertySet `json:"claimPropertySets,omitempty"` } -//StorageProfileStatus provides the most recently observed status of the StorageProfile +// StorageProfileStatus provides the most recently observed status of the StorageProfile type StorageProfileStatus struct { // The StorageClass name for which capabilities are defined StorageClass *string `json:"storageClass,omitempty"` @@ -404,7 +405,7 @@ type ClaimPropertySet struct { VolumeMode *corev1.PersistentVolumeMode `json:"volumeMode,omitempty" protobuf:"bytes,6,opt,name=volumeMode,casttype=PersistentVolumeMode"` } -//StorageProfileList provides the needed parameters to request a list of StorageProfile from the system +// StorageProfileList provides the needed parameters to request a list of StorageProfile from the system // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type StorageProfileList struct { metav1.TypeMeta `json:",inline"` @@ -442,6 +443,8 @@ type DataSourceSource struct { // DataSourceStatus provides the most recently observed status of the DataSource type DataSourceStatus struct { + // Source is the current source of the data referenced by the DataSource + Source DataSourceSource `json:"source,omitempty"` Conditions []DataSourceCondition `json:"conditions,omitempty" optional:"true"` } @@ -654,13 +657,13 @@ type CDICloneStrategy string const ( // CloneStrategyHostAssisted specifies slower, host-assisted copy - CloneStrategyHostAssisted = "copy" + CloneStrategyHostAssisted CDICloneStrategy = "copy" // CloneStrategySnapshot specifies snapshot-based copying - CloneStrategySnapshot = "snapshot" + CloneStrategySnapshot CDICloneStrategy = "snapshot" // CloneStrategyCsiClone specifies csi volume clone based cloning - CloneStrategyCsiClone = "csi-clone" + CloneStrategyCsiClone CDICloneStrategy = "csi-clone" ) // CDIUninstallStrategy defines the state to leave CDI on uninstall @@ -682,7 +685,7 @@ type CDIStatus struct { sdkapi.Status `json:",inline"` } -//CDIList provides the needed parameters to do request a list of CDIs from the system +// CDIList provides the needed parameters to do request a list of CDIs from the system // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CDIList struct { metav1.TypeMeta `json:",inline"` @@ -710,12 +713,12 @@ type CDIConfig struct { Status CDIConfigStatus `json:"status,omitempty"` } -//Percent is a string that can only be a value between [0,1) +// Percent is a string that can only be a value between [0,1) // (Note: we actually rely on reconcile to reject invalid values) // +kubebuilder:validation:Pattern=`^(0(?:\.\d{1,3})?|1)$` type Percent string -//FilesystemOverhead defines the reserved size for PVCs with VolumeMode: Filesystem +// FilesystemOverhead defines the reserved size for PVCs with VolumeMode: Filesystem type FilesystemOverhead struct { // Global is how much space of a Filesystem volume should be reserved for overhead. This value is used unless overridden by a more specific value (per storageClass) Global Percent `json:"global,omitempty"` @@ -723,7 +726,7 @@ type FilesystemOverhead struct { StorageClass map[string]Percent `json:"storageClass,omitempty"` } -//CDIConfigSpec defines specification for user configuration +// CDIConfigSpec defines specification for user configuration type CDIConfigSpec struct { // Override the URL used when uploading to a DataVolume UploadProxyURLOverride *string `json:"uploadProxyURLOverride,omitempty"` @@ -742,9 +745,14 @@ type CDIConfigSpec struct { Preallocation *bool `json:"preallocation,omitempty"` // InsecureRegistries is a list of TLS disabled registries InsecureRegistries []string `json:"insecureRegistries,omitempty"` + // DataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. The default is 0 sec. To disable GC use -1. + // +optional + DataVolumeTTLSeconds *int32 `json:"dataVolumeTTLSeconds,omitempty"` + // TLSSecurityProfile is used by operators to apply cluster-wide TLS security settings to operands. + TLSSecurityProfile *ocpconfigv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` } -//CDIConfigStatus provides the most recently observed status of the CDI Config resource +// CDIConfigStatus provides the most recently observed status of the CDI Config resource type CDIConfigStatus struct { // The calculated upload proxy URL UploadProxyURL *string `json:"uploadProxyURL,omitempty"` @@ -761,7 +769,7 @@ type CDIConfigStatus struct { Preallocation bool `json:"preallocation,omitempty"` } -//CDIConfigList provides the needed parameters to do request a list of CDIConfigs from the system +// CDIConfigList provides the needed parameters to do request a list of CDIConfigs from the system // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CDIConfigList struct { metav1.TypeMeta `json:",inline"` @@ -771,7 +779,7 @@ type CDIConfigList struct { Items []CDIConfig `json:"items"` } -//ImportProxy provides the information on how to configure the importer pod proxy. +// ImportProxy provides the information on how to configure the importer pod proxy. type ImportProxy struct { // HTTPProxy is the URL http://:@: of the import proxy for HTTP requests. Empty means unset and will not result in the import pod env var. // +optional diff --git a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types_swagger_generated.go b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types_swagger_generated.go index d4a61ed9b1..986b8c3589 100644 --- a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types_swagger_generated.go +++ b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types_swagger_generated.go @@ -215,7 +215,8 @@ func (DataSourceSource) SwaggerDoc() map[string]string { func (DataSourceStatus) SwaggerDoc() map[string]string { return map[string]string{ - "": "DataSourceStatus provides the most recently observed status of the DataSource", + "": "DataSourceStatus provides the most recently observed status of the DataSource", + "source": "Source is the current source of the data referenced by the DataSource", } } @@ -362,6 +363,8 @@ func (CDIConfigSpec) SwaggerDoc() map[string]string { "filesystemOverhead": "FilesystemOverhead describes the space reserved for overhead when using Filesystem volumes. A value is between 0 and 1, if not defined it is 0.055 (5.5% overhead)", "preallocation": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", "insecureRegistries": "InsecureRegistries is a list of TLS disabled registries", + "dataVolumeTTLSeconds": "DataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. The default is 0 sec. To disable GC use -1.\n+optional", + "tlsSecurityProfile": "TLSSecurityProfile is used by operators to apply cluster-wide TLS security settings to operands.", } } diff --git a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/zz_generated.deepcopy.go b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/zz_generated.deepcopy.go index 1b93ba714f..7010e9c5f9 100644 --- a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/zz_generated.deepcopy.go +++ b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/zz_generated.deepcopy.go @@ -22,6 +22,7 @@ limitations under the License. package v1beta1 import ( + configv1 "github.com/openshift/api/config/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -185,6 +186,16 @@ func (in *CDIConfigSpec) DeepCopyInto(out *CDIConfigSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.DataVolumeTTLSeconds != nil { + in, out := &in.DataVolumeTTLSeconds, &out.DataVolumeTTLSeconds + *out = new(int32) + **out = **in + } + if in.TLSSecurityProfile != nil { + in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile + *out = new(configv1.TLSSecurityProfile) + (*in).DeepCopyInto(*out) + } return } @@ -667,6 +678,7 @@ func (in *DataSourceSpec) DeepCopy() *DataSourceSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DataSourceStatus) DeepCopyInto(out *DataSourceStatus) { *out = *in + in.Source.DeepCopyInto(&out.Source) if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions *out = make([]DataSourceCondition, len(*in)) diff --git a/vendor/kubevirt.io/controller-lifecycle-operator-sdk/api/LICENSE b/vendor/kubevirt.io/controller-lifecycle-operator-sdk/api/LICENSE new file mode 100644 index 0000000000..261eeb9e9f --- /dev/null +++ b/vendor/kubevirt.io/controller-lifecycle-operator-sdk/api/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/kubevirt.io/controller-lifecycle-operator-sdk/api/types.go b/vendor/kubevirt.io/controller-lifecycle-operator-sdk/api/types.go new file mode 100644 index 0000000000..b99715c3cd --- /dev/null +++ b/vendor/kubevirt.io/controller-lifecycle-operator-sdk/api/types.go @@ -0,0 +1,130 @@ +package api + +import ( + conditions "github.com/openshift/custom-resource-status/conditions/v1" + corev1 "k8s.io/api/core/v1" +) + +// Phase is the current phase of the deployment +type Phase string + +const ( + // PhaseDeploying signals that the resources are being deployed + PhaseDeploying Phase = "Deploying" + + // PhaseDeployed signals that the resources are successfully deployed + PhaseDeployed Phase = "Deployed" + + // PhaseDeleting signals that the resources are being removed + PhaseDeleting Phase = "Deleting" + + // PhaseDeleted signals that the resources are deleted + PhaseDeleted Phase = "Deleted" + + // PhaseError signals that the deployment is in an error state + PhaseError Phase = "Error" + + // PhaseUpgrading signals that the resources are being deployed + PhaseUpgrading Phase = "Upgrading" + + // PhaseEmpty is an uninitialized phase + PhaseEmpty Phase = "" +) + +// Status represents status of a operator configuration resource; must be inlined in the operator configuration resource status +type Status struct { + Phase Phase `json:"phase,omitempty"` + // A list of current conditions of the resource + Conditions []conditions.Condition `json:"conditions,omitempty" optional:"true"` + // The version of the resource as defined by the operator + OperatorVersion string `json:"operatorVersion,omitempty" optional:"true"` + // The desired version of the resource + TargetVersion string `json:"targetVersion,omitempty" optional:"true"` + // The observed version of the resource + ObservedVersion string `json:"observedVersion,omitempty" optional:"true"` +} + +// NodePlacement describes node scheduling configuration. +// +k8s:openapi-gen=true +type NodePlacement struct { + // nodeSelector is the node selector applied to the relevant kind of pods + // It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + // the node must have each of the indicated key-value pairs as labels + // (it can have additional labels as well). + // See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + // +kubebuilder:validation:Optional + // +optional + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + + // affinity enables pod affinity/anti-affinity placement expanding the types of constraints + // that can be expressed with nodeSelector. + // affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + // See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + // +kubebuilder:validation:Optional + // +optional + Affinity *corev1.Affinity `json:"affinity,omitempty"` + + // tolerations is a list of tolerations applied to the relevant kind of pods + // See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + // These are additional tolerations other than default ones. + // +kubebuilder:validation:Optional + // +optional + Tolerations []corev1.Toleration `json:"tolerations,omitempty"` +} + +// DeepCopyInto is copying the receiver, writing into out. in must be non-nil. +func (in *Status) DeepCopyInto(out *Status) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]conditions.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePlacement) DeepCopyInto(out *NodePlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Affinity != nil { + in, out := &in.Affinity, &out.Affinity + *out = new(corev1.Affinity) + (*in).DeepCopyInto(*out) + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePlacement. +func (in *NodePlacement) DeepCopy() *NodePlacement { + if in == nil { + return nil + } + out := new(NodePlacement) + in.DeepCopyInto(out) + return out +} + +// SwaggerDoc provides documentation for NodePlacement +func (NodePlacement) SwaggerDoc() map[string]string { + return map[string]string{ + "": "NodePlacement describes node scheduling configuration.", + "nodeSelector": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector\n+kubebuilder:validation:Optional\n+optional", + "affinity": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity\n+kubebuilder:validation:Optional\n+optional", + "tolerations": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.\n+kubebuilder:validation:Optional\n+optional", + } +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 17ecbfda89..9f120fe008 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -19,7 +19,7 @@ github.com/cespare/xxhash/v2 # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/emicklei/go-restful v2.10.0+incompatible +# github.com/emicklei/go-restful v2.15.0+incompatible ## explicit github.com/emicklei/go-restful github.com/emicklei/go-restful/log @@ -32,7 +32,7 @@ github.com/fsnotify/fsnotify # github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 ## explicit github.com/ghodss/yaml -# github.com/go-logr/logr v1.2.2 +# github.com/go-logr/logr v1.2.3 ## explicit; go 1.16 github.com/go-logr/logr # github.com/go-logr/zapr v1.2.0 @@ -162,7 +162,7 @@ github.com/openshift/api/image/docker10 github.com/openshift/api/image/dockerpre012 github.com/openshift/api/image/v1 github.com/openshift/api/route/v1 -# github.com/openshift/custom-resource-status v1.1.0 +# github.com/openshift/custom-resource-status v1.1.2 ## explicit; go 1.12 github.com/openshift/custom-resource-status/conditions/v1 github.com/openshift/custom-resource-status/objectreferences/v1 @@ -361,7 +361,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.23.3 => k8s.io/api v0.23.2 +# k8s.io/api v0.23.5 => k8s.io/api v0.23.2 ## explicit; go 1.16 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -410,12 +410,12 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.23.0 => k8s.io/apiextensions-apiserver v0.23.2 +# k8s.io/apiextensions-apiserver v0.23.5 => k8s.io/apiextensions-apiserver v0.23.2 ## explicit; go 1.16 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1 -# k8s.io/apimachinery v0.23.3 => k8s.io/apimachinery v0.23.2 +# k8s.io/apimachinery v0.23.5 => k8s.io/apimachinery v0.23.2 ## explicit; go 1.16 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -608,7 +608,7 @@ k8s.io/kube-openapi/pkg/common k8s.io/kube-openapi/pkg/schemaconv k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b +# k8s.io/utils v0.0.0-20211116205334-6203023598ed ## explicit; go 1.12 k8s.io/utils/buffer k8s.io/utils/clock @@ -618,17 +618,20 @@ k8s.io/utils/internal/third_party/forked/golang/net k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/trace -# kubevirt.io/api v0.49.0 -## explicit; go 1.16 +# kubevirt.io/api v0.59.2 +## explicit; go 1.17 kubevirt.io/api/core kubevirt.io/api/core/v1 -# kubevirt.io/containerized-data-importer-api v1.43.2 -## explicit; go 1.16 +# kubevirt.io/containerized-data-importer-api v1.55.0 +## explicit; go 1.18 kubevirt.io/containerized-data-importer-api/pkg/apis/core kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1 # kubevirt.io/controller-lifecycle-operator-sdk v0.2.3 ## explicit; go 1.14 kubevirt.io/controller-lifecycle-operator-sdk/pkg/sdk/api +# kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 +## explicit; go 1.17 +kubevirt.io/controller-lifecycle-operator-sdk/api # kubevirt.io/node-maintenance-operator v0.11.3 ## explicit; go 1.16 kubevirt.io/node-maintenance-operator/api/v1beta1