diff --git a/.copyrightignore b/.copyrightignore new file mode 100644 index 000000000..291f2a90e --- /dev/null +++ b/.copyrightignore @@ -0,0 +1,4 @@ +#file extensions to ignore on top of .gitignore +.copyrightignore +_generated.go +test/functional/resources/hive_v1_clusterdeployment_crd.yaml \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 000000000..849ced6c5 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,78 @@ +[comment]: # ( Copyright Contributors to the Open Cluster Management project )**Table of Contents** + +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at [acm-contact@redhat.com](mailto:acm-contact@redhat.com). All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html. + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5c84f259b..2dac526a1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,33 +1,32 @@ -[comment]: # ( Copyright Contributors to the Open Cluster Management project ) +[comment]: # ( Copyright Contributors to the Open Cluster Management project )**Table of Contents** + +- [Contributing guidelines](#contributing-guidelines) + - [Terms](#terms) + - [Certificate of Origin](#certificate-of-origin) + - [Contributing a patch](#contributing-a-patch) + - [Issue and pull request management](#issue-and-pull-request-management) + - [Requirements](#requirements) + - [Develop new commands](#Develop-new-commands) + # Contributing guidelines -## Contributions +## Terms All contributions to the repository must be submitted under the terms of the [Apache Public License 2.0](https://www.apache.org/licenses/LICENSE-2.0). ## Certificate of Origin -By contributing to this project you agree to the Developer Certificate of -Origin (DCO). This document was created by the Linux Kernel community and is a -simple statement that you, as a contributor, have the legal right to make the -contribution. See the [DCO](DCO) file for details. - -## Contributing A Patch - -1. Submit an issue describing your proposed change to the repo in question. -2. The [repo owners](OWNERS) will respond to your issue promptly. -3. Fork the desired repo, develop and test your code changes. -4. Submit a pull request. +By contributing to this project, you agree to the Developer Certificate of Origin (DCO). This document was created by the Linux Kernel community and is a simple statement that you, as a contributor, have the legal right to make the contribution. See the [DCO](DCO) file for details. -## Issue and Pull Request Management +## Contributing a patch -Anyone may comment on issues and submit reviews for pull requests. However, in -order to be assigned an issue or pull request, you must be a member of the -[open-cluster-management](https://github.com/open-cluster-management) GitHub organization. +1. Submit an issue describing your proposed change to the repository in question. The repository owners will respond to your issue promptly. +2. Fork the desired repository, then develop and test your code changes. +3. Submit a pull request. -Repo maintainers can assign you an issue or pull request by leaving a -`/assign ` comment on the issue or pull request. +## Issue and pull request management +Anyone can comment on issues and submit reviews for pull requests. In order to be assigned an issue or pull request, you can leave a `/assign ` comment on the issue or pull request. # Requirements - Go 1.16 diff --git a/DCO b/DCO new file mode 100644 index 000000000..8201f9921 --- /dev/null +++ b/DCO @@ -0,0 +1,37 @@ +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +1 Letterman Drive +Suite D4700 +San Francisco, CA, 94129 + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. diff --git a/MISSION.md b/MISSION.md new file mode 100644 index 000000000..b93aef960 --- /dev/null +++ b/MISSION.md @@ -0,0 +1,101 @@ +[comment]: # ( Copyright Contributors to the Open Cluster Management project )**Table of Contents** + +## Mission Statement + +We seek to form an open community around multicluster and multicloud scenarios for containerized applications. We propose to anchor the initial community around github.com/open-cluster-management and open-cluster-management.io. + +We seek to add value to the community by a focused effort around many aspects of how users are deploying and managing Kubernetes clusters today. We seek to engage other parts of the community and both contribute to pre-existing efforts and invite contributors in those communities to cross-collaborate as part of this project. + +We are initially interested in the following lifecycles associated with expanding adoption of Kubernetes: + +1. Cluster Lifecycle. How are clusters provisioned, upgraded, registered, scaled out or in and decommissioned? +2. Policy & Configuration Lifecycle. How are clusters configured, audited, secured, access controlled, managed for quota or cost? +3. Application Lifecycle. How are containerized or hybrid applications delivered across one or more clusters? How are those applications kept current with ongoing changes? +4. Observability. How does a user understand the health of their cluster fleet? How does a user understand the health of distributed applications? How does a user search available clusters or applications and diagnose problems when they occur? + +Our initial goals for the project are to define API and reference implementations for common use cases that we have observed as users grow their adoption of Kubernetes: + +- Define API for cluster registration independent of cluster CRUD lifecycle. +- Define API for work distribution across multiple clusters. +- Define API for dynamic placement of content and behavior across multiple clusters. +- Define API for policy definition to ensure desired configuration and security settings are auditable or enforceable. +- Define API for distributed application delivery across many clusters and the ability to deliver ongoing updates. +- Define API to collect cluster and application health metrics and alerts across multiple clusters. + +We expect that over time, the project will make sense to contribute to an appropriate foundation for stewardship. In the meantime, we intend to engage and contribute where similar use cases are under active discussion in the community including the Kubernetes SIG-Multicluster and SIG-Policy workgroups, among others. + +## Contributor Code of Conduct +The Open Cluster Management project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). The English text of the CNCF Code of Conduct is made available here for reference. Additional [language translations](https://github.com/cncf/foundation/blob/master/code-of-conduct.md) are available. + +“As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities. + +We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality. +Examples of unacceptable behavior by participants include: +The use of sexualized language or imagery +Personal attacks +Trolling or insulting/derogatory comments +Public or private harassment +Publishing others' private information, such as physical or electronic addresses, without explicit permission +Other unethical or unprofessional conduct. +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team. +This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.” +Instances of abusive, harassing, or otherwise unacceptable behavior in Open Cluster Management may be reported by contacting [NEED POINT OF CONTACT].” [[Reference](https://github.com/cncf/foundation/blob/master/code-of-conduct.md)] + +## Getting Involved + +Anyone who is interested in getting involved is welcome to contribute in a number of ways: + +Join the recurring meeting forums (see below) to provide input as a stakeholder and help validate proposed use cases. +Suggest enhancements via github.com/open-cluster-management/enhancements for consideration to the community. +Contribute to development via Pull Request for new enhancements or defect fixes. + +Suggested API and implementations will be accepted in accordance with the broad use cases outlined above. Our goal is to reserve the Kubernetes API Group open-cluster-management.io for well-reviewed and widely supported features. + +## Community Meeting Forum + +To ensure opportunities for broad user contributions, a public forum will be hosted to demonstrate new capabilities, solicit feedback and offer a forum for real time Q&A. +Meeting recordings will be posted to a YouTube channel for offline viewing. + +- Public Agenda (Link TBD) +- First Monday of the month + - 5-6 PM US Pacific / 8-9 PM US Eastern / 1-2 AM GMT / 8-9 AM (Tuesday) China +- Third Monday of the month + - 8-9 AM US Pacific / 11 AM - 12 PM US Eastern / 4-5 PM GMT / 8-9 PM (Monday) China + +## Community Architecture Forum + +Technical discussions will also be held in an open forum. The topics for the Community Architecture Forum will cover technical review of APIs and relevant implementation details. +Meeting recordings will be posted to a YouTube channel for offline viewing. + + +- Public Agenda (Link TBD) +- Second Monday of the month + - 5-6 PM US Pacific / 8-9 PM US Eastern / 1-2 AM GMT / 8-9 AM (Tuesday) China +- Fourth Monday of the month + - 8-9 AM US Pacific / 11 AM -12 PM US Eastern / 4-5 PM GMT / 8-9 PM (Monday) China + +## Communication + +A public [Google Group](https://groups.google.com/g/open-cluster-management) has been created to facilitate offline discussion outside of Github issues or Pull Requests. + +The project team has chosen to defer a new Slack team until we get enough critical mass in the community to warrant joining another Slack team or workspace. + +## Governance + +* **Committees** The project will initially have a 3-person Bootstrap Steering Committee. The present steering + committee is a bootstrap committee and we want to work towards a future state where there is community representation and community determination of the steering committee members. In that future state, the steering committee size may be expanded to meet the needs of the community. + +* **Special Interest Group (SIG)** are persistent open groups that focus on a part of the project. + SIGs must have open and transparent proceedings. + Anyone is welcome to participate and contribute provided they follow the Code of Conduct. + + The project has a bootstrap [sig-architecture](sig-architecture) to provide oversight and guidance on API and architectural aspects of the project to ensure a consistent and robust technical foundation for the project. More SIGs are expected to be established with the evolution of the project. + +## Public Roadmap + + + + +## Security Response + +Please see https://github.com/open-cluster-management/community/blob/master/SECURITY.md. \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md index fae05c6ce..93607e2ee 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,5 @@ [comment]: # ( Copyright Contributors to the Open Cluster Management project ) # Security Response -If you've found a security issue that you'd like to disclose confidentially please contact Red Hat's Product Security team. -Details at https://access.redhat.com/security/team/contact \ No newline at end of file +If you've found a security issue that you'd like to disclose confidentially please contact Red Hat's Product Security team. +Details at https://access.redhat.com/security/team/contact diff --git a/build/check-copyright.sh b/build/check-copyright.sh index 1558d280c..7efea133b 100755 --- a/build/check-copyright.sh +++ b/build/check-copyright.sh @@ -9,7 +9,8 @@ # set -x TMP_FILE="tmp_file" -ALL_FILES=$(find . -name "*" | grep -v build-harness | grep -v kind_kubeconfig.yaml | grep -v test/functional/tmp | grep -v _generated ) +ALL_FILES=$(git ls-files | \ + grep -v -f <(sed 's/\([.|]\)/\\\1/g; s/\?/./g ; s/\*/.*/g' .copyrightignore)) COMMUNITY_COPY_HEADER_FILE="$PWD/build/copyright-header.txt" diff --git a/build/run-functional-tests.sh b/build/run-functional-tests.sh index ba697b5c5..5386dc2ef 100755 --- a/build/run-functional-tests.sh +++ b/build/run-functional-tests.sh @@ -2,17 +2,22 @@ # Copyright Contributors to the Open Cluster Management project # set -x +set -e TEST_DIR=test/functional TEST_RESULT_DIR=$TEST_DIR/tmp ERROR_REPORT="" CLUSTER_NAME=$PROJECT_NAME-functional-test -kind create cluster --name $CLUSTER_NAME -# Configure the kind cluster -cm applier -d $TEST_DIR/resources +export KUBECONFIG=$TEST_DIR/tmp/kind.yaml rm -rf $TEST_RESULT_DIR mkdir -p $TEST_RESULT_DIR +kind create cluster --name ${CLUSTER_NAME} +kind get kubeconfig --name ${CLUSTER_NAME} > ${TEST_DIR}/tmp/kind.yaml + +# Configure the kind cluster +cm applier -d $TEST_DIR/resources + echo "Test cm create cluster AWS" cm create cluster --values $TEST_DIR/create/cluster/aws_values.yaml -o $TEST_RESULT_DIR/aws_result.yaml diff -u $TEST_DIR/create/cluster/aws_result.yaml $TEST_RESULT_DIR/aws_result.yaml diff --git a/docs/cluster.md b/docs/cluster.md index 8c661e9a0..725eec3cc 100644 --- a/docs/cluster.md +++ b/docs/cluster.md @@ -18,6 +18,8 @@ cm cluster cat values.yaml | cm cluster ``` +The values.yaml have the same format and so if one is used for `create` it can be used for `attach`, `delete`, `detach`. + ## Help ```bash @@ -29,6 +31,12 @@ cm cluster -h ### Attach Cluster The `attach` verb provides the capability to attach a cluster to a hub. +The `attach` can be done on different ways. +1. Manually, meaning once you ran the `attach` you still have to run an `cm apply` command (provided by the execution of the `attach` command) to install the agent on the managed cluster. +2. Automatically by providing the kubeconfig in the [values.yaml](../pkg/cmd/attach/cluster/scenario/attach/values-template.yaml), then a secret will be created on the hub cluster and the system will use it to install the agent. The secret is deleled if the `attach` failed or succeed and so the credentials are not kept on the hub. +3. Automatically by providing the pair server/token in the [values.yaml](../pkg/cmd/attach/cluster/scenario/attach/values-template.yaml) and again a secret will be created on the hub and the system will use it to install the agent. The secret is deleled if the `attach` failed or succeed and so the credentials are not kept on the hub. +4. Automatically when the cluster was provisionned with hive. If the cluster was provisionned with hive, a clusterdeployemnt custom resource exists which contain a secret to access the remote cluster and thus if you `attach` a hive cluster, you don't have to provide any credential to access the cluster. The system will find out the credentials and attach the cluster. +5. Attaching the hub: by default the hub is attached but if you detached it and want to reattach it you just have to provide a [values.yaml](../pkg/cmd/attach/cluster/scenario/attach/values-template.yaml) with a cluster name `local-cluster`. The system will recognized that name and use the cluster credentials to do the attach. ### Detach Cluster diff --git a/pkg/cmd/attach/cluster/exec.go b/pkg/cmd/attach/cluster/exec.go index 4f3984a9f..4c0039fa5 100644 --- a/pkg/cmd/attach/cluster/exec.go +++ b/pkg/cmd/attach/cluster/exec.go @@ -10,6 +10,8 @@ import ( "github.com/ghodss/yaml" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/types" crclient "sigs.k8s.io/controller-runtime/pkg/client" @@ -34,31 +36,45 @@ func (o *Options) complete(cmd *cobra.Command, args []string) (err error) { return fmt.Errorf("values are missing") } + imc, ok := o.values["managedCluster"] + if !ok || imc == nil { + return fmt.Errorf("managedCluster is missing") + } + mc := imc.(map[string]interface{}) + if o.clusterKubeConfig == "" { - if ikubeConfig, ok := o.values["kubeConfig"]; ok { + if ikubeConfig, ok := mc["kubeConfig"]; ok { o.clusterKubeConfig = ikubeConfig.(string) } } - o.values["kubeConfig"] = o.clusterKubeConfig + mc["kubeConfig"] = o.clusterKubeConfig if o.clusterServer == "" { - if iclusterServer, ok := o.values["server"]; ok { + if iclusterServer, ok := mc["server"]; ok { o.clusterServer = iclusterServer.(string) } } - o.values["server"] = o.clusterServer + mc["server"] = o.clusterServer if o.clusterToken == "" { - if iclusterToken, ok := o.values["token"]; ok { + if iclusterToken, ok := mc["token"]; ok { o.clusterToken = iclusterToken.(string) } } - o.values["token"] = o.clusterToken + mc["token"] = o.clusterToken return nil } func (o *Options) validate() error { + client, err := helpers.GetControllerRuntimeClientFromFlags(o.applierScenariosOptions.ConfigFlags) + if err != nil { + return err + } + return o.validateWithClient(client) +} + +func (o *Options) validateWithClient(client crclient.Client) error { if o.applierScenariosOptions.OutTemplatesDir != "" { return nil } @@ -92,11 +108,29 @@ func (o *Options) validate() error { return fmt.Errorf("server or token is missing or should be removed") } + cd := unstructured.Unstructured{} + cd.SetKind("ClusterDeployment") + cd.SetAPIVersion("hive.openshift.io/v1") + err := client.Get(context.TODO(), + crclient.ObjectKey{ + Name: o.clusterName, + Namespace: o.clusterName, + }, &cd) + + if err != nil { + if !errors.IsNotFound(err) { + return err + } + } else { + o.hiveScenario = true + } + if o.applierScenariosOptions.OutFile == "" && o.clusterKubeConfig == "" && o.clusterToken == "" && o.clusterServer == "" && - o.importFile == "" { + o.importFile == "" && + !o.hiveScenario { return fmt.Errorf("either kubeConfig or token/server or import-file must be provided") } } @@ -136,7 +170,8 @@ func (o *Options) runWithClient(client crclient.Client) (err error) { return err } - if o.importFile != "" && + if !o.hiveScenario && + o.importFile != "" && o.applierScenariosOptions.OutFile == "" && o.clusterName != "local-cluster" { time.Sleep(10 * time.Second) @@ -169,6 +204,7 @@ func (o *Options) runWithClient(client crclient.Client) (err error) { } if !o.applierScenariosOptions.Silent { fmt.Printf("Execute this command on the managed cluster\n%s applier -d %s\n", helpers.GetExampleHeader(), o.importFile) + return nil } } return nil diff --git a/pkg/cmd/attach/cluster/exec_test.go b/pkg/cmd/attach/cluster/exec_test.go index 5af88192a..002b3309c 100644 --- a/pkg/cmd/attach/cluster/exec_test.go +++ b/pkg/cmd/attach/cluster/exec_test.go @@ -94,33 +94,42 @@ func TestOptions_complete(t *testing.T) { if err := o.complete(tt.args.cmd, tt.args.args); (err != nil) != tt.wantErr { t.Errorf("Options.complete() error = %v, wantErr %v", err, tt.wantErr) } - if tt.name == "Sucess, replacing values" { - if o.values["kubeConfig"] != o.clusterKubeConfig { - t.Errorf("Expect %s got %s", o.clusterKubeConfig, o.values["kubeConfig"]) + if !tt.wantErr { + imc, ok := o.values["managedCluster"] + if !ok || imc == nil { + t.Errorf("missing managedCluster") } - if o.values["server"] != o.clusterServer { - t.Errorf("Expect %s got %s", o.clusterServer, o.values["server"]) - } - if o.values["token"] != o.clusterToken { - t.Errorf("Expect %s got %s", o.clusterToken, o.values["token"]) - } - } - if tt.name == "Sucess, not replacing values" { - if o.values["kubeConfig"] != "myKubeConfig" { - t.Errorf("Expect %s got %s", "myKubeConfig", o.values["kubeConfig"]) - } - if o.values["server"] != "myServer" { - t.Errorf("Expect %s got %s", "myServer", o.values["server"]) + mc := imc.(map[string]interface{}) + + if tt.name == "Sucess, replacing values" { + if mc["kubeConfig"] != o.clusterKubeConfig { + t.Errorf("Expect %s got %s", o.clusterKubeConfig, mc["kubeConfig"]) + } + if mc["server"] != o.clusterServer { + t.Errorf("Expect %s got %s", o.clusterServer, mc["server"]) + } + if mc["token"] != o.clusterToken { + t.Errorf("Expect %s got %s", o.clusterToken, mc["token"]) + } } - if o.values["token"] != "myToken" { - t.Errorf("Expect %s got %s", "myToken", o.values["token"]) + if tt.name == "Sucess, not replacing values" { + if mc["kubeConfig"] != "myKubeConfig" { + t.Errorf("Expect %s got %s", "myKubeConfig", mc["kubeConfig"]) + } + if mc["server"] != "myServer" { + t.Errorf("Expect %s got %s", "myServer", mc["server"]) + } + if mc["token"] != "myToken" { + t.Errorf("Expect %s got %s", "myToken", mc["token"]) + } } } }) } } -func TestAttachClusterOptions_Validate(t *testing.T) { +func TestAttachClusterOptions_ValidateWithClient(t *testing.T) { + client := crclientfake.NewFakeClient() type fields struct { applierScenariosOptions *applierscenarios.ApplierScenariosOptions values map[string]interface{} @@ -275,7 +284,7 @@ func TestAttachClusterOptions_Validate(t *testing.T) { clusterKubeConfig: tt.fields.clusterKubeConfig, importFile: tt.fields.importFile, } - if err := o.validate(); (err != nil) != tt.wantErr { + if err := o.validateWithClient(client); (err != nil) != tt.wantErr { t.Errorf("AttachClusterOptions.Validate() error = %v, wantErr %v", err, tt.wantErr) } }) diff --git a/pkg/cmd/attach/cluster/options.go b/pkg/cmd/attach/cluster/options.go index 7452751f2..6d22d4db9 100644 --- a/pkg/cmd/attach/cluster/options.go +++ b/pkg/cmd/attach/cluster/options.go @@ -15,6 +15,7 @@ type Options struct { clusterToken string clusterKubeConfig string importFile string + hiveScenario bool } func newOptions(streams genericclioptions.IOStreams) *Options { diff --git a/pkg/cmd/attach/cluster/scenario/attach/hub/klusterlet_addon_config_cr.yaml b/pkg/cmd/attach/cluster/scenario/attach/hub/klusterlet_addon_config_cr.yaml index 28dbff08c..a9e789d15 100644 --- a/pkg/cmd/attach/cluster/scenario/attach/hub/klusterlet_addon_config_cr.yaml +++ b/pkg/cmd/attach/cluster/scenario/attach/hub/klusterlet_addon_config_cr.yaml @@ -12,13 +12,13 @@ spec: cloud: auto-detect vendor: auto-detect applicationManager: - enabled: {{ .addons.applicationManager.enabled }} - argocdCluster: {{ .addons.applicationManager.argocdCluster }} + enabled: {{ .managedCluster.addons.applicationManager.enabled }} + argocdCluster: {{ .managedCluster.addons.applicationManager.argocdCluster }} policyController: - enabled: {{ .addons.policyController.enabled }} + enabled: {{ .managedCluster.addons.policyController.enabled }} searchCollector: - enabled: {{ .addons.searchCollector.enabled }} + enabled: {{ .managedCluster.addons.searchCollector.enabled }} certPolicyController: - enabled: {{ .addons.certPolicyController.enabled }} + enabled: {{ .managedCluster.addons.certPolicyController.enabled }} iamPolicyController: - enabled: {{ .addons.iamPolicyController.enabled }} + enabled: {{ .managedCluster.addons.iamPolicyController.enabled }} diff --git a/pkg/cmd/attach/cluster/scenario/attach/hub/managed_cluster_secret.yaml b/pkg/cmd/attach/cluster/scenario/attach/hub/managed_cluster_secret.yaml index a17d80af2..12773aa78 100644 --- a/pkg/cmd/attach/cluster/scenario/attach/hub/managed_cluster_secret.yaml +++ b/pkg/cmd/attach/cluster/scenario/attach/hub/managed_cluster_secret.yaml @@ -1,6 +1,6 @@ # Copyright Contributors to the Open Cluster Management project -{{ $needed := (printf "%s%s" .kubeConfig .token) }} +{{ $needed := (printf "%s%s" .managedCluster.kubeConfig .managedCluster.token) }} {{ if not (eq $needed "" "%!s()" "%!s()%!s()" ) }} apiVersion: v1 kind: Secret @@ -8,14 +8,14 @@ metadata: name: auto-import-secret namespace: "{{ .managedCluster.name }}" stringData: - autoImportRetry: "{{ .autoImportRetry }}" -{{ if .kubeConfig }} + autoImportRetry: "{{ .managedCluster.autoImportRetry }}" +{{ if .managedCluster.kubeConfig }} kubeconfig: |- -{{ .kubeConfig | indent 4 }} +{{ .managedCluster.kubeConfig | indent 4 }} {{ end }} -{{ if .token }} - token: {{ .token }} - server: {{ .server }} +{{ if .managedCluster.token }} + token: {{ .managedCluster.token }} + server: {{ .managedCluster.server }} {{ end }} type: Opaque {{ end }} diff --git a/pkg/cmd/attach/cluster/scenario/attach/values-template.yaml b/pkg/cmd/attach/cluster/scenario/attach/values-template.yaml index 583edb186..386082a0c 100644 --- a/pkg/cmd/attach/cluster/scenario/attach/values-template.yaml +++ b/pkg/cmd/attach/cluster/scenario/attach/values-template.yaml @@ -2,27 +2,27 @@ managedCluster: name: # , this value is overwritten by the --name parameter -addons: - applicationManager: - enabled: true - argocdCluster: false - policyController: - enabled: true - searchCollector: - enabled: true - certPolicyController: - enabled: true - iamPolicyController: - enabled: true -# Define the number of time the import must be tentavelly executed. -autoImportRetry: 5 -# For automatically import the cluster, -# provide the kubeconfig or the server/token pair -# The cluster kubeconfig, token and server can also be passed as parameter -# The parameters override these values -kubeConfig: |- - -token: -server: - + addons: + applicationManager: + enabled: true + argocdCluster: false + policyController: + enabled: true + searchCollector: + enabled: true + certPolicyController: + enabled: true + iamPolicyController: + enabled: true + # Define the number of time the import must be tentavelly executed. + autoImportRetry: 5 + # For automatically import the cluster, + # provide the kubeconfig or the server/token pair + # The cluster kubeconfig, token and server can also be passed as parameter + # The parameters override these values + kubeConfig: |- + + token: + server: + diff --git a/pkg/cmd/attach/cluster/test/unit/values-with-data.yaml b/pkg/cmd/attach/cluster/test/unit/values-with-data.yaml index ef3542628..86f3961dd 100644 --- a/pkg/cmd/attach/cluster/test/unit/values-with-data.yaml +++ b/pkg/cmd/attach/cluster/test/unit/values-with-data.yaml @@ -1,24 +1,24 @@ # Copyright Contributors to the Open Cluster Management project managedCluster: name: test # , this value is overwritten by the --name parameter -addons: - applicationManager: - enabled: true - argocdCluster: false - policyController: - enabled: true - searchCollector: - enabled: true - certPolicyController: - enabled: true - iamPolicyController: - enabled: true -# Define the number of time the import must be tentavelly executed. -autoImportRetry: 5 -# For automatically import the cluster, -# provide the kubeconfig or the server/token pair -# The cluster kubeconfig, token and server can also be passed as parameter -# The parameters override these values -kubeConfig: myKubeConfig -token: myToken -server: myServer \ No newline at end of file + addons: + applicationManager: + enabled: true + argocdCluster: false + policyController: + enabled: true + searchCollector: + enabled: true + certPolicyController: + enabled: true + iamPolicyController: + enabled: true + # Define the number of time the import must be tentavelly executed. + autoImportRetry: 5 + # For automatically import the cluster, + # provide the kubeconfig or the server/token pair + # The cluster kubeconfig, token and server can also be passed as parameter + # The parameters override these values + kubeConfig: myKubeConfig + token: myToken + server: myServer \ No newline at end of file diff --git a/test/functional/attach/cluster/kubeconfig_values.yaml b/test/functional/attach/cluster/kubeconfig_values.yaml index 084d2c607..2cc527559 100755 --- a/test/functional/attach/cluster/kubeconfig_values.yaml +++ b/test/functional/attach/cluster/kubeconfig_values.yaml @@ -2,19 +2,19 @@ managedCluster: name: mycluster -addons: - applicationManager: - argocdCluster: false - enabled: true - policyController: - enabled: true - searchCollector: - enabled: true - certPolicyController: - enabled: true - iamPolicyController: - enabled: true - version: 2.3.0 -autoImportRetry: 5 -kubeConfig: |- - kubeconfig: fakeVAlue \ No newline at end of file + addons: + applicationManager: + argocdCluster: false + enabled: true + policyController: + enabled: true + searchCollector: + enabled: true + certPolicyController: + enabled: true + iamPolicyController: + enabled: true + version: 2.3.0 + autoImportRetry: 5 + kubeConfig: |- + kubeconfig: fakeVAlue \ No newline at end of file diff --git a/test/functional/attach/cluster/manual_values.yaml b/test/functional/attach/cluster/manual_values.yaml index f54f08afa..fa79fdce2 100755 --- a/test/functional/attach/cluster/manual_values.yaml +++ b/test/functional/attach/cluster/manual_values.yaml @@ -2,19 +2,19 @@ managedCluster: name: mycluster -addons: - applicationManager: - argocdCluster: false - enabled: true - policyController: - enabled: true - searchCollector: - enabled: true - certPolicyController: - enabled: true - iamPolicyController: - enabled: true - version: 2.2.0 -token: "" -# kubeConfig: "" + addons: + applicationManager: + argocdCluster: false + enabled: true + policyController: + enabled: true + searchCollector: + enabled: true + certPolicyController: + enabled: true + iamPolicyController: + enabled: true + version: 2.2.0 + token: "" + # kubeConfig: "" diff --git a/test/functional/attach/cluster/token_values.yaml b/test/functional/attach/cluster/token_values.yaml index a13e81d1b..eede74141 100755 --- a/test/functional/attach/cluster/token_values.yaml +++ b/test/functional/attach/cluster/token_values.yaml @@ -2,19 +2,19 @@ managedCluster: name: mycluster -addons: - applicationManager: - argocdCluster: false - enabled: true - policyController: - enabled: true - searchCollector: - enabled: true - certPolicyController: - enabled: true - iamPolicyController: - enabled: true - version: 2.2.0 -autoImportRetry: 5 -token: fakeToken -server: https://fakeurl \ No newline at end of file + addons: + applicationManager: + argocdCluster: false + enabled: true + policyController: + enabled: true + searchCollector: + enabled: true + certPolicyController: + enabled: true + iamPolicyController: + enabled: true + version: 2.2.0 + autoImportRetry: 5 + token: fakeToken + server: https://fakeurl \ No newline at end of file diff --git a/test/functional/resources/hive_v1_clusterdeployment_crd.yaml b/test/functional/resources/hive_v1_clusterdeployment_crd.yaml new file mode 100644 index 000000000..4c63c46d8 --- /dev/null +++ b/test/functional/resources/hive_v1_clusterdeployment_crd.yaml @@ -0,0 +1,1154 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: clusterdeployments.hive.openshift.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.labels.hive\.openshift\.io/cluster-platform + name: Platform + type: string + - JSONPath: .metadata.labels.hive\.openshift\.io/cluster-region + name: Region + type: string + - JSONPath: .metadata.labels.hive\.openshift\.io/cluster-type + name: ClusterType + type: string + - JSONPath: .spec.installed + name: Installed + type: boolean + - JSONPath: .spec.clusterMetadata.infraID + name: InfraID + type: string + - JSONPath: .metadata.labels.hive\.openshift\.io/version-major-minor-patch + name: Version + type: string + - JSONPath: .status.conditions[?(@.type=='Hibernating')].reason + name: PowerState + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: hive.openshift.io + names: + kind: ClusterDeployment + listKind: ClusterDeploymentList + plural: clusterdeployments + shortNames: + - cd + singular: clusterdeployment + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ClusterDeployment is the Schema for the clusterdeployments API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterDeploymentSpec defines the desired state of ClusterDeployment + properties: + baseDomain: + description: BaseDomain is the base domain to which the cluster should + belong. + type: string + boundServiceAccountSigningKeySecretRef: + description: BoundServiceAccountSignkingKeySecretRef refers to a Secret + that contains a 'bound-service-account-signing-key.key' data key pointing + to the private key that will be used to sign ServiceAccount objects. + Primarily used to provision AWS clusters to use Amazon's Security + Token Service. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + certificateBundles: + description: CertificateBundles is a list of certificate bundles associated + with this cluster + items: + description: CertificateBundleSpec specifies a certificate bundle + associated with a cluster deployment + properties: + certificateSecretRef: + description: CertificateSecretRef is the reference to the secret + that contains the certificate bundle. If the certificate bundle + is to be generated, it will be generated with the name in this + reference. Otherwise, it is expected that the secret should + exist in the same namespace as the ClusterDeployment + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + generate: + description: Generate indicates whether this bundle should have + real certificates generated for it. + type: boolean + name: + description: Name is an identifier that must be unique within + the bundle and must be referenced by an ingress or by the control + plane serving certs + type: string + required: + - certificateSecretRef + - name + type: object + type: array + clusterMetadata: + description: ClusterMetadata contains metadata information about the + installed cluster. + properties: + adminKubeconfigSecretRef: + description: AdminKubeconfigSecretRef references the secret containing + the admin kubeconfig for this cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + adminPasswordSecretRef: + description: AdminPasswordSecretRef references the secret containing + the admin username/password which can be used to login to this + cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + clusterID: + description: ClusterID is a globally unique identifier for this + cluster generated during installation. Used for reporting metrics + among other places. + type: string + infraID: + description: InfraID is an identifier for this cluster generated + during installation and used for tagging/naming resources in cloud + providers. + type: string + required: + - adminKubeconfigSecretRef + - adminPasswordSecretRef + - clusterID + - infraID + type: object + clusterName: + description: ClusterName is the friendly name of the cluster. It is + used for subdomains, some resource tagging, and other instances where + a friendly name for the cluster is useful. + type: string + clusterPoolRef: + description: ClusterPoolRef is a reference to the ClusterPool that this + ClusterDeployment originated from. + properties: + claimName: + description: ClaimName is the name of the ClusterClaim that claimed + the cluster from the pool. + type: string + namespace: + description: Namespace is the namespace where the ClusterPool resides. + type: string + poolName: + description: PoolName is the name of the ClusterPool for which the + cluster was created. + type: string + required: + - namespace + - poolName + type: object + controlPlaneConfig: + description: ControlPlaneConfig contains additional configuration for + the target cluster's control plane + properties: + apiURLOverride: + description: APIURLOverride is the optional URL override to which + Hive will transition for communication with the API server of + the remote cluster. When a remote cluster is created, Hive will + initially communicate using the API URL established during installation. + If an API URL Override is specified, Hive will periodically attempt + to connect to the remote cluster using the override URL. Once + Hive has determined that the override URL is active, Hive will + use the override URL for further communications with the API server + of the remote cluster. + type: string + servingCertificates: + description: ServingCertificates specifies serving certificates + for the control plane + properties: + additional: + description: Additional is a list of additional domains and + certificates that are also associated with the control plane's + api endpoint. + items: + description: ControlPlaneAdditionalCertificate defines an + additional serving certificate for a control plane + properties: + domain: + description: Domain is the domain of the additional control + plane certificate + type: string + name: + description: Name references a CertificateBundle in the + ClusterDeployment.Spec that should be used for this + additional certificate. + type: string + required: + - domain + - name + type: object + type: array + default: + description: Default references the name of a CertificateBundle + in the ClusterDeployment that should be used for the control + plane's default endpoint. + type: string + type: object + type: object + hibernateAfter: + description: HibernateAfter will transition a cluster to hibernating + power state after it has been running for the given duration. The + time that a cluster has been running is the time since the cluster + was installed or the time since the cluster last came out of hibernation. + type: string + ingress: + description: Ingress allows defining desired clusteringress/shards to + be configured on the cluster. + items: + description: ClusterIngress contains the configurable pieces for any + ClusterIngress objects that should exist on the cluster. + properties: + domain: + description: Domain (sometimes referred to as shard) is the full + DNS suffix that the resulting IngressController object will + service (eg abcd.mycluster.mydomain.com). + type: string + name: + description: Name of the ClusterIngress object to create. + type: string + namespaceSelector: + description: NamespaceSelector allows filtering the list of namespaces + serviced by the ingress controller. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + routeSelector: + description: RouteSelector allows filtering the set of Routes + serviced by the ingress controller + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + servingCertificate: + description: ServingCertificate references a CertificateBundle + in the ClusterDeployment.Spec that should be used for this Ingress + type: string + required: + - domain + - name + type: object + type: array + installAttemptsLimit: + description: InstallAttemptsLimit is the maximum number of times Hive + will attempt to install the cluster. + format: int32 + type: integer + installed: + description: Installed is true if the cluster has been installed + type: boolean + machineManagement: + description: MachineManagement contains machine management settings + including the strategy that will be used when provisioning worker + machines. + properties: + central: + description: Central contains settings for central machine management. + If set Central indicates that central machine management will + be used as opposed to management on the spoke cluster. + type: object + targetNamespace: + description: TargetNamespace is the namespace in which we will create + worker machineset resources. Resources required to create machines + will be copied to the TargetNamespace. TargetNamespace is created + for you and cannot be set during creation. TargetNamespace is + also immutable once set. + type: string + type: object + manageDNS: + description: ManageDNS specifies whether a DNSZone should be created + and managed automatically for this ClusterDeployment + type: boolean + platform: + description: Platform is the configuration for the specific platform + upon which to perform the installation. + properties: + agentBareMetal: + description: AgentBareMetal is the configuration used when performing + an Assisted Agent based installation to bare metal. Can only be + used with the Assisted InstallStrategy. + properties: + agentSelector: + description: AgentSelector is a label selector used for associating + relevant custom resources with this cluster. (Agent, BareMetalHost, + etc) + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + apiVIP: + description: APIVIP is the virtual IP used to reach the OpenShift + cluster's API. + type: string + apiVIPDNSName: + description: APIVIPDNSName is the domain name used to reach + the OpenShift cluster API. + type: string + ingressVIP: + description: IngressVIP is the virtual IP used for cluster ingress + traffic. + type: string + required: + - agentSelector + type: object + aws: + description: AWS is the configuration used when installing on AWS. + properties: + credentialsAssumeRole: + description: CredentialsAssumeRole refers to the IAM role that + must be assumed to obtain AWS account access for the cluster + operations. + properties: + externalID: + description: 'ExternalID is random string generated by platform + so that assume role is protected from confused deputy + problem. more info: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html' + type: string + roleARN: + type: string + required: + - roleARN + type: object + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that contains + the AWS account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + privateLink: + description: PrivateLink allows uses to enable access to the + cluster's API server using AWS PrivateLink. AWS PrivateLink + includes a pair of VPC Endpoint Service and VPC Endpoint accross + AWS accounts and allows clients to connect to services using + AWS's internal networking instead of the Internet. + properties: + enabled: + type: boolean + required: + - enabled + type: object + region: + description: Region specifies the AWS region where the cluster + will be created. + type: string + userTags: + additionalProperties: + type: string + description: UserTags specifies additional tags for AWS resources + created for the cluster. + type: object + required: + - region + type: object + azure: + description: Azure is the configuration used when installing on + Azure. + properties: + baseDomainResourceGroupName: + description: BaseDomainResourceGroupName specifies the resource + group where the azure DNS zone for the base domain is found + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that contains + the Azure account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + region: + description: Region specifies the Azure region where the cluster + will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + baremetal: + description: BareMetal is the configuration used when installing + on bare metal. + properties: + libvirtSSHPrivateKeySecretRef: + description: LibvirtSSHPrivateKeySecretRef is the reference + to the secret that contains the private SSH key to use for + access to the libvirt provisioning host. The SSH private key + is expected to be in the secret data under the "ssh-privatekey" + key. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - libvirtSSHPrivateKeySecretRef + type: object + gcp: + description: GCP is the configuration used when installing on Google + Cloud Platform. + properties: + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that contains + the GCP account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + region: + description: Region specifies the GCP region where the cluster + will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + openstack: + description: OpenStack is the configuration used when installing + on OpenStack + properties: + certificatesSecretRef: + description: "CertificatesSecretRef refers to a secret that + contains CA certificates necessary for communicating with + the OpenStack. There is additional configuration required + for the OpenShift cluster to trust the certificates provided + in this secret. The \"clouds.yaml\" file included in the credentialsSecretRef + Secret must also include a reference to the certificate bundle + file for the OpenShift cluster being created to trust the + OpenStack endpoints. The \"clouds.yaml\" file must set the + \"cacert\" field to either \"/etc/openstack-ca/\" or \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\". + \n For example, \"\"\"clouds.yaml clouds: shiftstack: auth: + ... cacert: \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\" + \"\"\"" + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + cloud: + description: Cloud will be used to indicate the OS_CLOUD value + to use the right section from the clouds.yaml in the CredentialsSecretRef. + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that contains + the OpenStack account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + trunkSupport: + description: TrunkSupport indicates whether or not to use trunk + ports in your OpenShift cluster. + type: boolean + required: + - cloud + - credentialsSecretRef + type: object + ovirt: + description: Ovirt is the configuration used when installing on + oVirt + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that contains + the oVirt CA certificates necessary for communicating with + oVirt. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that contains + the oVirt account access credentials with fields: ovirt_url, + ovirt_username, ovirt_password, ovirt_ca_bundle' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + ovirt_cluster_id: + description: The target cluster under which all VMs will run + type: string + ovirt_network_name: + description: The target network of all the network interfaces + of the nodes. Omitting defaults to ovirtmgmt network which + is a default network for evert ovirt cluster. + type: string + storage_domain_id: + description: The target storage domain under which all VM disk + would be created. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - ovirt_cluster_id + - storage_domain_id + type: object + vsphere: + description: VSphere is the configuration used when installing on + vSphere + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that contains + the vSphere CA certificates necessary for communicating with + the VCenter. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + cluster: + description: Cluster is the name of the cluster virtual machines + will be cloned into. + type: string + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that contains + the vSphere account access credentials: GOVC_USERNAME, GOVC_PASSWORD + fields.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + datacenter: + description: Datacenter is the name of the datacenter to use + in the vCenter. + type: string + defaultDatastore: + description: DefaultDatastore is the default datastore to use + for provisioning volumes. + type: string + folder: + description: Folder is the name of the folder that will be used + and/or created for virtual machines. + type: string + network: + description: Network specifies the name of the network to be + used by the cluster. + type: string + vCenter: + description: VCenter is the domain name or IP address of the + vCenter. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - datacenter + - defaultDatastore + - vCenter + type: object + type: object + powerState: + description: PowerState indicates whether a cluster should be running + or hibernating. When omitted, PowerState defaults to the Running state. + enum: + - "" + - Running + - Hibernating + type: string + preserveOnDelete: + description: PreserveOnDelete allows the user to disconnect a cluster + from Hive without deprovisioning it + type: boolean + provisioning: + description: Provisioning contains settings used only for initial cluster + provisioning. May be unset in the case of adopted clusters. + properties: + imageSetRef: + description: ImageSetRef is a reference to a ClusterImageSet. If + a value is specified for ReleaseImage, that will take precedence + over the one from the ClusterImageSet. + properties: + name: + description: Name is the name of the ClusterImageSet that this + refers to + type: string + required: + - name + type: object + installConfigSecretRef: + description: InstallConfigSecretRef is the reference to a secret + that contains an openshift-install InstallConfig. This file will + be passed through directly to the installer. Any version of InstallConfig + can be used, provided it can be parsed by the openshift-install + version for the release you are provisioning. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + installStrategy: + description: InstallStrategy provides platform agnostic configuration + for the use of alternate install strategies. Defaults to openshift-install + if none specified. + properties: + agent: + description: Agent is the install strategy configuration for + provisioning a cluster with the Agent based assisted installer. + properties: + networking: + description: Networking is the configuration for the pod + network provider in the cluster. + properties: + clusterNetwork: + description: ClusterNetwork is the list of IP address + pools for pods. Default is 10.128.0.0/14 and a host + prefix of /23. + items: + description: ClusterNetworkEntry is a single IP address + block for pod IP blocks. IP blocks are allocated + with size 2^HostSubnetLength. + properties: + cidr: + description: CIDR is the IP block address pool. + type: string + hostPrefix: + description: HostPrefix is the prefix size to + allocate to each node from the CIDR. For example, + 24 would allocate 2^8=256 adresses to each node. + If this field is not used by the plugin, it + can be left unset. + format: int32 + type: integer + required: + - cidr + type: object + type: array + machineNetwork: + description: MachineNetwork is the list of IP address + pools for machines. + items: + description: MachineNetworkEntry is a single IP address + block for node IP blocks. + properties: + cidr: + description: CIDR is the IP block address pool + for machines within the cluster. + type: string + required: + - cidr + type: object + type: array + serviceNetwork: + description: 'ServiceNetwork is the list of IP address + pools for services. Default is 172.30.0.0/16. NOTE: + currently only one entry is supported.' + items: + type: string + maxItems: 1 + type: array + type: object + provisionRequirements: + description: ProvisionRequirements defines configuration + for when the installation is ready to be launched automatically. + properties: + controlPlaneAgents: + description: ControlPlaneAgents is the number of matching + approved and ready Agents with the control plane role + required to launch the install. Must be either 1 or + 3. + type: integer + workerAgents: + description: WorkerAgents is the minimum number of matching + approved and ready Agents with the worker role required + to launch the install. + minimum: 0 + type: integer + required: + - controlPlaneAgents + type: object + sshPublicKey: + description: SSHPublicKey will be added to all cluster hosts + for use in debugging. + type: string + required: + - networking + - provisionRequirements + type: object + type: object + installerEnv: + description: InstallerEnv are extra environment variables to pass + through to the installer. This may be used to enable additional + features of the installer. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed + resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + manifestsConfigMapRef: + description: ManifestsConfigMapRef is a reference to user-provided + manifests to add to or replace manifests that are generated by + the installer. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + releaseImage: + description: ReleaseImage is the image containing metadata for all + components that run in the cluster, and is the primary and best + way to specify what specific version of OpenShift you wish to + install. + type: string + sshKnownHosts: + description: SSHKnownHosts are known hosts to be configured in the + hive install manager pod to avoid ssh prompts. Use of ssh in the + install pod is somewhat limited today (failure log gathering from + cluster, some bare metal provisioning scenarios), so this setting + is often not needed. + items: + type: string + type: array + sshPrivateKeySecretRef: + description: SSHPrivateKeySecretRef is the reference to the secret + that contains the private SSH key to use for access to compute + instances. This private key should correspond to the public key + included in the InstallConfig. The private key is used by Hive + to gather logs on the target cluster if there are install failures. + The SSH private key is expected to be in the secret data under + the "ssh-privatekey" key. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: object + pullSecretRef: + description: PullSecretRef is the reference to the secret to use when + pulling images. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - baseDomain + - clusterName + - platform + type: object + status: + description: ClusterDeploymentStatus defines the observed state of ClusterDeployment + properties: + apiURL: + description: APIURL is the URL where the cluster's API can be accessed. + type: string + certificateBundles: + description: CertificateBundles contains of the status of the certificate + bundles associated with this cluster deployment. + items: + description: CertificateBundleStatus specifies whether a certificate + bundle was generated for this cluster deployment. + properties: + generated: + description: Generated indicates whether the certificate bundle + was generated + type: boolean + name: + description: Name of the certificate bundle + type: string + required: + - generated + - name + type: object + type: array + cliImage: + description: CLIImage is the name of the oc cli image to use when installing + the target cluster + type: string + conditions: + description: Conditions includes more detailed status for the cluster + deployment + items: + description: ClusterDeploymentCondition contains details for the current + condition of a cluster deployment + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating details + about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason for + the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + installRestarts: + description: InstallRestarts is the total count of container restarts + on the clusters install job. + type: integer + installStartedTimestamp: + description: InstallStartedTimestamp is the time when all pre-requisites + were met and cluster installation was launched. + format: date-time + type: string + installStrategy: + description: InstallStrategy contains observed state from specific install + strategies. + properties: + agent: + description: Agent defines the observed state of the Agent install + strategy for this cluster. + properties: + connectivityMajorityGroups: + type: string + controlPlaneAgentsDiscovered: + description: ControlPlaneAgentsDiscovered is the number of Agents + currently linked to this ClusterDeployment. + type: integer + controlPlaneAgentsReady: + description: ControlPlaneAgentsDiscovered is the number of Agents + currently linked to this ClusterDeployment that are ready + for use. + type: integer + workerAgentsDiscovered: + description: WorkerAgentsDiscovered is the number of worker + Agents currently linked to this ClusterDeployment. + type: integer + workerAgentsReady: + description: WorkerAgentsDiscovered is the number of worker + Agents currently linked to this ClusterDeployment that are + ready for use. + type: integer + type: object + type: object + installVersion: + description: InstallVersion is the version of OpenShift as reported + by the release image resolved for the installation. + type: string + installedTimestamp: + description: InstalledTimestamp is the time we first detected that the + cluster has been successfully installed. + format: date-time + type: string + installerImage: + description: InstallerImage is the name of the installer image to use + when installing the target cluster + type: string + platformStatus: + description: Platform contains the observed state for the specific platform + upon which to perform the installation. + properties: + aws: + description: AWS is the observed state on AWS. + properties: + privateLink: + description: PrivateLinkAccessStatus contains the observed state + for PrivateLinkAccess resources. + properties: + hostedZoneID: + type: string + vpcEndpointID: + type: string + vpcEndpointService: + properties: + id: + type: string + name: + type: string + type: object + type: object + type: object + type: object + provisionRef: + description: ProvisionRef is a reference to the last ClusterProvision + created for the deployment + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + webConsoleURL: + description: WebConsoleURL is the URL for the cluster's web console + UI. + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file