diff --git a/config/crd/bases/networking.tkg.tanzu.vmware.com_akodeploymentconfigs.yaml b/config/crd/bases/networking.tkg.tanzu.vmware.com_akodeploymentconfigs.yaml index 4877e023..32b2c548 100644 --- a/config/crd/bases/networking.tkg.tanzu.vmware.com_akodeploymentconfigs.yaml +++ b/config/crd/bases/networking.tkg.tanzu.vmware.com_akodeploymentconfigs.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: akodeploymentconfigs.networking.tkg.tanzu.vmware.com spec: group: networking.tkg.tanzu.vmware.com @@ -25,31 +23,42 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: AKODeploymentConfigSpec defines the desired state of an AKODeploymentConfig - AKODeploymentConfig describes the shared configurations for AKO deployments - across a set of Clusters. + description: |- + AKODeploymentConfigSpec defines the desired state of an AKODeploymentConfig + AKODeploymentConfig describes the shared configurations for AKO deployments across a set + of Clusters. properties: adminCredentialRef: - description: "AdminCredentialRef points to a Secret resource which - includes the username and password to access and configure the Avi - Controller. \n * username Username used with basic - authentication for the Avi REST API - * password Password used with basic authentication - for the Avi REST API \n This credential - needs to be bound with admin tenant and will be used by AKO Operator - to automate configurations and operations." + description: |- + AdminCredentialRef points to a Secret resource which includes the username + and password to access and configure the Avi Controller. + + + * username Username used with basic authentication for + the Avi REST API + * password Password used with basic authentication for + the Avi REST API + + + This credential needs to be bound with admin tenant and will be used + by AKO Operator to automate configurations and operations. properties: name: description: Name is the name of resource being referenced. @@ -62,9 +71,13 @@ spec: - namespace type: object certificateAuthorityRef: - description: "CertificateAuthorityRef points to a Secret resource - that includes the AVI Controller's CA \n * certificateAuthorityData - \ PEM-encoded certificate authority certificates" + description: |- + CertificateAuthorityRef points to a Secret resource that includes the + AVI Controller's CA + + + * certificateAuthorityData PEM-encoded certificate authority + certificates properties: name: description: Name is the name of resource being referenced. @@ -81,32 +94,34 @@ spec: with type: string clusterSelector: - description: Label selector for Clusters. The Clusters that are selected - by this will be the ones affected by this AKODeploymentConfig. It - must match the Cluster labels. This field is immutable. + description: |- + Label selector for Clusters. The Clusters that are + selected by this will be the ones affected by this + AKODeploymentConfig. + It must match the Cluster labels. This field is immutable. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -119,13 +134,13 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic controlPlaneNetwork: description: ControlPlaneNetwork describes the control plane network of the clusters selected by an akoDeploymentConfig @@ -139,22 +154,27 @@ spec: - name type: object controller: - description: Controller is the AVI Controller endpoint to which AKO - talks to provision Load Balancer resources The format is [scheme://]address[:port] - * scheme http or https, defaults to https if - not specified * address IP - address of the AVI Controller specified - * port if not specified, use default port - for the corresponding scheme + description: |- + Controller is the AVI Controller endpoint to which AKO talks to + provision Load Balancer resources + The format is [scheme://]address[:port] + * scheme http or https, defaults to https if not + specified + * address IP address of the AVI Controller + specified + * port if not specified, use default port for + the corresponding scheme type: string controllerVersion: - description: ControllerVersion is the AVI Controller version which - AKO Operator and AKO talks to. this value can be auto detected and - corrected. + description: |- + ControllerVersion is the AVI Controller version which AKO Operator and AKO talks to. + this value can be auto detected and corrected. type: string dataNetwork: - description: DataNetworks describes the Data Networks the AKO will - be deployed with. This field is immutable. + description: |- + DataNetworks describes the Data Networks the AKO will be deployed + with. + This field is immutable. properties: cidr: type: string @@ -191,9 +211,9 @@ spec: description: ExtraConfigs contains extra configurations for AKO Deployment properties: apiServerPort: - description: ApiServerPort specifies Internal port for AKO's API - server for the liveness probe of the AKO pod default port is - 8080 + description: |- + ApiServerPort specifies Internal port for AKO's API server for the liveness probe of the AKO pod + default port is 8080 type: integer blockedNamespaceList: description: This is the list of system namespaces from which @@ -202,12 +222,12 @@ spec: type: string type: array cniPlugin: - description: 'CniPlugin describes which cni plugin cluster is - using. default value is antrea, set this string if cluster cni - is other type. For Cilium CNI, set the string as cilium only - when using Cluster Scope mode for IPAM and leave it empty if - using Kubernetes Host Scope mode for IPAM. AKO supported CNI: - antrea|calico|canal|flannel|openshift|ncp|ovn-kubernetes|cilium' + description: |- + CniPlugin describes which cni plugin cluster is using. + default value is antrea, set this string if cluster cni is other type. + For Cilium CNI, set the string as cilium only when using Cluster Scope mode for IPAM + and leave it empty if using Kubernetes Host Scope mode for IPAM. + AKO supported CNI: antrea|calico|canal|flannel|openshift|ncp|ovn-kubernetes|cilium enum: - antrea - calico @@ -219,15 +239,16 @@ spec: - cilium type: string disableStaticRouteSync: - description: DisableStaticRouteSync describes ako should sync - static routing or not. If the POD networks are reachable from - the Avi SE, this should be to true. Otherwise, it should be - false. It would be true by default. + description: |- + DisableStaticRouteSync describes ako should sync static routing or not. + If the POD networks are reachable from the Avi SE, this should be to true. + Otherwise, it should be false. + It would be true by default. type: boolean enableEVH: - description: EnableEVH specifies if you want to enable the Enhanced - Virtual Hosting Model in Avi Controller for the Virtual Services, - default value is false + description: |- + EnableEVH specifies if you want to enable the Enhanced Virtual Hosting Model + in Avi Controller for the Virtual Services, default value is false type: boolean enableEvents: description: Defines Enable or disable Event broadcasting via @@ -243,37 +264,38 @@ spec: type: boolean type: object fullSyncFrequency: - description: FullSyncFrequency controls how often AKO polls the - Avi controller to update itself with cloud configurations. Default - value is 1800 + description: |- + FullSyncFrequency controls how often AKO polls the Avi controller to update itself + with cloud configurations. Default value is 1800 type: string ingress: description: IngressConfigs specifies ingress configuration for ako properties: defaultIngressController: - description: DefaultIngressController bool describes ako is - the default ingress controller to use + description: |- + DefaultIngressController bool describes ako is the default + ingress controller to use type: boolean disableIngressClass: - description: DisableIngressClass will prevent AKO Operator - to install AKO IngressClass into workload clusters for old - version of K8s + description: |- + DisableIngressClass will prevent AKO Operator to install AKO + IngressClass into workload clusters for old version of K8s type: boolean enableMCI: description: Enabling this flag would tell AKO to start processing multi-cluster ingress objects type: boolean noPGForSNI: - description: NoPGForSNI describes if you want to get rid of - poolgroups from SNI VSes. Do not use this flag, if you don't - want http caching, default value is false. + description: |- + NoPGForSNI describes if you want to get rid of poolgroups from SNI VSes. + Do not use this flag, if you don't want http caching, default value is false. type: boolean nodeNetworkList: - description: NodeNetworkList describes the details of network - and CIDRs are used in pool placement network for vcenter - cloud. Node Network details are not needed when in NodePort - mode / static routes are disabled / non vcenter clouds. + description: |- + NodeNetworkList describes the details of network and CIDRs + are used in pool placement network for vcenter cloud. Node Network details + are not needed when in NodePort mode / static routes are disabled / non vcenter clouds. items: properties: cidrs: @@ -288,27 +310,27 @@ spec: type: object type: array passthroughShardSize: - description: PassthroughShardSize controls the passthrough - virtualservice numbers Valid value should be SMALL, MEDIUM - or LARGE, default value is SMALL + description: |- + PassthroughShardSize controls the passthrough virtualservice numbers + Valid value should be SMALL, MEDIUM or LARGE, default value is SMALL enum: - SMALL - MEDIUM - LARGE type: string serviceType: - description: ServiceType string describes ingress methods - for a service Valid value should be NodePort, ClusterIP - and NodePortLocal + description: |- + ServiceType string describes ingress methods for a service + Valid value should be NodePort, ClusterIP and NodePortLocal enum: - NodePort - ClusterIP - NodePortLocal type: string shardVSSize: - description: ShardVSSize describes ingress shared virtual - service size Valid value should be SMALL, MEDIUM, LARGE - or DEDICATED, default value is SMALL + description: |- + ShardVSSize describes ingress shared virtual service size + Valid value should be SMALL, MEDIUM, LARGE or DEDICATED, default value is SMALL enum: - SMALL - MEDIUM @@ -317,38 +339,41 @@ spec: type: string type: object ipFamily: - description: This flag can take values V4 or V6 (default V4) default - value is V4 + description: |- + This flag can take values V4 or V6 (default V4) + default value is V4 enum: - V4 - V6 type: string istioEnabled: - description: This flag needs to be enabled when AKO is be to brought - up in an Istio environment default value is false + description: |- + This flag needs to be enabled when AKO is be to brought up in an Istio environment + default value is false type: boolean l4Config: description: IngressConfigs specifies L4 load balancer configuration for ako properties: autoFQDN: - description: AutoFQDN controls the FQDN generation. Valid - value should be default(..), flat (-.) - or disabled, + description: |- + AutoFQDN controls the FQDN generation. + Valid value should be default(..), flat (-.) or disabled, enum: - default - flat - disabled type: string defaultDomain: - description: DefaultDomain controls the default sub-domain - to use for L4 VSes when multiple sub-domains are configured - in the cloud. + description: |- + DefaultDomain controls the default sub-domain to use for L4 VSes when multiple sub-domains + are configured in the cloud. type: string type: object layer7Only: - description: Layer7Only specifies if you want AKO only to do layer - 7 load balancing. default value is false + description: |- + Layer7Only specifies if you want AKO only to do layer 7 load balancing. + default value is false type: boolean log: description: Log specifies the configuration for AKO logging @@ -361,9 +386,9 @@ spec: description: LogFile specifies the log file name type: string logLevel: - description: LogLevel specifies the AKO pod log level Valid - value should be INFO, DEBUG, WARN or ERROR, default value - is INFO + description: |- + LogLevel specifies the AKO pod log level + Valid value should be INFO, DEBUG, WARN or ERROR, default value is INFO enum: - INFO - DEBUG @@ -379,9 +404,9 @@ spec: type: string type: object namespaceSelector: - description: NameSpaceSelector contains label key and value used - for namespace migration. Same label has to be present on namespace/s - which needs migration/sync to AKO + description: |- + NameSpaceSelector contains label key and value used for namespace migration. + Same label has to be present on namespace/s which needs migration/sync to AKO properties: labelKey: type: string @@ -399,8 +424,9 @@ spec: type: string type: array enableRHI: - description: EnableRHI specifies cluster wide setting for - BGP peering. default value is false + description: |- + EnableRHI specifies cluster wide setting for BGP peering. + default value is false type: boolean nsxtT1LR: description: T1 Logical Segment mapping for backend network. @@ -417,17 +443,18 @@ spec: type: string type: object primaryInstance: - description: 'Defines AKO instance is primary or not. Value `true` - indicates that AKO instance is primary. In a multiple AKO deployment - in a cluster, only one AKO instance should be primary. Default - value: true.' + description: |- + Defines AKO instance is primary or not. Value `true` indicates that AKO instance is primary. + In a multiple AKO deployment in a cluster, only one AKO instance should be primary. + Default value: true. type: boolean rbac: description: Rbac specifies the configuration for AKO Rbac properties: pspEnabled: - description: PspEnabled enables the deployment of a PodSecurityPolicy - that grants AKO the proper role + description: |- + PspEnabled enables the deployment of a PodSecurityPolicy that grants + AKO the proper role type: boolean pspPolicyAPIVersion: description: PspPolicyAPIVersion decides the API version of @@ -435,30 +462,33 @@ spec: type: string type: object servicesAPI: - description: 'ServicesAPI specifies if enables AKO in services - API mode: https://kubernetes-sigs.github.io/service-apis/. Currently, - implemented only for L4. This flag uses the upstream GA APIs - which are not backward compatible with the advancedL4 APIs which - uses a fork and a version of v1alpha1pre1 default value is false' + description: |- + ServicesAPI specifies if enables AKO in services API mode: https://kubernetes-sigs.github.io/service-apis/. + Currently, implemented only for L4. This flag uses the upstream GA APIs which are not backward compatible + with the advancedL4 APIs which uses a fork and a version of v1alpha1pre1 + default value is false type: boolean useDefaultSecretsOnly: - description: If this flag is set to true, AKO will only handle - default secrets from the namespace where AKO is installed This - flag is applicable only to Openshift clusters default value - is false + description: |- + If this flag is set to true, AKO will only handle default secrets from the namespace where AKO is installed + This flag is applicable only to Openshift clusters + default value is false type: boolean vipPerNamespace: - description: Enabling this flag would tell AKO to create Parent - VS per Namespace in EVH mode default value is false + description: |- + Enabling this flag would tell AKO to create Parent VS per Namespace in EVH mode + default value is false type: boolean type: object serviceEngineGroup: - description: ServiceEngineGroup is the group name of Service Engine - that's to be used by the set of AKO Deployments + description: |- + ServiceEngineGroup is the group name of Service Engine that's to be used by the set + of AKO Deployments type: string tenant: - description: The AVI tenant for the current AKODeploymentConfig This - field is optional. + description: |- + The AVI tenant for the current AKODeploymentConfig + This field is optional. properties: context: description: Context is the type of AVI tenant context. Defaults @@ -474,15 +504,20 @@ spec: - name type: object workloadCredentialRef: - description: "WorkloadCredentialRef points to a Secret resource which - includes the username and password to access and configure the Avi - Controller. \n * username Username used with basic - authentication for the Avi REST API - * password Password used with basic authentication - for the Avi REST API \n This field - is optional. When it's not specified, username/password will be - automatically generated for each Cluster and Tenant needs to be - non-nil in this case." + description: |- + WorkloadCredentialRef points to a Secret resource which includes the username + and password to access and configure the Avi Controller. + + + * username Username used with basic authentication for + the Avi REST API + * password Password used with basic authentication for + the Avi REST API + + + This field is optional. When it's not specified, username/password + will be automatically generated for each Cluster and Tenant needs to + be non-nil in this case. properties: name: description: Name is the name of resource being referenced. @@ -512,37 +547,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -551,8 +586,9 @@ spec: type: object type: array observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed AKODeploymentConfig. + description: |- + ObservedGeneration reflects the generation of the most recently + observed AKODeploymentConfig. format: int64 type: integer type: object @@ -561,9 +597,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 4d4da3c6..3a622071 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,9 +1,7 @@ - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: manager-role rules: - apiGroups: diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 9a688e67..16658d97 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -1,9 +1,7 @@ - --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - creationTimestamp: null name: mutating-webhook-configuration webhooks: - admissionReviewVersions: @@ -27,12 +25,10 @@ webhooks: resources: - akodeploymentconfigs sideEffects: None - --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - creationTimestamp: null name: validating-webhook-configuration webhooks: - admissionReviewVersions: diff --git a/config/ytt/static.yaml b/config/ytt/static.yaml index aa5f0731..33fe9bdd 100644 --- a/config/ytt/static.yaml +++ b/config/ytt/static.yaml @@ -3,7 +3,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: tanzu-ako-operator name: akodeploymentconfigs.networking.tkg.tanzu.vmware.com @@ -27,31 +27,42 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: AKODeploymentConfigSpec defines the desired state of an AKODeploymentConfig - AKODeploymentConfig describes the shared configurations for AKO deployments - across a set of Clusters. + description: |- + AKODeploymentConfigSpec defines the desired state of an AKODeploymentConfig + AKODeploymentConfig describes the shared configurations for AKO deployments across a set + of Clusters. properties: adminCredentialRef: - description: "AdminCredentialRef points to a Secret resource which - includes the username and password to access and configure the Avi - Controller. \n * username Username used with basic - authentication for the Avi REST API - * password Password used with basic authentication - for the Avi REST API \n This credential - needs to be bound with admin tenant and will be used by AKO Operator - to automate configurations and operations." + description: |- + AdminCredentialRef points to a Secret resource which includes the username + and password to access and configure the Avi Controller. + + + * username Username used with basic authentication for + the Avi REST API + * password Password used with basic authentication for + the Avi REST API + + + This credential needs to be bound with admin tenant and will be used + by AKO Operator to automate configurations and operations. properties: name: description: Name is the name of resource being referenced. @@ -64,9 +75,13 @@ spec: - namespace type: object certificateAuthorityRef: - description: "CertificateAuthorityRef points to a Secret resource - that includes the AVI Controller's CA \n * certificateAuthorityData - \ PEM-encoded certificate authority certificates" + description: |- + CertificateAuthorityRef points to a Secret resource that includes the + AVI Controller's CA + + + * certificateAuthorityData PEM-encoded certificate authority + certificates properties: name: description: Name is the name of resource being referenced. @@ -83,32 +98,34 @@ spec: with type: string clusterSelector: - description: Label selector for Clusters. The Clusters that are selected - by this will be the ones affected by this AKODeploymentConfig. It - must match the Cluster labels. This field is immutable. + description: |- + Label selector for Clusters. The Clusters that are + selected by this will be the ones affected by this + AKODeploymentConfig. + It must match the Cluster labels. This field is immutable. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -121,13 +138,13 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic controlPlaneNetwork: description: ControlPlaneNetwork describes the control plane network of the clusters selected by an akoDeploymentConfig @@ -141,22 +158,27 @@ spec: - name type: object controller: - description: Controller is the AVI Controller endpoint to which AKO - talks to provision Load Balancer resources The format is [scheme://]address[:port] - * scheme http or https, defaults to https if - not specified * address IP - address of the AVI Controller specified - * port if not specified, use default port - for the corresponding scheme + description: |- + Controller is the AVI Controller endpoint to which AKO talks to + provision Load Balancer resources + The format is [scheme://]address[:port] + * scheme http or https, defaults to https if not + specified + * address IP address of the AVI Controller + specified + * port if not specified, use default port for + the corresponding scheme type: string controllerVersion: - description: ControllerVersion is the AVI Controller version which - AKO Operator and AKO talks to. this value can be auto detected and - corrected. + description: |- + ControllerVersion is the AVI Controller version which AKO Operator and AKO talks to. + this value can be auto detected and corrected. type: string dataNetwork: - description: DataNetworks describes the Data Networks the AKO will - be deployed with. This field is immutable. + description: |- + DataNetworks describes the Data Networks the AKO will be deployed + with. + This field is immutable. properties: cidr: type: string @@ -193,9 +215,9 @@ spec: description: ExtraConfigs contains extra configurations for AKO Deployment properties: apiServerPort: - description: ApiServerPort specifies Internal port for AKO's API - server for the liveness probe of the AKO pod default port is - 8080 + description: |- + ApiServerPort specifies Internal port for AKO's API server for the liveness probe of the AKO pod + default port is 8080 type: integer blockedNamespaceList: description: This is the list of system namespaces from which @@ -204,12 +226,12 @@ spec: type: string type: array cniPlugin: - description: 'CniPlugin describes which cni plugin cluster is - using. default value is antrea, set this string if cluster cni - is other type. For Cilium CNI, set the string as cilium only - when using Cluster Scope mode for IPAM and leave it empty if - using Kubernetes Host Scope mode for IPAM. AKO supported CNI: - antrea|calico|canal|flannel|openshift|ncp|ovn-kubernetes|cilium' + description: |- + CniPlugin describes which cni plugin cluster is using. + default value is antrea, set this string if cluster cni is other type. + For Cilium CNI, set the string as cilium only when using Cluster Scope mode for IPAM + and leave it empty if using Kubernetes Host Scope mode for IPAM. + AKO supported CNI: antrea|calico|canal|flannel|openshift|ncp|ovn-kubernetes|cilium enum: - antrea - calico @@ -221,15 +243,16 @@ spec: - cilium type: string disableStaticRouteSync: - description: DisableStaticRouteSync describes ako should sync - static routing or not. If the POD networks are reachable from - the Avi SE, this should be to true. Otherwise, it should be - false. It would be true by default. + description: |- + DisableStaticRouteSync describes ako should sync static routing or not. + If the POD networks are reachable from the Avi SE, this should be to true. + Otherwise, it should be false. + It would be true by default. type: boolean enableEVH: - description: EnableEVH specifies if you want to enable the Enhanced - Virtual Hosting Model in Avi Controller for the Virtual Services, - default value is false + description: |- + EnableEVH specifies if you want to enable the Enhanced Virtual Hosting Model + in Avi Controller for the Virtual Services, default value is false type: boolean enableEvents: description: Defines Enable or disable Event broadcasting via @@ -245,37 +268,38 @@ spec: type: boolean type: object fullSyncFrequency: - description: FullSyncFrequency controls how often AKO polls the - Avi controller to update itself with cloud configurations. Default - value is 1800 + description: |- + FullSyncFrequency controls how often AKO polls the Avi controller to update itself + with cloud configurations. Default value is 1800 type: string ingress: description: IngressConfigs specifies ingress configuration for ako properties: defaultIngressController: - description: DefaultIngressController bool describes ako is - the default ingress controller to use + description: |- + DefaultIngressController bool describes ako is the default + ingress controller to use type: boolean disableIngressClass: - description: DisableIngressClass will prevent AKO Operator - to install AKO IngressClass into workload clusters for old - version of K8s + description: |- + DisableIngressClass will prevent AKO Operator to install AKO + IngressClass into workload clusters for old version of K8s type: boolean enableMCI: description: Enabling this flag would tell AKO to start processing multi-cluster ingress objects type: boolean noPGForSNI: - description: NoPGForSNI describes if you want to get rid of - poolgroups from SNI VSes. Do not use this flag, if you don't - want http caching, default value is false. + description: |- + NoPGForSNI describes if you want to get rid of poolgroups from SNI VSes. + Do not use this flag, if you don't want http caching, default value is false. type: boolean nodeNetworkList: - description: NodeNetworkList describes the details of network - and CIDRs are used in pool placement network for vcenter - cloud. Node Network details are not needed when in NodePort - mode / static routes are disabled / non vcenter clouds. + description: |- + NodeNetworkList describes the details of network and CIDRs + are used in pool placement network for vcenter cloud. Node Network details + are not needed when in NodePort mode / static routes are disabled / non vcenter clouds. items: properties: cidrs: @@ -290,27 +314,27 @@ spec: type: object type: array passthroughShardSize: - description: PassthroughShardSize controls the passthrough - virtualservice numbers Valid value should be SMALL, MEDIUM - or LARGE, default value is SMALL + description: |- + PassthroughShardSize controls the passthrough virtualservice numbers + Valid value should be SMALL, MEDIUM or LARGE, default value is SMALL enum: - SMALL - MEDIUM - LARGE type: string serviceType: - description: ServiceType string describes ingress methods - for a service Valid value should be NodePort, ClusterIP - and NodePortLocal + description: |- + ServiceType string describes ingress methods for a service + Valid value should be NodePort, ClusterIP and NodePortLocal enum: - NodePort - ClusterIP - NodePortLocal type: string shardVSSize: - description: ShardVSSize describes ingress shared virtual - service size Valid value should be SMALL, MEDIUM, LARGE - or DEDICATED, default value is SMALL + description: |- + ShardVSSize describes ingress shared virtual service size + Valid value should be SMALL, MEDIUM, LARGE or DEDICATED, default value is SMALL enum: - SMALL - MEDIUM @@ -319,38 +343,41 @@ spec: type: string type: object ipFamily: - description: This flag can take values V4 or V6 (default V4) default - value is V4 + description: |- + This flag can take values V4 or V6 (default V4) + default value is V4 enum: - V4 - V6 type: string istioEnabled: - description: This flag needs to be enabled when AKO is be to brought - up in an Istio environment default value is false + description: |- + This flag needs to be enabled when AKO is be to brought up in an Istio environment + default value is false type: boolean l4Config: description: IngressConfigs specifies L4 load balancer configuration for ako properties: autoFQDN: - description: AutoFQDN controls the FQDN generation. Valid - value should be default(..), flat (-.) - or disabled, + description: |- + AutoFQDN controls the FQDN generation. + Valid value should be default(..), flat (-.) or disabled, enum: - default - flat - disabled type: string defaultDomain: - description: DefaultDomain controls the default sub-domain - to use for L4 VSes when multiple sub-domains are configured - in the cloud. + description: |- + DefaultDomain controls the default sub-domain to use for L4 VSes when multiple sub-domains + are configured in the cloud. type: string type: object layer7Only: - description: Layer7Only specifies if you want AKO only to do layer - 7 load balancing. default value is false + description: |- + Layer7Only specifies if you want AKO only to do layer 7 load balancing. + default value is false type: boolean log: description: Log specifies the configuration for AKO logging @@ -363,9 +390,9 @@ spec: description: LogFile specifies the log file name type: string logLevel: - description: LogLevel specifies the AKO pod log level Valid - value should be INFO, DEBUG, WARN or ERROR, default value - is INFO + description: |- + LogLevel specifies the AKO pod log level + Valid value should be INFO, DEBUG, WARN or ERROR, default value is INFO enum: - INFO - DEBUG @@ -381,9 +408,9 @@ spec: type: string type: object namespaceSelector: - description: NameSpaceSelector contains label key and value used - for namespace migration. Same label has to be present on namespace/s - which needs migration/sync to AKO + description: |- + NameSpaceSelector contains label key and value used for namespace migration. + Same label has to be present on namespace/s which needs migration/sync to AKO properties: labelKey: type: string @@ -401,8 +428,9 @@ spec: type: string type: array enableRHI: - description: EnableRHI specifies cluster wide setting for - BGP peering. default value is false + description: |- + EnableRHI specifies cluster wide setting for BGP peering. + default value is false type: boolean nsxtT1LR: description: T1 Logical Segment mapping for backend network. @@ -419,17 +447,18 @@ spec: type: string type: object primaryInstance: - description: 'Defines AKO instance is primary or not. Value `true` - indicates that AKO instance is primary. In a multiple AKO deployment - in a cluster, only one AKO instance should be primary. Default - value: true.' + description: |- + Defines AKO instance is primary or not. Value `true` indicates that AKO instance is primary. + In a multiple AKO deployment in a cluster, only one AKO instance should be primary. + Default value: true. type: boolean rbac: description: Rbac specifies the configuration for AKO Rbac properties: pspEnabled: - description: PspEnabled enables the deployment of a PodSecurityPolicy - that grants AKO the proper role + description: |- + PspEnabled enables the deployment of a PodSecurityPolicy that grants + AKO the proper role type: boolean pspPolicyAPIVersion: description: PspPolicyAPIVersion decides the API version of @@ -437,30 +466,33 @@ spec: type: string type: object servicesAPI: - description: 'ServicesAPI specifies if enables AKO in services - API mode: https://kubernetes-sigs.github.io/service-apis/. Currently, - implemented only for L4. This flag uses the upstream GA APIs - which are not backward compatible with the advancedL4 APIs which - uses a fork and a version of v1alpha1pre1 default value is false' + description: |- + ServicesAPI specifies if enables AKO in services API mode: https://kubernetes-sigs.github.io/service-apis/. + Currently, implemented only for L4. This flag uses the upstream GA APIs which are not backward compatible + with the advancedL4 APIs which uses a fork and a version of v1alpha1pre1 + default value is false type: boolean useDefaultSecretsOnly: - description: If this flag is set to true, AKO will only handle - default secrets from the namespace where AKO is installed This - flag is applicable only to Openshift clusters default value - is false + description: |- + If this flag is set to true, AKO will only handle default secrets from the namespace where AKO is installed + This flag is applicable only to Openshift clusters + default value is false type: boolean vipPerNamespace: - description: Enabling this flag would tell AKO to create Parent - VS per Namespace in EVH mode default value is false + description: |- + Enabling this flag would tell AKO to create Parent VS per Namespace in EVH mode + default value is false type: boolean type: object serviceEngineGroup: - description: ServiceEngineGroup is the group name of Service Engine - that's to be used by the set of AKO Deployments + description: |- + ServiceEngineGroup is the group name of Service Engine that's to be used by the set + of AKO Deployments type: string tenant: - description: The AVI tenant for the current AKODeploymentConfig This - field is optional. + description: |- + The AVI tenant for the current AKODeploymentConfig + This field is optional. properties: context: description: Context is the type of AVI tenant context. Defaults @@ -476,15 +508,20 @@ spec: - name type: object workloadCredentialRef: - description: "WorkloadCredentialRef points to a Secret resource which - includes the username and password to access and configure the Avi - Controller. \n * username Username used with basic - authentication for the Avi REST API - * password Password used with basic authentication - for the Avi REST API \n This field - is optional. When it's not specified, username/password will be - automatically generated for each Cluster and Tenant needs to be - non-nil in this case." + description: |- + WorkloadCredentialRef points to a Secret resource which includes the username + and password to access and configure the Avi Controller. + + + * username Username used with basic authentication for + the Avi REST API + * password Password used with basic authentication for + the Avi REST API + + + This field is optional. When it's not specified, username/password + will be automatically generated for each Cluster and Tenant needs to + be non-nil in this case. properties: name: description: Name is the name of resource being referenced. @@ -514,37 +551,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -553,8 +590,9 @@ spec: type: object type: array observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed AKODeploymentConfig. + description: |- + ObservedGeneration reflects the generation of the most recently + observed AKODeploymentConfig. format: int64 type: integer type: object @@ -563,12 +601,6 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -608,7 +640,6 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null labels: app: tanzu-ako-operator name: ako-operator-manager-role @@ -760,161 +791,3 @@ subjects: - kind: ServiceAccount name: default namespace: tkg-system-networking ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: tanzu-ako-operator - name: ako-operator-webhook-service - namespace: tkg-system-networking -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app: tanzu-ako-operator ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: tanzu-ako-operator - name: ako-operator-controller-manager - namespace: tkg-system-networking -spec: - replicas: 1 - selector: - matchLabels: - app: tanzu-ako-operator - template: - metadata: - labels: - app: tanzu-ako-operator - spec: - containers: - - command: - - /manager - image: projects-stg.registry.vmware.com/tkg/ako-operator:v1.6.0_vmware.1 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - env: - - name: bootstrap_cluster - value: "False" - - name: avi_control_plane_ha_provider - value: "False" - - name: tkg_management_cluster_name - value: "" - - name: control_plane_endpoint_port - value: "6443" - - name: avi_controller_version - value: "" - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - terminationGracePeriodSeconds: 10 - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - app: tanzu-ako-operator - name: ako-operator-serving-cert - namespace: tkg-system-networking -spec: - dnsNames: - - ako-operator-webhook-service.tkg-system-networking.svc - - ako-operator-webhook-service.tkg-system-networking.svc.cluster.local - issuerRef: - kind: Issuer - name: ako-operator-selfsigned-issuer - secretName: webhook-server-cert ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - app: tanzu-ako-operator - name: ako-operator-selfsigned-issuer - namespace: tkg-system-networking -spec: - selfSigned: {} ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: tkg-system-networking/ako-operator-serving-cert - labels: - app: tanzu-ako-operator - name: ako-operator-mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1alpha1 - clientConfig: - service: - name: ako-operator-webhook-service - namespace: tkg-system-networking - path: /validate-networking-tkg-tanzu-vmware-com-v1alpha1-akodeploymentconfig - failurePolicy: Fail - name: vakodeploymentconfig.kb.io - rules: - - apiGroups: - - networking.tkg.tanzu.vmware.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - akodeploymentconfigs - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: tkg-system-networking/ako-operator-serving-cert - labels: - app: tanzu-ako-operator - name: ako-operator-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1alpha1 - clientConfig: - service: - name: ako-operator-webhook-service - namespace: tkg-system-networking - path: /validate-networking-tkg-tanzu-vmware-com-v1alpha1-akodeploymentconfig - failurePolicy: Fail - name: vakodeploymentconfig.kb.io - rules: - - apiGroups: - - networking.tkg.tanzu.vmware.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - akodeploymentconfigs - sideEffects: None diff --git a/controllers/cluster/cluster_intg_test.go b/controllers/cluster/cluster_intg_test.go index 7725f0ab..aae8b646 100644 --- a/controllers/cluster/cluster_intg_test.go +++ b/controllers/cluster/cluster_intg_test.go @@ -147,7 +147,20 @@ func intgTestEnsureClusterHAProvider() { }} err = ctx.Client.Status().Update(ctx, service) Expect(err).To(BeNil()) - // Ensure updateControlPlaneEndpointToService won't set fqdn as ingress.ip + + // Ensure service.Status.LoadBalancer.Ingress is not nil + Eventually(func() bool { + err := ctx.Client.Get(ctx, client.ObjectKey{Name: serviceName, Namespace: ctx.Namespace}, service) + if err != nil { + return false + } + if len(service.Status.LoadBalancer.Ingress) == 0 { + return false + } + return true + }) + + // Ensure updateControlPlaneEndpointToService won't use fqdn as ingress.ip Consistently(func() bool { err := ctx.Client.Get(ctx, client.ObjectKey{Name: serviceName, Namespace: ctx.Namespace}, service) if err != nil {