diff --git a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml index b2eaf0ee0..c68f053ef 100644 --- a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -458,6 +458,9 @@ spec: service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK properties: + pkcs11pin: + default: PKCS11Pin + type: string service: default: BarbicanPassword type: string @@ -467,72 +470,16 @@ spec: type: object pkcs11: properties: - AESGCMGenerateIV: - default: true - type: boolean - HMACKeyType: - default: CKK_GENERIC_SECRET - type: string - HMACKeygenMechanism: - default: CKM_GENERIC_SECRET_KEY_GEN - type: string - HMACLabel: - type: string - HMACMechanism: - default: CKM_SHA256_HMAC - type: string - MKEKLabel: - type: string - MKEKLength: - default: 32 - type: integer - OSLockingOK: - default: false - type: boolean - alwaysSetCKASensitive: - default: true - type: boolean - certificatesMountPoint: - type: string - certificatesSecret: + clientDataPath: + default: /etc/hsm-client type: string - clientAddress: - type: string - encryptionMechanism: - default: CKM_AES_GCM - type: string - keyWrapGenerateIV: - default: true - type: boolean - keyWrapMechanism: - default: CKM_AES_KEY_WRAP_KWP + clientDataSecret: type: string - libraryPath: - type: string - loggingLevel: - default: 4 - maximum: 7 - minimum: 0 - type: integer loginSecret: type: string - serverAddress: - type: string - slotId: - type: string - tokenLabels: - type: string - tokenSerialNumber: - type: string - type: - type: string required: - - HMACLabel - - MKEKLabel - - libraryPath + - clientDataSecret - loginSecret - - serverAddress - - type type: object preserveJobs: default: false @@ -6214,6 +6161,8 @@ spec: type: integer httpdCustomization: properties: + customConfigSecret: + type: string processNumber: default: 3 format: int32 @@ -15789,6 +15738,9 @@ spec: enabled: default: true type: boolean + ksmEnabled: + default: true + type: boolean ksmTls: properties: caBundleSecretName: @@ -15812,6 +15764,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic nodeSelector: additionalProperties: type: string @@ -16534,6 +16487,11 @@ spec: type: string type: object type: object + networkAttachments: + items: + type: string + type: array + x-kubernetes-list-type: atomic prometheusTls: properties: caBundleSecretName: diff --git a/apis/go.mod b/apis/go.mod index 3babd6a97..fd05ef11d 100644 --- a/apis/go.mod +++ b/apis/go.mod @@ -7,27 +7,27 @@ require ( github.com/go-playground/validator/v10 v10.22.1 github.com/onsi/ginkgo/v2 v2.20.1 github.com/onsi/gomega v1.34.1 - github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250114105137-ffbe4b44312c - github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20241217072755-fb4d39411ad2 - github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250113135558-c44a8799bd60 - github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250109233430-f208aa212181 - github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250107183423-65b8e596796a - github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250106004957-8f2f2c4a1720 - github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250114103227-09deb192370f + github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250127073547-cf83ce8088a0 + github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20250122131751-fa5a7a53e15d + github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250205122129-ae40ae1d9504 + github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250126100316-be560a599e2d + github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250129204831-17deaa376556 + github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250203063315-e5e6165191f8 + github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250204091142-ae8379c31edb github.com/openstack-k8s-operators/ironic-operator/api v0.5.1-0.20250107140737-1d83138767c2 - github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250113154337-ece4d21f3ed9 - github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250113155806-c6542cc4eb2b - github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250113155806-c6542cc4eb2b - github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250112074607-12e4c8fce4e1 - github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250114123606-99679fd7aabe - github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250113174834-092188dbb0ca - github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250113105937-70784bbb8ddd - github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250114104851-575fc03d6b94 - github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250114121407-07c61df54c33 - github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250107161655-560140ff3cb0 + github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250203105048-182afa0c45d8 + github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250205143454-43504d7ad19a + github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250205143454-43504d7ad19a + github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250126093016-ccebb1946294 + github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250130183307-cd27e92d7620 + github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250123151805-ee0b6cafae52 + github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250129114118-0933c978bad4 + github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250204150806-a8e38cac8de0 + github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250204103128-f4aca08eca76 + github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250204081936-e9c027e0a2b8 github.com/openstack-k8s-operators/placement-operator/api v0.5.1-0.20241223152937-5c39b092c37f - github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250107153542-fb9c65d9aa6f - github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250113133356-286a91287f17 + github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250127070538-5d5c2809b81a + github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250205132728-e1506f7561a1 github.com/rabbitmq/cluster-operator/v2 v2.11.0 github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.71.0-rhobs1 // indirect github.com/rhobs/observability-operator v0.3.1 // indirect @@ -35,9 +35,9 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/tools v0.24.0 // indirect - k8s.io/api v0.29.12 - k8s.io/apimachinery v0.29.12 - k8s.io/client-go v0.29.12 + k8s.io/api v0.29.13 + k8s.io/apimachinery v0.29.13 + k8s.io/client-go v0.29.13 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 sigs.k8s.io/controller-runtime v0.17.6 ) @@ -78,7 +78,7 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/openshift/api v3.9.0+incompatible // indirect - github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250113155806-c6542cc4eb2b // indirect + github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250205143454-43504d7ad19a // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.19.0 // indirect github.com/prometheus/client_model v0.6.0 // indirect @@ -89,9 +89,9 @@ require ( golang.org/x/crypto v0.26.0 // indirect golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/sys v0.29.0 // indirect + golang.org/x/term v0.28.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect @@ -99,8 +99,8 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.29.12 // indirect - k8s.io/component-base v0.29.12 // indirect + k8s.io/apiextensions-apiserver v0.29.13 // indirect + k8s.io/component-base v0.29.13 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 // indirect sigs.k8s.io/gateway-api v1.0.0 // indirect diff --git a/apis/go.sum b/apis/go.sum index 4dfe29a68..a8deefc22 100644 --- a/apis/go.sum +++ b/apis/go.sum @@ -94,52 +94,52 @@ github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094 h1:J1wuGhVxpsHykZBa6Beb1gQ96Ptej9AE/BvwCBiRj1E= github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= -github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250114105137-ffbe4b44312c h1:b1hsQxTGvP63BIz7Y1HhhLD6cTD/jGtw7oOGr7aBRUs= -github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250114105137-ffbe4b44312c/go.mod h1:MP9fcTNnT27ltU5j9t0K6i0F6J+9+5k0o0qNM4vg47g= -github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20241217072755-fb4d39411ad2 h1:iY0RYw5hyeaou7ujKCrkYpgebIyh5O5FRsvkMwSZdNk= -github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20241217072755-fb4d39411ad2/go.mod h1:GoZVwi0mFiqivii2K+EBYW0meEv/X8txqqpBRjxDVbc= -github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250113135558-c44a8799bd60 h1:EV0ZxlWiGno7WgeY6SwCsADjOPIYO5h/xTlRzxaP3TA= -github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250113135558-c44a8799bd60/go.mod h1:QuXDT8S2b0ho4YK7BxP2qqUVdRQAP4JnbHIWHq9Dq44= -github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250109233430-f208aa212181 h1:RLpUTS2fWXoJ2IJbo45gBwN0ZIbZUQo7FnHnBvVeOxs= -github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250109233430-f208aa212181/go.mod h1:G6DMNVvzdewyzSckZNUioGglhE27OxmzBIlfdcsFT4E= -github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250107183423-65b8e596796a h1:L9imzhOnwl5t7PKGv2nTeaov3tK/rbQtgLSgwtjBOmA= -github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250107183423-65b8e596796a/go.mod h1:rThjI75U53XDjzx7ZVnbCR1uPdlOWgFv++e0y377r2U= -github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250106004957-8f2f2c4a1720 h1:t3q1LGUaB+1lHXN62y2EF1D82Y6gIelyR9S65sD4di0= -github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250106004957-8f2f2c4a1720/go.mod h1:UGkrLEcGjc+q4tbUT00q4dHOMpcTaMqrs3CTXpetuyc= -github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250114103227-09deb192370f h1:36rtQYpamFftd6t/PgGfGRLHiv5ByOsbOWGmE/aaUoU= -github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250114103227-09deb192370f/go.mod h1:TDaE7BVQvJwJGFm33R6xcPTeF8LKAnMh+a1ho+YqJHs= +github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250127073547-cf83ce8088a0 h1:Fpiury9F9pOpdUUdB0stSjc8SjRCvWnOrD9k0Y1fJdA= +github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250127073547-cf83ce8088a0/go.mod h1:MP9fcTNnT27ltU5j9t0K6i0F6J+9+5k0o0qNM4vg47g= +github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20250122131751-fa5a7a53e15d h1:Yhnh/8ERlSuwufK54InF+6/zH8f3vuQzL6Cc/n4SJ/k= +github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20250122131751-fa5a7a53e15d/go.mod h1:GoZVwi0mFiqivii2K+EBYW0meEv/X8txqqpBRjxDVbc= +github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250205122129-ae40ae1d9504 h1:aohiThW8PwzZS8bnsO7QOFbsnG6Ws9FcYUQmkIA3heA= +github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250205122129-ae40ae1d9504/go.mod h1:QuXDT8S2b0ho4YK7BxP2qqUVdRQAP4JnbHIWHq9Dq44= +github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250126100316-be560a599e2d h1:+IIIuQsLXDKj/c3LJnXd1xUmaqoX90qce3E4XR+8V9Y= +github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250126100316-be560a599e2d/go.mod h1:I0guyNO00WfDcG20snrCJpTt5MhT1e+ugWfMc7YdDws= +github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250129204831-17deaa376556 h1:y4BdDTeuRDLwneYQg3N0Ei23/xILbHgCxyPmQtQdwR0= +github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250129204831-17deaa376556/go.mod h1:6egBIaHzwbzRHQxkkmHBkBRLHWrJ3eH1EhVuz5Z3dhU= +github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250203063315-e5e6165191f8 h1:A5+uQ6KW8PQVlunD/tbrEaZRFeUQMOICVSE/ZaNry7g= +github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250203063315-e5e6165191f8/go.mod h1:UGkrLEcGjc+q4tbUT00q4dHOMpcTaMqrs3CTXpetuyc= +github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250204091142-ae8379c31edb h1:SedlzLahRyzctVTXzVrpmjui78A7Z0g8V1cmPBoQzYY= +github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250204091142-ae8379c31edb/go.mod h1:TDaE7BVQvJwJGFm33R6xcPTeF8LKAnMh+a1ho+YqJHs= github.com/openstack-k8s-operators/ironic-operator/api v0.5.1-0.20250107140737-1d83138767c2 h1:nFbSN0goC+CWeHa7oRrOD+jOUmVNc+Nn/tGgjtCOjag= github.com/openstack-k8s-operators/ironic-operator/api v0.5.1-0.20250107140737-1d83138767c2/go.mod h1:E2y4HZ0WVbDfvf+VBCtA+uy7c8uuR54ED8w5YvlHbYo= -github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250113154337-ece4d21f3ed9 h1:DMf/FNh8d082g8EaMHQ7nurk3EWkbVtvWclhHWKUE6Q= -github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250113154337-ece4d21f3ed9/go.mod h1:CyuEOM1TpXKNUR1n8cudNtRzTEwkzv90JFkpDPPId8E= -github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250113155806-c6542cc4eb2b h1:laxu7pBlpo+lHdRn/XPqxfLGfSW77nnzdOwIBrO4BkI= -github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250113155806-c6542cc4eb2b/go.mod h1:YpNTuJhDWhbXM50O3qBkhO7M+OOyRmWkNVmJ4y3cyFs= -github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250113155806-c6542cc4eb2b h1:aXvtaY1BwguTGMiAhP83Oz8URz+Iv5I6x0AA0Em15rM= -github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250113155806-c6542cc4eb2b/go.mod h1:IASoGvp5QM/tBJUd/8i8uIjj4DBnI+64Ydh4r7pmnvA= -github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250113155806-c6542cc4eb2b h1:N5c+8ljYZo4uP2FvGqTvCDXqOwMJO9ZilZNf66mNcMM= -github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250113155806-c6542cc4eb2b/go.mod h1:tfgBeLRqmlH/NQkLPe7396rj+t0whv2wPuMb8Ttvh8w= -github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250112074607-12e4c8fce4e1 h1:5PMOxjSlnXjA17nqxW+jrj0aJYtGx1d0D7qULb7OAOo= -github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250112074607-12e4c8fce4e1/go.mod h1:YGPcbKCW8QS5GZ5meuoaGMFrQNVkDT9ymNQUjzJ3TE8= -github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250114123606-99679fd7aabe h1:TKqRKrDTaU8kN14SCczs8K8++pnXARMFBGJEd8E+8pE= -github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250114123606-99679fd7aabe/go.mod h1:wyvGgWBf18AhYLXN7apmlZxpho8N9HCEWmihO/+Albc= -github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250113174834-092188dbb0ca h1:nHJUpDNQAADRjd5FXtrGTCPOdjwbWW6piticvbohj1E= -github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250113174834-092188dbb0ca/go.mod h1:3hQU5jwHizOTQi30dPAXuPbUzVOo59OgK3jRWKqAPQ0= -github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250113105937-70784bbb8ddd h1:nOZJtSrgW99tQYV7tYT6yzdIc8tG1Sy2+uz4f7+rzmU= -github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250113105937-70784bbb8ddd/go.mod h1:ouAtrBGah0l8hhuJanSqVtRUXH2SUMzsr0x9SGDh9ek= -github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250114104851-575fc03d6b94 h1:HSrtOGkOoqHplH1deuD7VOmNHQowlJsWG8MUxn5xK0Y= -github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250114104851-575fc03d6b94/go.mod h1:5togdZ035sh93/9DcEnGuJfyIvzvY2LMGnPVaWoU3H0= -github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250114121407-07c61df54c33 h1:TRaxJF0CBHUGQ7OeQ6etVDO4eFNQv5eNoBPnU5zPHVg= -github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250114121407-07c61df54c33/go.mod h1:5+Kpdmh8Uo2D0Cnt+35pnBJias0dv/9gfXEY6f+hIEk= -github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250107161655-560140ff3cb0 h1:CFPeM6KsV9LD3U4zwmoWYshg1JEI4PTxQb/yoJPlO8s= -github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250107161655-560140ff3cb0/go.mod h1:CCwhhamz5YOMerxbKWNmeuLyogiAx6wUDaNu12HUBG8= +github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250203105048-182afa0c45d8 h1:HIL7hIXZPuwMVr46jMoLxHToBHAplGWwOtR4FlMrCUU= +github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250203105048-182afa0c45d8/go.mod h1:pZ3kLMgL9thHN7ewyLsTE8R0nsI81f8KJ0yEVBBpa9Q= +github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250205143454-43504d7ad19a h1:3LuUgB85VxGD6lmVOeZelYEASmytkrzaudU014PN7xw= +github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250205143454-43504d7ad19a/go.mod h1:KxnNSUk15llkKTSq/bQEE7pnc0IMk44fxhoBRpimMa8= +github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250205143454-43504d7ad19a h1:5pgwFtRHPmcnSjkD0ZtlfoWjGCTAlPgPMUgmY5vyyvE= +github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250205143454-43504d7ad19a/go.mod h1:bDDzp+cA12PJQ+igpxBpCOApLt98TVFn2MX44xJUE8s= +github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250205143454-43504d7ad19a h1:qvu7bKIxlToTbHAqCpYXu+d3UwcADYDk2zk75d8lDiQ= +github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250205143454-43504d7ad19a/go.mod h1:0py9Ny2FcW5RpUY99xxFrt3g+CiEpDRjjIQoDpO+C3s= +github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250126093016-ccebb1946294 h1:vrMWMFuZbBAVVyosLJi8VnI7SYUb6UMQeK+aCxBMUks= +github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250126093016-ccebb1946294/go.mod h1:0hw1vZqstYLSeQqKcgZnmXZXTqhINuVU6ceQoCglzck= +github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250130183307-cd27e92d7620 h1:pJ46w/bxdMfbsjf80b8PsJgmQjenCxkeFaEHbbgZjoM= +github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250130183307-cd27e92d7620/go.mod h1:wyvGgWBf18AhYLXN7apmlZxpho8N9HCEWmihO/+Albc= +github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250123151805-ee0b6cafae52 h1:d4q+TK2DmM4WfUdPF2EKzbUYavLr4GYkmNNXg1uTb2Q= +github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250123151805-ee0b6cafae52/go.mod h1:3hQU5jwHizOTQi30dPAXuPbUzVOo59OgK3jRWKqAPQ0= +github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250129114118-0933c978bad4 h1:ittly0v77lDUVSzRy5QEFcR4z6U1/KG+uyOKegiAJ2Y= +github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250129114118-0933c978bad4/go.mod h1:ouAtrBGah0l8hhuJanSqVtRUXH2SUMzsr0x9SGDh9ek= +github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250204150806-a8e38cac8de0 h1:P/XqJMRzDTJIiFBH4vwzHFEeh2enBHrD1z5aONcm4/8= +github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250204150806-a8e38cac8de0/go.mod h1:e7QBNVbrgbdStxOgYZdHRnNeKWlcU37++fgTbvP1NRk= +github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250204103128-f4aca08eca76 h1:el3VJszXHXx046vxj0WdQtRrJHo0JFlxToCiC6X2ZN0= +github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250204103128-f4aca08eca76/go.mod h1:VEpapGJ9mG31mgdPD0/NC7zevaanpqfOSou0s9fj3H4= +github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250204081936-e9c027e0a2b8 h1:sM5CyDqJroPlNOmdeJJQ53t/EOZdk6PZ3swTcvy+lBU= +github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250204081936-e9c027e0a2b8/go.mod h1:64lBQA4jlmslE+Ps244FSmySB0Mtxg2wQXmygFW70R8= github.com/openstack-k8s-operators/placement-operator/api v0.5.1-0.20241223152937-5c39b092c37f h1:FGHU3D2gOjf3M+k2afohsdCvlDJtuPImQoCsEHCYvZE= github.com/openstack-k8s-operators/placement-operator/api v0.5.1-0.20241223152937-5c39b092c37f/go.mod h1:gIJz1uKqp0MsMJkF3tzizzcy1hOVpmZwdx6gBA11IRQ= github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20241017142550-a3524acedd49 h1:/7SnnHfGCH/dwuZFNUx54zw4cnwv2w6hjONq16aoowM= github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20241017142550-a3524acedd49/go.mod h1:6Mq2N/KtNFW20L+PQC5qkeK8R8UGadmGBXL8HDY6lcg= -github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250107153542-fb9c65d9aa6f h1:r2uhK9P3sD7FQYFsABDskQA/ZnjPZ+qNHmMTyMPWheA= -github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250107153542-fb9c65d9aa6f/go.mod h1:BsHuIfDAQUgjq/QZNrrVDfJzcbIL4rKV6UjlnZqR1u0= -github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250113133356-286a91287f17 h1:ULvJe4a5J2DxJMrS38edqG6ylXtm4WQFh4fNHtVaRYk= -github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250113133356-286a91287f17/go.mod h1:zba6vtrFWehPMhoEo8RRWiVSdAr0o/DgSCXF1zPXxpM= +github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250127070538-5d5c2809b81a h1:XCmJc0x5yw6HGGDk+ryIcsI4EQFz3YX2Uh4yCxiBYSI= +github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250127070538-5d5c2809b81a/go.mod h1:3uQyxQELIu1MTjf5jlrVm5UFpSVJziknBzmkxURWv1I= +github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250205132728-e1506f7561a1 h1:M4NIm3eFQkza5r2T5mNasWce+H22uYLmiSTiFErO+ao= +github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250205132728-e1506f7561a1/go.mod h1:XEUoJwU3ULkrn0bXm0G8MTExASful33xyCDH+z+Zat0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -211,19 +211,19 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -255,16 +255,16 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.12 h1:SsEEMtFupOAt3pAAtAz0PDu+54g3L5rwbSCi0xQzAJM= -k8s.io/api v0.29.12/go.mod h1:QFwqOP+7LNoAG1RI3vKAFxjKSLQTCamcPzAQ0Z/Yhuk= -k8s.io/apiextensions-apiserver v0.29.12 h1:xoQfYPwAzfcoH/MVuQiSPTWmFrmblvYbUMODpfYyyw8= -k8s.io/apiextensions-apiserver v0.29.12/go.mod h1:L1GHiWK2bkYrZOkFtChfkVpPUh9Ogr6gmShM28Yhqk0= -k8s.io/apimachinery v0.29.12 h1:k6OdfK9xaNANQvWkl1pSICJGLjB4jSuJ3gGP9hBKOhE= -k8s.io/apimachinery v0.29.12/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= -k8s.io/client-go v0.29.12 h1:PjwJXavmpAqOWBRy4U5V/g3JQBpclIHEn5dvfTfsY+w= -k8s.io/client-go v0.29.12/go.mod h1:hRHG6tAKxaLVKF5SlMqgXrbqPEoUcUpJGFFrC3jU69A= -k8s.io/component-base v0.29.12 h1:NuFNzBSF3Iopih6VpvYmtjpdN1MLc9PcByl60fcJ0tQ= -k8s.io/component-base v0.29.12/go.mod h1:YHua3E5Lvnva6dXqGqiuRj8CxhBw7g6KgYV/dcS7LBU= +k8s.io/api v0.29.13 h1:VkMIbjJw1t2VgTatg8ggzI93LOfFa8z8SzAYzXtWuEg= +k8s.io/api v0.29.13/go.mod h1:fBWhXqqE25b46PZEVA2DXN2EuhNg1ZT3VRyb5JitLG8= +k8s.io/apiextensions-apiserver v0.29.13 h1:3xsTohNwndx4NJjgqoi5VuBPWeG4yY4VXOF62ugXvhU= +k8s.io/apiextensions-apiserver v0.29.13/go.mod h1:plxNh3qMNsiMo4svQtkVp47n+2/rwm/c8FTJYR6rikQ= +k8s.io/apimachinery v0.29.13 h1:a7I4uQtlfaL+UTRGFhl8lLd2nHBR7qt+axhQLtpLYMg= +k8s.io/apimachinery v0.29.13/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= +k8s.io/client-go v0.29.13 h1:M2scR9NWGlzI2YoIxTgwx2N3OA+dXqN87zsM4tvewmA= +k8s.io/client-go v0.29.13/go.mod h1:BBzF0Pr78Y8DM20j22E6tOMwTBpFaKnSnn6N0pNe4VE= +k8s.io/component-base v0.29.13 h1:RbksXVzXYYYvmOCArMKIkxna5eTt6DjI4Zy/4H3JFLo= +k8s.io/component-base v0.29.13/go.mod h1:pjMLwLNxDg0JvXRc69GIFUEawiZEtDzm0yAJ5+Naj9s= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 h1:qVoMaQV5t62UUvHe16Q3eb2c5HPzLHYzsi0Tu/xLndo= diff --git a/bindata/crds/barbican.openstack.org_barbicanapis.yaml b/bindata/crds/barbican.openstack.org_barbicanapis.yaml index b999f61af..628ea0abe 100644 --- a/bindata/crds/barbican.openstack.org_barbicanapis.yaml +++ b/bindata/crds/barbican.openstack.org_barbicanapis.yaml @@ -296,6 +296,9 @@ spec: description: PasswordSelectors - Selectors to identify the ServiceUser password from the Secret properties: + pkcs11pin: + default: PKCS11Pin + type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user @@ -306,114 +309,24 @@ spec: type: string type: object pkcs11: - description: BarbicanPKCS11Template - Includes all common HSM properties + description: BarbicanPKCS11Template - Includes common HSM properties properties: - AESGCMGenerateIV: - default: true - description: Generate IVs for CKM_AES_GCM mechanism - type: boolean - HMACKeyType: - default: CKK_GENERIC_SECRET - description: HMAC Key Type - type: string - HMACKeygenMechanism: - default: CKM_GENERIC_SECRET_KEY_GEN - description: HMAC Keygen Mechanism - type: string - HMACLabel: - description: Label to identify HMAC key in the HSM (must not be - the same as MKEK label) - type: string - HMACMechanism: - default: CKM_SHA256_HMAC - description: HMAC Mechanism. This replaces hsm_keywrap_mechanism - type: string - MKEKLabel: - description: Label to identify master KEK in the HSM (must not - be the same as HMAC label) - type: string - MKEKLength: - default: 32 - description: Length in bytes of master KEK - type: integer - OSLockingOK: - default: false - description: Set os_locking_ok - type: boolean - alwaysSetCKASensitive: - default: true - description: Always set cka_sensitive - type: boolean - certificatesMountPoint: - description: The mounting point where the certificates will be - copied to (e.g., /usr/local/luna/config/certs). - type: string - certificatesSecret: - description: The OpenShift secret that stores the HSM certificates. - type: string - clientAddress: - description: The IP address of the client connecting to the HSM - (X.Y.Z.K) - type: string - encryptionMechanism: - default: CKM_AES_GCM - description: Secret encryption mechanism - type: string - keyWrapGenerateIV: - default: true - description: Generate IVs for the key wrap mechanism - type: boolean - keyWrapMechanism: - default: CKM_AES_KEY_WRAP_KWP - description: Key wrap mechanism + clientDataPath: + default: /etc/hsm-client + description: Location to which kolla will copy the data in ClientDataSecret. type: string - libraryPath: - description: Path to vendor's PKCS11 library + clientDataSecret: + description: |- + The OpenShift secret that stores the HSM client data. + These will be mounted to /var/lib/config-data/hsm type: string - loggingLevel: - default: 4 - description: Level of logging, where 0 means "no logging" and - 7 means "debug". - maximum: 7 - minimum: 0 - type: integer loginSecret: description: OpenShift secret that stores the password to login to the PKCS11 session type: string - serverAddress: - description: The HSM's IPv4 address (X.Y.Z.K) - type: string - slotId: - description: |- - One of TokenSerialNumber, TokenLabels or SlotId must - be defined. SlotId is used if none of the others is defined - type: string - tokenLabels: - description: |- - Token labels used to identify the token to be used. - One of TokenSerialNumber, TokenLabels or SlotId must - be specified. TokenLabels takes priority over SlotId. - This can be a comma separated string of labels - type: string - tokenSerialNumber: - description: |- - Token serial number used to identify the token to be used. - One of TokenSerialNumber, TokenLabels or SlotId must - be defined. TokenSerialNumber takes priority over - TokenLabels and SlotId - type: string - type: - description: 'A string containing the HSM type (currently supported: - "luna").' - type: string required: - - HMACLabel - - MKEKLabel - - libraryPath + - clientDataSecret - loginSecret - - serverAddress - - type type: object rabbitMqClusterName: default: rabbitmq diff --git a/bindata/crds/barbican.openstack.org_barbicankeystonelisteners.yaml b/bindata/crds/barbican.openstack.org_barbicankeystonelisteners.yaml index 05a10cddd..244c0b2b2 100644 --- a/bindata/crds/barbican.openstack.org_barbicankeystonelisteners.yaml +++ b/bindata/crds/barbican.openstack.org_barbicankeystonelisteners.yaml @@ -130,6 +130,9 @@ spec: description: PasswordSelectors - Selectors to identify the ServiceUser password from the Secret properties: + pkcs11pin: + default: PKCS11Pin + type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user @@ -140,114 +143,24 @@ spec: type: string type: object pkcs11: - description: BarbicanPKCS11Template - Includes all common HSM properties + description: BarbicanPKCS11Template - Includes common HSM properties properties: - AESGCMGenerateIV: - default: true - description: Generate IVs for CKM_AES_GCM mechanism - type: boolean - HMACKeyType: - default: CKK_GENERIC_SECRET - description: HMAC Key Type - type: string - HMACKeygenMechanism: - default: CKM_GENERIC_SECRET_KEY_GEN - description: HMAC Keygen Mechanism - type: string - HMACLabel: - description: Label to identify HMAC key in the HSM (must not be - the same as MKEK label) - type: string - HMACMechanism: - default: CKM_SHA256_HMAC - description: HMAC Mechanism. This replaces hsm_keywrap_mechanism - type: string - MKEKLabel: - description: Label to identify master KEK in the HSM (must not - be the same as HMAC label) - type: string - MKEKLength: - default: 32 - description: Length in bytes of master KEK - type: integer - OSLockingOK: - default: false - description: Set os_locking_ok - type: boolean - alwaysSetCKASensitive: - default: true - description: Always set cka_sensitive - type: boolean - certificatesMountPoint: - description: The mounting point where the certificates will be - copied to (e.g., /usr/local/luna/config/certs). - type: string - certificatesSecret: - description: The OpenShift secret that stores the HSM certificates. - type: string - clientAddress: - description: The IP address of the client connecting to the HSM - (X.Y.Z.K) - type: string - encryptionMechanism: - default: CKM_AES_GCM - description: Secret encryption mechanism - type: string - keyWrapGenerateIV: - default: true - description: Generate IVs for the key wrap mechanism - type: boolean - keyWrapMechanism: - default: CKM_AES_KEY_WRAP_KWP - description: Key wrap mechanism + clientDataPath: + default: /etc/hsm-client + description: Location to which kolla will copy the data in ClientDataSecret. type: string - libraryPath: - description: Path to vendor's PKCS11 library + clientDataSecret: + description: |- + The OpenShift secret that stores the HSM client data. + These will be mounted to /var/lib/config-data/hsm type: string - loggingLevel: - default: 4 - description: Level of logging, where 0 means "no logging" and - 7 means "debug". - maximum: 7 - minimum: 0 - type: integer loginSecret: description: OpenShift secret that stores the password to login to the PKCS11 session type: string - serverAddress: - description: The HSM's IPv4 address (X.Y.Z.K) - type: string - slotId: - description: |- - One of TokenSerialNumber, TokenLabels or SlotId must - be defined. SlotId is used if none of the others is defined - type: string - tokenLabels: - description: |- - Token labels used to identify the token to be used. - One of TokenSerialNumber, TokenLabels or SlotId must - be specified. TokenLabels takes priority over SlotId. - This can be a comma separated string of labels - type: string - tokenSerialNumber: - description: |- - Token serial number used to identify the token to be used. - One of TokenSerialNumber, TokenLabels or SlotId must - be defined. TokenSerialNumber takes priority over - TokenLabels and SlotId - type: string - type: - description: 'A string containing the HSM type (currently supported: - "luna").' - type: string required: - - HMACLabel - - MKEKLabel - - libraryPath + - clientDataSecret - loginSecret - - serverAddress - - type type: object rabbitMqClusterName: default: rabbitmq diff --git a/bindata/crds/barbican.openstack.org_barbicans.yaml b/bindata/crds/barbican.openstack.org_barbicans.yaml index f38de9db3..e5fb33185 100644 --- a/bindata/crds/barbican.openstack.org_barbicans.yaml +++ b/bindata/crds/barbican.openstack.org_barbicans.yaml @@ -639,6 +639,9 @@ spec: description: PasswordSelectors - Selectors to identify the ServiceUser password from the Secret properties: + pkcs11pin: + default: PKCS11Pin + type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user @@ -649,114 +652,24 @@ spec: type: string type: object pkcs11: - description: BarbicanPKCS11Template - Includes all common HSM properties + description: BarbicanPKCS11Template - Includes common HSM properties properties: - AESGCMGenerateIV: - default: true - description: Generate IVs for CKM_AES_GCM mechanism - type: boolean - HMACKeyType: - default: CKK_GENERIC_SECRET - description: HMAC Key Type - type: string - HMACKeygenMechanism: - default: CKM_GENERIC_SECRET_KEY_GEN - description: HMAC Keygen Mechanism - type: string - HMACLabel: - description: Label to identify HMAC key in the HSM (must not be - the same as MKEK label) - type: string - HMACMechanism: - default: CKM_SHA256_HMAC - description: HMAC Mechanism. This replaces hsm_keywrap_mechanism - type: string - MKEKLabel: - description: Label to identify master KEK in the HSM (must not - be the same as HMAC label) - type: string - MKEKLength: - default: 32 - description: Length in bytes of master KEK - type: integer - OSLockingOK: - default: false - description: Set os_locking_ok - type: boolean - alwaysSetCKASensitive: - default: true - description: Always set cka_sensitive - type: boolean - certificatesMountPoint: - description: The mounting point where the certificates will be - copied to (e.g., /usr/local/luna/config/certs). - type: string - certificatesSecret: - description: The OpenShift secret that stores the HSM certificates. - type: string - clientAddress: - description: The IP address of the client connecting to the HSM - (X.Y.Z.K) - type: string - encryptionMechanism: - default: CKM_AES_GCM - description: Secret encryption mechanism + clientDataPath: + default: /etc/hsm-client + description: Location to which kolla will copy the data in ClientDataSecret. type: string - keyWrapGenerateIV: - default: true - description: Generate IVs for the key wrap mechanism - type: boolean - keyWrapMechanism: - default: CKM_AES_KEY_WRAP_KWP - description: Key wrap mechanism - type: string - libraryPath: - description: Path to vendor's PKCS11 library + clientDataSecret: + description: |- + The OpenShift secret that stores the HSM client data. + These will be mounted to /var/lib/config-data/hsm type: string - loggingLevel: - default: 4 - description: Level of logging, where 0 means "no logging" and - 7 means "debug". - maximum: 7 - minimum: 0 - type: integer loginSecret: description: OpenShift secret that stores the password to login to the PKCS11 session type: string - serverAddress: - description: The HSM's IPv4 address (X.Y.Z.K) - type: string - slotId: - description: |- - One of TokenSerialNumber, TokenLabels or SlotId must - be defined. SlotId is used if none of the others is defined - type: string - tokenLabels: - description: |- - Token labels used to identify the token to be used. - One of TokenSerialNumber, TokenLabels or SlotId must - be specified. TokenLabels takes priority over SlotId. - This can be a comma separated string of labels - type: string - tokenSerialNumber: - description: |- - Token serial number used to identify the token to be used. - One of TokenSerialNumber, TokenLabels or SlotId must - be defined. TokenSerialNumber takes priority over - TokenLabels and SlotId - type: string - type: - description: 'A string containing the HSM type (currently supported: - "luna").' - type: string required: - - HMACLabel - - MKEKLabel - - libraryPath + - clientDataSecret - loginSecret - - serverAddress - - type type: object preserveJobs: default: false diff --git a/bindata/crds/barbican.openstack.org_barbicanworkers.yaml b/bindata/crds/barbican.openstack.org_barbicanworkers.yaml index fd04997f5..d92f54539 100644 --- a/bindata/crds/barbican.openstack.org_barbicanworkers.yaml +++ b/bindata/crds/barbican.openstack.org_barbicanworkers.yaml @@ -128,6 +128,9 @@ spec: description: PasswordSelectors - Selectors to identify the ServiceUser password from the Secret properties: + pkcs11pin: + default: PKCS11Pin + type: string service: default: BarbicanPassword description: Service - Selector to get the barbican service user @@ -138,114 +141,24 @@ spec: type: string type: object pkcs11: - description: BarbicanPKCS11Template - Includes all common HSM properties + description: BarbicanPKCS11Template - Includes common HSM properties properties: - AESGCMGenerateIV: - default: true - description: Generate IVs for CKM_AES_GCM mechanism - type: boolean - HMACKeyType: - default: CKK_GENERIC_SECRET - description: HMAC Key Type - type: string - HMACKeygenMechanism: - default: CKM_GENERIC_SECRET_KEY_GEN - description: HMAC Keygen Mechanism - type: string - HMACLabel: - description: Label to identify HMAC key in the HSM (must not be - the same as MKEK label) - type: string - HMACMechanism: - default: CKM_SHA256_HMAC - description: HMAC Mechanism. This replaces hsm_keywrap_mechanism - type: string - MKEKLabel: - description: Label to identify master KEK in the HSM (must not - be the same as HMAC label) - type: string - MKEKLength: - default: 32 - description: Length in bytes of master KEK - type: integer - OSLockingOK: - default: false - description: Set os_locking_ok - type: boolean - alwaysSetCKASensitive: - default: true - description: Always set cka_sensitive - type: boolean - certificatesMountPoint: - description: The mounting point where the certificates will be - copied to (e.g., /usr/local/luna/config/certs). - type: string - certificatesSecret: - description: The OpenShift secret that stores the HSM certificates. - type: string - clientAddress: - description: The IP address of the client connecting to the HSM - (X.Y.Z.K) - type: string - encryptionMechanism: - default: CKM_AES_GCM - description: Secret encryption mechanism - type: string - keyWrapGenerateIV: - default: true - description: Generate IVs for the key wrap mechanism - type: boolean - keyWrapMechanism: - default: CKM_AES_KEY_WRAP_KWP - description: Key wrap mechanism + clientDataPath: + default: /etc/hsm-client + description: Location to which kolla will copy the data in ClientDataSecret. type: string - libraryPath: - description: Path to vendor's PKCS11 library + clientDataSecret: + description: |- + The OpenShift secret that stores the HSM client data. + These will be mounted to /var/lib/config-data/hsm type: string - loggingLevel: - default: 4 - description: Level of logging, where 0 means "no logging" and - 7 means "debug". - maximum: 7 - minimum: 0 - type: integer loginSecret: description: OpenShift secret that stores the password to login to the PKCS11 session type: string - serverAddress: - description: The HSM's IPv4 address (X.Y.Z.K) - type: string - slotId: - description: |- - One of TokenSerialNumber, TokenLabels or SlotId must - be defined. SlotId is used if none of the others is defined - type: string - tokenLabels: - description: |- - Token labels used to identify the token to be used. - One of TokenSerialNumber, TokenLabels or SlotId must - be specified. TokenLabels takes priority over SlotId. - This can be a comma separated string of labels - type: string - tokenSerialNumber: - description: |- - Token serial number used to identify the token to be used. - One of TokenSerialNumber, TokenLabels or SlotId must - be defined. TokenSerialNumber takes priority over - TokenLabels and SlotId - type: string - type: - description: 'A string containing the HSM type (currently supported: - "luna").' - type: string required: - - HMACLabel - - MKEKLabel - - libraryPath + - clientDataSecret - loginSecret - - serverAddress - - type type: object rabbitMqClusterName: default: rabbitmq diff --git a/bindata/crds/crds.yaml b/bindata/crds/crds.yaml index f6fb9c97b..cc464f171 100644 --- a/bindata/crds/crds.yaml +++ b/bindata/crds/crds.yaml @@ -555,6 +555,9 @@ spec: service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK properties: + pkcs11pin: + default: PKCS11Pin + type: string service: default: BarbicanPassword type: string @@ -564,72 +567,16 @@ spec: type: object pkcs11: properties: - AESGCMGenerateIV: - default: true - type: boolean - HMACKeyType: - default: CKK_GENERIC_SECRET - type: string - HMACKeygenMechanism: - default: CKM_GENERIC_SECRET_KEY_GEN - type: string - HMACLabel: - type: string - HMACMechanism: - default: CKM_SHA256_HMAC - type: string - MKEKLabel: - type: string - MKEKLength: - default: 32 - type: integer - OSLockingOK: - default: false - type: boolean - alwaysSetCKASensitive: - default: true - type: boolean - certificatesMountPoint: - type: string - certificatesSecret: + clientDataPath: + default: /etc/hsm-client type: string - clientAddress: - type: string - encryptionMechanism: - default: CKM_AES_GCM - type: string - keyWrapGenerateIV: - default: true - type: boolean - keyWrapMechanism: - default: CKM_AES_KEY_WRAP_KWP + clientDataSecret: type: string - libraryPath: - type: string - loggingLevel: - default: 4 - maximum: 7 - minimum: 0 - type: integer loginSecret: type: string - serverAddress: - type: string - slotId: - type: string - tokenLabels: - type: string - tokenSerialNumber: - type: string - type: - type: string required: - - HMACLabel - - MKEKLabel - - libraryPath + - clientDataSecret - loginSecret - - serverAddress - - type type: object preserveJobs: default: false @@ -6311,6 +6258,8 @@ spec: type: integer httpdCustomization: properties: + customConfigSecret: + type: string processNumber: default: 3 format: int32 @@ -15886,6 +15835,9 @@ spec: enabled: default: true type: boolean + ksmEnabled: + default: true + type: boolean ksmTls: properties: caBundleSecretName: @@ -15909,6 +15861,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic nodeSelector: additionalProperties: type: string @@ -16631,6 +16584,11 @@ spec: type: string type: object type: object + networkAttachments: + items: + type: string + type: array + x-kubernetes-list-type: atomic prometheusTls: properties: caBundleSecretName: diff --git a/bindata/crds/instanceha.openstack.org_instancehas.yaml b/bindata/crds/instanceha.openstack.org_instancehas.yaml index e57803da3..7c4fabfe5 100644 --- a/bindata/crds/instanceha.openstack.org_instancehas.yaml +++ b/bindata/crds/instanceha.openstack.org_instancehas.yaml @@ -53,7 +53,6 @@ spec: bundle file type: string containerImage: - default: quay.io/podified-antelope-centos9/openstack-openstackclient:current-podified description: ContainerImage for the the InstanceHa container (will be set to environmental default if empty) type: string diff --git a/bindata/crds/keystone.openstack.org_keystoneapis.yaml b/bindata/crds/keystone.openstack.org_keystoneapis.yaml index 287633e67..0503b239d 100644 --- a/bindata/crds/keystone.openstack.org_keystoneapis.yaml +++ b/bindata/crds/keystone.openstack.org_keystoneapis.yaml @@ -115,6 +115,16 @@ spec: httpdCustomization: description: HttpdCustomization - customize the httpd service properties: + customConfigSecret: + description: |- + CustomConfigSecret - customize the httpd vhost config using this parameter to specify + a secret that contains service config data. The content of each provided snippet gets + rendered as a go template and placed into /etc/httpd/conf/httpd_custom_ . + In the default httpd template at the end of the vhost those custom configs get + included using `Include conf/httpd_custom__*`. + For information on how sections in httpd configuration get merged, check section + "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging + type: string processNumber: default: 3 description: ProcessNumber - Number of processes running in keystone diff --git a/bindata/crds/octavia.openstack.org_octaviarsyslogs.yaml b/bindata/crds/octavia.openstack.org_octaviarsyslogs.yaml index bd0f14248..2c65b8c39 100644 --- a/bindata/crds/octavia.openstack.org_octaviarsyslogs.yaml +++ b/bindata/crds/octavia.openstack.org_octaviarsyslogs.yaml @@ -73,7 +73,7 @@ spec: type: array containerImage: default: quay.io/podified-antelope-centos9/openstack-rsyslog:current-podified - description: ContainerImage - Amphora Controller Container Image URL + description: ContainerImage - Rsyslog Container Image URL type: string defaultConfigOverwrite: additionalProperties: @@ -83,6 +83,11 @@ spec: But can also be used to add additional files. Those get added to the service config dir in /etc/ . TODO: -> implement type: object + initContainerImage: + default: quay.io/podified-antelope-centos9/openstack-octavia-health-manager:current-podified + description: InitContainerImage - Rsyslog init Container Image URL + for + type: string networkAttachments: default: - octavia diff --git a/bindata/crds/octavia.openstack.org_octavias.yaml b/bindata/crds/octavia.openstack.org_octavias.yaml index 5d5fc842d..900c33960 100644 --- a/bindata/crds/octavia.openstack.org_octavias.yaml +++ b/bindata/crds/octavia.openstack.org_octavias.yaml @@ -985,8 +985,7 @@ spec: type: array containerImage: default: quay.io/podified-antelope-centos9/openstack-rsyslog:current-podified - description: ContainerImage - Amphora Controller Container Image - URL + description: ContainerImage - Rsyslog Container Image URL type: string defaultConfigOverwrite: additionalProperties: @@ -996,6 +995,11 @@ spec: But can also be used to add additional files. Those get added to the service config dir in /etc/ . TODO: -> implement type: object + initContainerImage: + default: quay.io/podified-antelope-centos9/openstack-octavia-health-manager:current-podified + description: InitContainerImage - Rsyslog init Container Image + URL for + type: string networkAttachments: default: - octavia diff --git a/bindata/crds/telemetry.openstack.org_ceilometers.yaml b/bindata/crds/telemetry.openstack.org_ceilometers.yaml index 1e00939dd..cdf40de44 100644 --- a/bindata/crds/telemetry.openstack.org_ceilometers.yaml +++ b/bindata/crds/telemetry.openstack.org_ceilometers.yaml @@ -45,6 +45,7 @@ spec: type: string ksmStatus: description: KSMStatus defines the observed state of kube-state-metrics + [DEPRECATED, Status is used instead] properties: conditions: description: Conditions @@ -136,6 +137,10 @@ spec: type: object ipmiImage: type: string + ksmEnabled: + default: true + description: Whether kube-state-metrics should be deployed + type: boolean ksmImage: type: string ksmTls: @@ -180,6 +185,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic nodeSelector: additionalProperties: type: string @@ -295,6 +301,15 @@ spec: type: string description: Map of hashes to track e.g. job status type: object + ksmHash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + ksmReadyCount: + description: ReadyCount of kube-state-metrics instances + format: int32 + type: integer mysqldExporterExportedGaleras: description: List of galera CRs, which are being exported with mysqld_exporter items: diff --git a/bindata/crds/telemetry.openstack.org_metricstorages.yaml b/bindata/crds/telemetry.openstack.org_metricstorages.yaml index 38ce4eb8b..6a4287ae6 100644 --- a/bindata/crds/telemetry.openstack.org_metricstorages.yaml +++ b/bindata/crds/telemetry.openstack.org_metricstorages.yaml @@ -15,6 +15,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string - description: Status jsonPath: .status.conditions[0].status name: Status @@ -1299,6 +1303,13 @@ spec: type: string type: object type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + x-kubernetes-list-type: atomic prometheusTls: description: TLS - Parameters related to the TLS properties: @@ -1357,6 +1368,11 @@ spec: - type type: object type: array + networkAttachments: + additionalProperties: + type: string + description: NetworkAttachments status of the Prometheus pods + type: object observedGeneration: description: |- ObservedGeneration - the most recent generation observed for this diff --git a/bindata/crds/telemetry.openstack.org_telemetries.yaml b/bindata/crds/telemetry.openstack.org_telemetries.yaml index 4246178d7..41f8b18ff 100644 --- a/bindata/crds/telemetry.openstack.org_telemetries.yaml +++ b/bindata/crds/telemetry.openstack.org_telemetries.yaml @@ -433,6 +433,10 @@ spec: type: boolean ipmiImage: type: string + ksmEnabled: + default: true + description: Whether kube-state-metrics should be deployed + type: boolean ksmImage: type: string ksmTls: @@ -477,6 +481,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic nodeSelector: additionalProperties: type: string @@ -1864,6 +1869,13 @@ spec: type: string type: object type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + x-kubernetes-list-type: atomic prometheusTls: description: TLS - Parameters related to the TLS properties: diff --git a/bindata/crds/topology.openstack.org_topologies.yaml b/bindata/crds/topology.openstack.org_topologies.yaml new file mode 100644 index 000000000..4316fbff5 --- /dev/null +++ b/bindata/crds/topology.openstack.org_topologies.yaml @@ -0,0 +1,1124 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: topologies.topology.openstack.org +spec: + group: topology.openstack.org + names: + kind: Topology + listKind: TopologyList + plural: topologies + singular: topology + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Topology is the Schema for the topologies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TopologySpec defines the desired state of Topology + properties: + affinity: + description: |- + Affinity exposes PodAffinity, PodAntiaffinity and NodeAffinity overrides + that are applied to StatefulSet/Deployments + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + topologySpreadConstraints: + description: |- + TopologySpreadConstraints exposes topologySpreadConstraints that are + applied to the StatefulSet + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/rbac/horizon-operator-rbac.yaml b/bindata/rbac/horizon-operator-rbac.yaml index 709be2a9a..6601e7b10 100644 --- a/bindata/rbac/horizon-operator-rbac.yaml +++ b/bindata/rbac/horizon-operator-rbac.yaml @@ -172,6 +172,14 @@ rules: - get - list - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - get + - list + - watch - apiGroups: - memcached.openstack.org resources: diff --git a/bindata/rbac/telemetry-operator-rbac.yaml b/bindata/rbac/telemetry-operator-rbac.yaml index e59d55d31..1dda4e76e 100644 --- a/bindata/rbac/telemetry-operator-rbac.yaml +++ b/bindata/rbac/telemetry-operator-rbac.yaml @@ -148,6 +148,14 @@ rules: - get - list - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch - apiGroups: - keystone.openstack.org resources: diff --git a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml index b2eaf0ee0..c68f053ef 100644 --- a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -458,6 +458,9 @@ spec: service: BarbicanPassword simplecryptokek: BarbicanSimpleCryptoKEK properties: + pkcs11pin: + default: PKCS11Pin + type: string service: default: BarbicanPassword type: string @@ -467,72 +470,16 @@ spec: type: object pkcs11: properties: - AESGCMGenerateIV: - default: true - type: boolean - HMACKeyType: - default: CKK_GENERIC_SECRET - type: string - HMACKeygenMechanism: - default: CKM_GENERIC_SECRET_KEY_GEN - type: string - HMACLabel: - type: string - HMACMechanism: - default: CKM_SHA256_HMAC - type: string - MKEKLabel: - type: string - MKEKLength: - default: 32 - type: integer - OSLockingOK: - default: false - type: boolean - alwaysSetCKASensitive: - default: true - type: boolean - certificatesMountPoint: - type: string - certificatesSecret: + clientDataPath: + default: /etc/hsm-client type: string - clientAddress: - type: string - encryptionMechanism: - default: CKM_AES_GCM - type: string - keyWrapGenerateIV: - default: true - type: boolean - keyWrapMechanism: - default: CKM_AES_KEY_WRAP_KWP + clientDataSecret: type: string - libraryPath: - type: string - loggingLevel: - default: 4 - maximum: 7 - minimum: 0 - type: integer loginSecret: type: string - serverAddress: - type: string - slotId: - type: string - tokenLabels: - type: string - tokenSerialNumber: - type: string - type: - type: string required: - - HMACLabel - - MKEKLabel - - libraryPath + - clientDataSecret - loginSecret - - serverAddress - - type type: object preserveJobs: default: false @@ -6214,6 +6161,8 @@ spec: type: integer httpdCustomization: properties: + customConfigSecret: + type: string processNumber: default: 3 format: int32 @@ -15789,6 +15738,9 @@ spec: enabled: default: true type: boolean + ksmEnabled: + default: true + type: boolean ksmTls: properties: caBundleSecretName: @@ -15812,6 +15764,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic nodeSelector: additionalProperties: type: string @@ -16534,6 +16487,11 @@ spec: type: string type: object type: object + networkAttachments: + items: + type: string + type: array + x-kubernetes-list-type: atomic prometheusTls: properties: caBundleSecretName: diff --git a/config/operator/manager_operator_images.yaml b/config/operator/manager_operator_images.yaml index 21b942251..235a3dc29 100644 --- a/config/operator/manager_operator_images.yaml +++ b/config/operator/manager_operator_images.yaml @@ -14,44 +14,44 @@ spec: - name: operator env: - name: RELATED_IMAGE_BARBICAN_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/barbican-operator@sha256:e72c46447b50a78e9b0c60884c16fefd07501f4d199a7702126f811c1d13fd28 + value: quay.io/openstack-k8s-operators/barbican-operator@sha256:18980b0f85f4bfbdd41e2c5a05ac9eb3df208ac20f7d4b2f8fe0bb7c438c46d5 - name: RELATED_IMAGE_CINDER_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/cinder-operator@sha256:b25b8c1d3f786804bd1f0e6e676d5630dc5403ab833a0a76de53068065dbdfbe + value: quay.io/openstack-k8s-operators/cinder-operator@sha256:92cd06506f633fbd36e3b0d0e145835304f3f8e197515c90a05974faabe4d491 - name: RELATED_IMAGE_DESIGNATE_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/designate-operator@sha256:1dd77b9c7b0321f80baa4324d333df336aed10ec8fdd04f0edd735fbe1cf5cd5 + value: quay.io/openstack-k8s-operators/designate-operator@sha256:16e1770edc2c621ac89fdca5a10d8110bd5b43249ad1aa3d0369c1892cb4053f - name: RELATED_IMAGE_GLANCE_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/glance-operator@sha256:27c0b5c7d671ae3b405ea800999e8d1edf01fe91688a3e542011e7f4b09dcacb + value: quay.io/openstack-k8s-operators/glance-operator@sha256:3376b637ae0249423be1a8b539b7e7c54a285194fb8a9095062f24a65600c3d5 - name: RELATED_IMAGE_HEAT_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/heat-operator@sha256:68aa95ce80e33704b6052b0ba1c071ff2fe364d220b8d0f5f667724f473bd47d + value: quay.io/openstack-k8s-operators/heat-operator@sha256:aa30e36c7cf183f3aa63e90794ea6cb2d191c29cf6825bba19a19e855a8360ed - name: RELATED_IMAGE_HORIZON_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/horizon-operator@sha256:6e292a7c2f7b620ccdf6135cc949d82840db0d2c88440464345fae94d7104c51 + value: quay.io/openstack-k8s-operators/horizon-operator@sha256:a7fda492ec0dfd798bf1315b6ee828c4febe898aa918b6b0107664d6dcbd6a81 - name: RELATED_IMAGE_INFRA_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/infra-operator@sha256:d4e6e3701328a25c0d6ae0a765cdffb2436387eb07bbb5a57211c67744ba41fe + value: quay.io/openstack-k8s-operators/infra-operator@sha256:73741d7f4e713753311001cbea234ad77c70e834e7c2b03eec2ca37c372a9fcb - name: RELATED_IMAGE_IRONIC_OPERATOR_MANAGER_IMAGE_URL value: quay.io/openstack-k8s-operators/ironic-operator@sha256:bad53185041f6003f3f573df9bbf248aa1c47a1060abcb5410201d74bcb08829 - name: RELATED_IMAGE_KEYSTONE_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/keystone-operator@sha256:b1a3a9b879758fa42c1fc5acb23d5f6435405a2977504d8cdfa72aaba373955f + value: quay.io/openstack-k8s-operators/keystone-operator@sha256:f5a15209a080f124c2ab9febb2ad9b65af1422d0cd066ec8c6a6abd8e1fd0e84 - name: RELATED_IMAGE_MANILA_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/manila-operator@sha256:f33d7eda4988244f7b5a2d84f7054b5e6b70b02aa05aca82455b837a6295a9ab + value: quay.io/openstack-k8s-operators/manila-operator@sha256:72a1bef77126188f623eeae40b07359f111d720585e13c991c576c36ef5da3a7 - name: RELATED_IMAGE_MARIADB_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/mariadb-operator@sha256:c8911c5d0eb1797e4440cf095c68e4129bbfc775d216d7a8d0f9cfe0a16f0967 + value: quay.io/openstack-k8s-operators/mariadb-operator@sha256:9340b805296c23e21833a37afe99e0e139a161d26edcf5c7a7b9a63529516bf0 - name: RELATED_IMAGE_NEUTRON_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/neutron-operator@sha256:b120ee4d49ff8ab19b89bc68b10f8cbbd6b3bb2cee68c597b591e79be8dce92d + value: quay.io/openstack-k8s-operators/neutron-operator@sha256:f9dc32cc86d8320306716e5e99977b9a9b360e2c0fe2b0ea4da440663198b358 - name: RELATED_IMAGE_NOVA_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/nova-operator@sha256:e02e1374ce6458d1663c615d07fdaa2f1aad273ef7d94d58121b9a5c4522e8cd + value: quay.io/openstack-k8s-operators/nova-operator@sha256:a373a561a5c99998f6eb4afb5b48350709ca2dd2b127fe3d323baa758eba751d - name: RELATED_IMAGE_OCTAVIA_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/octavia-operator@sha256:afb2f4458c83ba266815c744aff5bb32301a9510771b93378923af47e0769975 + value: quay.io/openstack-k8s-operators/octavia-operator@sha256:fef6a050193789bce817ceff852f4bf4a6f9ffbbd7b59494f1465f1c9d951c11 - name: RELATED_IMAGE_OPENSTACK_BAREMETAL_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/openstack-baremetal-operator@sha256:919ecaf79f2094441b54972cc1752119b78bff4bd5d1c781083fe4205aeee196 + value: quay.io/openstack-k8s-operators/openstack-baremetal-operator@sha256:f515dbdddef5cd1c3318ad370d987b2a5a24e10310cdf61f5ff55676264ffd30 - name: RELATED_IMAGE_OVN_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/ovn-operator@sha256:f23d456960ef674272cb4306cffbf7d14b2b340156a145ae7b653255e57d372e + value: quay.io/openstack-k8s-operators/ovn-operator@sha256:b32720841ecf8460dad4a48760915b2bfa16b07156288917d86451a24a5eb7f9 - name: RELATED_IMAGE_PLACEMENT_OPERATOR_MANAGER_IMAGE_URL value: quay.io/openstack-k8s-operators/placement-operator@sha256:f25a277c9ed1bb6fbe3fd4eb8b71d8a771dc5fc9aff9e0064ced552ba7b5fc9b - name: RELATED_IMAGE_RABBITMQ_CLUSTER_OPERATOR_MANAGER_IMAGE_URL value: quay.io/openstack-k8s-operators/rabbitmq-cluster-operator@sha256:225524223bf2a7f3a4ce95958fc9ca6fdab02745fb70374e8ff5bf1ddaceda4b - name: RELATED_IMAGE_SWIFT_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/swift-operator@sha256:c5550d38a452a76cf4c17967bc36b2c722411a2f499366112f9b013918827434 + value: quay.io/openstack-k8s-operators/swift-operator@sha256:65d6dd43bf86a5de20fa34debcf105e5b7282ffe5d5108322e252132e12ea6e2 - name: RELATED_IMAGE_TELEMETRY_OPERATOR_MANAGER_IMAGE_URL - value: quay.io/openstack-k8s-operators/telemetry-operator@sha256:fd6325fa52405a28129fdf0bde69429758f053ef58d53bc63756f91906b84cc0 + value: quay.io/openstack-k8s-operators/telemetry-operator@sha256:91ea9e8572089079c528d46b993383cf5adc498ac1498849bf3f002a63228943 - name: RELATED_IMAGE_TEST_OPERATOR_MANAGER_IMAGE_URL value: quay.io/openstack-k8s-operators/test-operator@sha256:02489c6cf6a839478d19f7b0926e7ee701c95554e483a44fa759031bbee60929 diff --git a/go.mod b/go.mod index 9a5f169eb..49a86d819 100644 --- a/go.mod +++ b/go.mod @@ -12,40 +12,40 @@ require ( github.com/onsi/ginkgo/v2 v2.20.1 github.com/onsi/gomega v1.34.1 github.com/openshift/api v3.9.0+incompatible - github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250114105137-ffbe4b44312c - github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20241217072755-fb4d39411ad2 - github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250113135558-c44a8799bd60 - github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250109233430-f208aa212181 - github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250107183423-65b8e596796a - github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250106004957-8f2f2c4a1720 - github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250114103227-09deb192370f + github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250127073547-cf83ce8088a0 + github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20250122131751-fa5a7a53e15d + github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250205122129-ae40ae1d9504 + github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250126100316-be560a599e2d + github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250129204831-17deaa376556 + github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250203063315-e5e6165191f8 + github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250204091142-ae8379c31edb github.com/openstack-k8s-operators/ironic-operator/api v0.5.1-0.20250107140737-1d83138767c2 - github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250113154337-ece4d21f3ed9 + github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250203105048-182afa0c45d8 github.com/openstack-k8s-operators/lib-common/modules/ansible v0.5.0 - github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.5.1-0.20250113155806-c6542cc4eb2b - github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250113155806-c6542cc4eb2b - github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250113155806-c6542cc4eb2b - github.com/openstack-k8s-operators/lib-common/modules/test v0.5.1-0.20250113155806-c6542cc4eb2b - github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250112074607-12e4c8fce4e1 - github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250114123606-99679fd7aabe - github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250113174834-092188dbb0ca - github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250113105937-70784bbb8ddd - github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250114104851-575fc03d6b94 - github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250114121407-07c61df54c33 + github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.5.1-0.20250205143454-43504d7ad19a + github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250205143454-43504d7ad19a + github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250205143454-43504d7ad19a + github.com/openstack-k8s-operators/lib-common/modules/test v0.5.1-0.20250205143454-43504d7ad19a + github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250126093016-ccebb1946294 + github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250130183307-cd27e92d7620 + github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250123151805-ee0b6cafae52 + github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250129114118-0933c978bad4 + github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250204150806-a8e38cac8de0 + github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250204103128-f4aca08eca76 github.com/openstack-k8s-operators/openstack-operator/apis v0.0.0-20240531084739-3b4c0451297c - github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250107161655-560140ff3cb0 + github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250204081936-e9c027e0a2b8 github.com/openstack-k8s-operators/placement-operator/api v0.5.1-0.20241223152937-5c39b092c37f - github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250107153542-fb9c65d9aa6f - github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250113133356-286a91287f17 + github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250127070538-5d5c2809b81a + github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250205132728-e1506f7561a1 github.com/openstack-k8s-operators/test-operator/api v0.5.1-0.20250113125805-be35b077304c github.com/pkg/errors v0.9.1 github.com/rabbitmq/cluster-operator/v2 v2.11.0 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.29.12 - k8s.io/apimachinery v0.29.12 - k8s.io/client-go v0.29.12 + k8s.io/api v0.29.13 + k8s.io/apimachinery v0.29.13 + k8s.io/client-go v0.29.13 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 sigs.k8s.io/controller-runtime v0.17.6 ) @@ -83,7 +83,7 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250113155806-c6542cc4eb2b // indirect + github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250205143454-43504d7ad19a // indirect github.com/prometheus/client_golang v1.19.0 // indirect github.com/prometheus/client_model v0.6.0 // indirect github.com/prometheus/common v0.53.0 // indirect @@ -97,9 +97,9 @@ require ( golang.org/x/mod v0.20.0 // indirect golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/sys v0.29.0 // indirect + golang.org/x/term v0.28.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect @@ -107,8 +107,8 @@ require ( google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/apiextensions-apiserver v0.29.12 // indirect - k8s.io/component-base v0.29.12 // indirect + k8s.io/apiextensions-apiserver v0.29.13 // indirect + k8s.io/component-base v0.29.13 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 // indirect sigs.k8s.io/gateway-api v1.0.0 // indirect diff --git a/go.sum b/go.sum index bd91f274f..d511e4c4f 100644 --- a/go.sum +++ b/go.sum @@ -98,58 +98,58 @@ github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094 h1:J1wuGhVxpsHykZBa6Beb1gQ96Ptej9AE/BvwCBiRj1E= github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= -github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250114105137-ffbe4b44312c h1:b1hsQxTGvP63BIz7Y1HhhLD6cTD/jGtw7oOGr7aBRUs= -github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250114105137-ffbe4b44312c/go.mod h1:MP9fcTNnT27ltU5j9t0K6i0F6J+9+5k0o0qNM4vg47g= -github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20241217072755-fb4d39411ad2 h1:iY0RYw5hyeaou7ujKCrkYpgebIyh5O5FRsvkMwSZdNk= -github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20241217072755-fb4d39411ad2/go.mod h1:GoZVwi0mFiqivii2K+EBYW0meEv/X8txqqpBRjxDVbc= -github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250113135558-c44a8799bd60 h1:EV0ZxlWiGno7WgeY6SwCsADjOPIYO5h/xTlRzxaP3TA= -github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250113135558-c44a8799bd60/go.mod h1:QuXDT8S2b0ho4YK7BxP2qqUVdRQAP4JnbHIWHq9Dq44= -github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250109233430-f208aa212181 h1:RLpUTS2fWXoJ2IJbo45gBwN0ZIbZUQo7FnHnBvVeOxs= -github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250109233430-f208aa212181/go.mod h1:G6DMNVvzdewyzSckZNUioGglhE27OxmzBIlfdcsFT4E= -github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250107183423-65b8e596796a h1:L9imzhOnwl5t7PKGv2nTeaov3tK/rbQtgLSgwtjBOmA= -github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250107183423-65b8e596796a/go.mod h1:rThjI75U53XDjzx7ZVnbCR1uPdlOWgFv++e0y377r2U= -github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250106004957-8f2f2c4a1720 h1:t3q1LGUaB+1lHXN62y2EF1D82Y6gIelyR9S65sD4di0= -github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250106004957-8f2f2c4a1720/go.mod h1:UGkrLEcGjc+q4tbUT00q4dHOMpcTaMqrs3CTXpetuyc= -github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250114103227-09deb192370f h1:36rtQYpamFftd6t/PgGfGRLHiv5ByOsbOWGmE/aaUoU= -github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250114103227-09deb192370f/go.mod h1:TDaE7BVQvJwJGFm33R6xcPTeF8LKAnMh+a1ho+YqJHs= +github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250127073547-cf83ce8088a0 h1:Fpiury9F9pOpdUUdB0stSjc8SjRCvWnOrD9k0Y1fJdA= +github.com/openstack-k8s-operators/barbican-operator/api v0.5.1-0.20250127073547-cf83ce8088a0/go.mod h1:MP9fcTNnT27ltU5j9t0K6i0F6J+9+5k0o0qNM4vg47g= +github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20250122131751-fa5a7a53e15d h1:Yhnh/8ERlSuwufK54InF+6/zH8f3vuQzL6Cc/n4SJ/k= +github.com/openstack-k8s-operators/cinder-operator/api v0.5.1-0.20250122131751-fa5a7a53e15d/go.mod h1:GoZVwi0mFiqivii2K+EBYW0meEv/X8txqqpBRjxDVbc= +github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250205122129-ae40ae1d9504 h1:aohiThW8PwzZS8bnsO7QOFbsnG6Ws9FcYUQmkIA3heA= +github.com/openstack-k8s-operators/designate-operator/api v0.5.1-0.20250205122129-ae40ae1d9504/go.mod h1:QuXDT8S2b0ho4YK7BxP2qqUVdRQAP4JnbHIWHq9Dq44= +github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250126100316-be560a599e2d h1:+IIIuQsLXDKj/c3LJnXd1xUmaqoX90qce3E4XR+8V9Y= +github.com/openstack-k8s-operators/glance-operator/api v0.5.1-0.20250126100316-be560a599e2d/go.mod h1:I0guyNO00WfDcG20snrCJpTt5MhT1e+ugWfMc7YdDws= +github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250129204831-17deaa376556 h1:y4BdDTeuRDLwneYQg3N0Ei23/xILbHgCxyPmQtQdwR0= +github.com/openstack-k8s-operators/heat-operator/api v0.5.1-0.20250129204831-17deaa376556/go.mod h1:6egBIaHzwbzRHQxkkmHBkBRLHWrJ3eH1EhVuz5Z3dhU= +github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250203063315-e5e6165191f8 h1:A5+uQ6KW8PQVlunD/tbrEaZRFeUQMOICVSE/ZaNry7g= +github.com/openstack-k8s-operators/horizon-operator/api v0.5.1-0.20250203063315-e5e6165191f8/go.mod h1:UGkrLEcGjc+q4tbUT00q4dHOMpcTaMqrs3CTXpetuyc= +github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250204091142-ae8379c31edb h1:SedlzLahRyzctVTXzVrpmjui78A7Z0g8V1cmPBoQzYY= +github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250204091142-ae8379c31edb/go.mod h1:TDaE7BVQvJwJGFm33R6xcPTeF8LKAnMh+a1ho+YqJHs= github.com/openstack-k8s-operators/ironic-operator/api v0.5.1-0.20250107140737-1d83138767c2 h1:nFbSN0goC+CWeHa7oRrOD+jOUmVNc+Nn/tGgjtCOjag= github.com/openstack-k8s-operators/ironic-operator/api v0.5.1-0.20250107140737-1d83138767c2/go.mod h1:E2y4HZ0WVbDfvf+VBCtA+uy7c8uuR54ED8w5YvlHbYo= -github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250113154337-ece4d21f3ed9 h1:DMf/FNh8d082g8EaMHQ7nurk3EWkbVtvWclhHWKUE6Q= -github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250113154337-ece4d21f3ed9/go.mod h1:CyuEOM1TpXKNUR1n8cudNtRzTEwkzv90JFkpDPPId8E= +github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250203105048-182afa0c45d8 h1:HIL7hIXZPuwMVr46jMoLxHToBHAplGWwOtR4FlMrCUU= +github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250203105048-182afa0c45d8/go.mod h1:pZ3kLMgL9thHN7ewyLsTE8R0nsI81f8KJ0yEVBBpa9Q= github.com/openstack-k8s-operators/lib-common/modules/ansible v0.5.0 h1:M6tou1UD+en6fcZtV64RPsDVdHH5up6oqtENDU8dRyE= github.com/openstack-k8s-operators/lib-common/modules/ansible v0.5.0/go.mod h1:FxA/2ChDnVKgbZAyiiRLDGZB7WMcrHlOMBZYUQGgRf0= -github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.5.1-0.20250113155806-c6542cc4eb2b h1:h849Pq6sXVXzki/5PIvbTjLH/bVzfqoK7bJhgftbjYU= -github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.5.1-0.20250113155806-c6542cc4eb2b/go.mod h1:MdZhEe4ciAXJwWygYBMJCIVONZWv+MqBIp/0+LxFcS0= -github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250113155806-c6542cc4eb2b h1:laxu7pBlpo+lHdRn/XPqxfLGfSW77nnzdOwIBrO4BkI= -github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250113155806-c6542cc4eb2b/go.mod h1:YpNTuJhDWhbXM50O3qBkhO7M+OOyRmWkNVmJ4y3cyFs= -github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250113155806-c6542cc4eb2b h1:aXvtaY1BwguTGMiAhP83Oz8URz+Iv5I6x0AA0Em15rM= -github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250113155806-c6542cc4eb2b/go.mod h1:IASoGvp5QM/tBJUd/8i8uIjj4DBnI+64Ydh4r7pmnvA= -github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250113155806-c6542cc4eb2b h1:N5c+8ljYZo4uP2FvGqTvCDXqOwMJO9ZilZNf66mNcMM= -github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250113155806-c6542cc4eb2b/go.mod h1:tfgBeLRqmlH/NQkLPe7396rj+t0whv2wPuMb8Ttvh8w= -github.com/openstack-k8s-operators/lib-common/modules/test v0.5.1-0.20250113155806-c6542cc4eb2b h1:IepUD/49sEdCQTMMljOp/s2rAk1Xmg4xllz5T8WIDSg= -github.com/openstack-k8s-operators/lib-common/modules/test v0.5.1-0.20250113155806-c6542cc4eb2b/go.mod h1:LV0jo5etIsGyINpmB37i4oWR8zU6ApIuh7fsqGGA41o= -github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250112074607-12e4c8fce4e1 h1:5PMOxjSlnXjA17nqxW+jrj0aJYtGx1d0D7qULb7OAOo= -github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250112074607-12e4c8fce4e1/go.mod h1:YGPcbKCW8QS5GZ5meuoaGMFrQNVkDT9ymNQUjzJ3TE8= -github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250114123606-99679fd7aabe h1:TKqRKrDTaU8kN14SCczs8K8++pnXARMFBGJEd8E+8pE= -github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250114123606-99679fd7aabe/go.mod h1:wyvGgWBf18AhYLXN7apmlZxpho8N9HCEWmihO/+Albc= -github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250113174834-092188dbb0ca h1:nHJUpDNQAADRjd5FXtrGTCPOdjwbWW6piticvbohj1E= -github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250113174834-092188dbb0ca/go.mod h1:3hQU5jwHizOTQi30dPAXuPbUzVOo59OgK3jRWKqAPQ0= -github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250113105937-70784bbb8ddd h1:nOZJtSrgW99tQYV7tYT6yzdIc8tG1Sy2+uz4f7+rzmU= -github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250113105937-70784bbb8ddd/go.mod h1:ouAtrBGah0l8hhuJanSqVtRUXH2SUMzsr0x9SGDh9ek= -github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250114104851-575fc03d6b94 h1:HSrtOGkOoqHplH1deuD7VOmNHQowlJsWG8MUxn5xK0Y= -github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250114104851-575fc03d6b94/go.mod h1:5togdZ035sh93/9DcEnGuJfyIvzvY2LMGnPVaWoU3H0= -github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250114121407-07c61df54c33 h1:TRaxJF0CBHUGQ7OeQ6etVDO4eFNQv5eNoBPnU5zPHVg= -github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250114121407-07c61df54c33/go.mod h1:5+Kpdmh8Uo2D0Cnt+35pnBJias0dv/9gfXEY6f+hIEk= -github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250107161655-560140ff3cb0 h1:CFPeM6KsV9LD3U4zwmoWYshg1JEI4PTxQb/yoJPlO8s= -github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250107161655-560140ff3cb0/go.mod h1:CCwhhamz5YOMerxbKWNmeuLyogiAx6wUDaNu12HUBG8= +github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.5.1-0.20250205143454-43504d7ad19a h1:K1OBKySsGqjnBsWXWxsvU8XiGJCd2iaQLan06RDNe6I= +github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.5.1-0.20250205143454-43504d7ad19a/go.mod h1:6RRLdhuYC4hAQF5PYn4e54MPyE9OJu/45lyFSbMK+dg= +github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250205143454-43504d7ad19a h1:3LuUgB85VxGD6lmVOeZelYEASmytkrzaudU014PN7xw= +github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250205143454-43504d7ad19a/go.mod h1:KxnNSUk15llkKTSq/bQEE7pnc0IMk44fxhoBRpimMa8= +github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250205143454-43504d7ad19a h1:5pgwFtRHPmcnSjkD0ZtlfoWjGCTAlPgPMUgmY5vyyvE= +github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250205143454-43504d7ad19a/go.mod h1:bDDzp+cA12PJQ+igpxBpCOApLt98TVFn2MX44xJUE8s= +github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250205143454-43504d7ad19a h1:qvu7bKIxlToTbHAqCpYXu+d3UwcADYDk2zk75d8lDiQ= +github.com/openstack-k8s-operators/lib-common/modules/storage v0.5.1-0.20250205143454-43504d7ad19a/go.mod h1:0py9Ny2FcW5RpUY99xxFrt3g+CiEpDRjjIQoDpO+C3s= +github.com/openstack-k8s-operators/lib-common/modules/test v0.5.1-0.20250205143454-43504d7ad19a h1:/oKqIXkBZwV2dwPJchrloROn7KrbDqdbD+JaghGacus= +github.com/openstack-k8s-operators/lib-common/modules/test v0.5.1-0.20250205143454-43504d7ad19a/go.mod h1:oKvVb28i6wwBR5uQO2B2KMzZnCFTPCUCj31c5Zvz2lo= +github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250126093016-ccebb1946294 h1:vrMWMFuZbBAVVyosLJi8VnI7SYUb6UMQeK+aCxBMUks= +github.com/openstack-k8s-operators/manila-operator/api v0.5.1-0.20250126093016-ccebb1946294/go.mod h1:0hw1vZqstYLSeQqKcgZnmXZXTqhINuVU6ceQoCglzck= +github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250130183307-cd27e92d7620 h1:pJ46w/bxdMfbsjf80b8PsJgmQjenCxkeFaEHbbgZjoM= +github.com/openstack-k8s-operators/mariadb-operator/api v0.5.1-0.20250130183307-cd27e92d7620/go.mod h1:wyvGgWBf18AhYLXN7apmlZxpho8N9HCEWmihO/+Albc= +github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250123151805-ee0b6cafae52 h1:d4q+TK2DmM4WfUdPF2EKzbUYavLr4GYkmNNXg1uTb2Q= +github.com/openstack-k8s-operators/neutron-operator/api v0.5.1-0.20250123151805-ee0b6cafae52/go.mod h1:3hQU5jwHizOTQi30dPAXuPbUzVOo59OgK3jRWKqAPQ0= +github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250129114118-0933c978bad4 h1:ittly0v77lDUVSzRy5QEFcR4z6U1/KG+uyOKegiAJ2Y= +github.com/openstack-k8s-operators/nova-operator/api v0.5.1-0.20250129114118-0933c978bad4/go.mod h1:ouAtrBGah0l8hhuJanSqVtRUXH2SUMzsr0x9SGDh9ek= +github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250204150806-a8e38cac8de0 h1:P/XqJMRzDTJIiFBH4vwzHFEeh2enBHrD1z5aONcm4/8= +github.com/openstack-k8s-operators/octavia-operator/api v0.5.1-0.20250204150806-a8e38cac8de0/go.mod h1:e7QBNVbrgbdStxOgYZdHRnNeKWlcU37++fgTbvP1NRk= +github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250204103128-f4aca08eca76 h1:el3VJszXHXx046vxj0WdQtRrJHo0JFlxToCiC6X2ZN0= +github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.5.1-0.20250204103128-f4aca08eca76/go.mod h1:VEpapGJ9mG31mgdPD0/NC7zevaanpqfOSou0s9fj3H4= +github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250204081936-e9c027e0a2b8 h1:sM5CyDqJroPlNOmdeJJQ53t/EOZdk6PZ3swTcvy+lBU= +github.com/openstack-k8s-operators/ovn-operator/api v0.5.1-0.20250204081936-e9c027e0a2b8/go.mod h1:64lBQA4jlmslE+Ps244FSmySB0Mtxg2wQXmygFW70R8= github.com/openstack-k8s-operators/placement-operator/api v0.5.1-0.20241223152937-5c39b092c37f h1:FGHU3D2gOjf3M+k2afohsdCvlDJtuPImQoCsEHCYvZE= github.com/openstack-k8s-operators/placement-operator/api v0.5.1-0.20241223152937-5c39b092c37f/go.mod h1:gIJz1uKqp0MsMJkF3tzizzcy1hOVpmZwdx6gBA11IRQ= github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20241017142550-a3524acedd49 h1:/7SnnHfGCH/dwuZFNUx54zw4cnwv2w6hjONq16aoowM= github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20241017142550-a3524acedd49/go.mod h1:6Mq2N/KtNFW20L+PQC5qkeK8R8UGadmGBXL8HDY6lcg= -github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250107153542-fb9c65d9aa6f h1:r2uhK9P3sD7FQYFsABDskQA/ZnjPZ+qNHmMTyMPWheA= -github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250107153542-fb9c65d9aa6f/go.mod h1:BsHuIfDAQUgjq/QZNrrVDfJzcbIL4rKV6UjlnZqR1u0= -github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250113133356-286a91287f17 h1:ULvJe4a5J2DxJMrS38edqG6ylXtm4WQFh4fNHtVaRYk= -github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250113133356-286a91287f17/go.mod h1:zba6vtrFWehPMhoEo8RRWiVSdAr0o/DgSCXF1zPXxpM= +github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250127070538-5d5c2809b81a h1:XCmJc0x5yw6HGGDk+ryIcsI4EQFz3YX2Uh4yCxiBYSI= +github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20250127070538-5d5c2809b81a/go.mod h1:3uQyxQELIu1MTjf5jlrVm5UFpSVJziknBzmkxURWv1I= +github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250205132728-e1506f7561a1 h1:M4NIm3eFQkza5r2T5mNasWce+H22uYLmiSTiFErO+ao= +github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20250205132728-e1506f7561a1/go.mod h1:XEUoJwU3ULkrn0bXm0G8MTExASful33xyCDH+z+Zat0= github.com/openstack-k8s-operators/test-operator/api v0.5.1-0.20250113125805-be35b077304c h1:eKvsKFG76oMrYqaoWhX4TJzzDcAa4ZKaSmidzCwY5Vs= github.com/openstack-k8s-operators/test-operator/api v0.5.1-0.20250113125805-be35b077304c/go.mod h1:E6vgQ4wounIBpoNY+hJK7OVcTXo+/oMdKa7Disr1/h0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -225,19 +225,19 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -269,16 +269,16 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.12 h1:SsEEMtFupOAt3pAAtAz0PDu+54g3L5rwbSCi0xQzAJM= -k8s.io/api v0.29.12/go.mod h1:QFwqOP+7LNoAG1RI3vKAFxjKSLQTCamcPzAQ0Z/Yhuk= -k8s.io/apiextensions-apiserver v0.29.12 h1:xoQfYPwAzfcoH/MVuQiSPTWmFrmblvYbUMODpfYyyw8= -k8s.io/apiextensions-apiserver v0.29.12/go.mod h1:L1GHiWK2bkYrZOkFtChfkVpPUh9Ogr6gmShM28Yhqk0= -k8s.io/apimachinery v0.29.12 h1:k6OdfK9xaNANQvWkl1pSICJGLjB4jSuJ3gGP9hBKOhE= -k8s.io/apimachinery v0.29.12/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= -k8s.io/client-go v0.29.12 h1:PjwJXavmpAqOWBRy4U5V/g3JQBpclIHEn5dvfTfsY+w= -k8s.io/client-go v0.29.12/go.mod h1:hRHG6tAKxaLVKF5SlMqgXrbqPEoUcUpJGFFrC3jU69A= -k8s.io/component-base v0.29.12 h1:NuFNzBSF3Iopih6VpvYmtjpdN1MLc9PcByl60fcJ0tQ= -k8s.io/component-base v0.29.12/go.mod h1:YHua3E5Lvnva6dXqGqiuRj8CxhBw7g6KgYV/dcS7LBU= +k8s.io/api v0.29.13 h1:VkMIbjJw1t2VgTatg8ggzI93LOfFa8z8SzAYzXtWuEg= +k8s.io/api v0.29.13/go.mod h1:fBWhXqqE25b46PZEVA2DXN2EuhNg1ZT3VRyb5JitLG8= +k8s.io/apiextensions-apiserver v0.29.13 h1:3xsTohNwndx4NJjgqoi5VuBPWeG4yY4VXOF62ugXvhU= +k8s.io/apiextensions-apiserver v0.29.13/go.mod h1:plxNh3qMNsiMo4svQtkVp47n+2/rwm/c8FTJYR6rikQ= +k8s.io/apimachinery v0.29.13 h1:a7I4uQtlfaL+UTRGFhl8lLd2nHBR7qt+axhQLtpLYMg= +k8s.io/apimachinery v0.29.13/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= +k8s.io/client-go v0.29.13 h1:M2scR9NWGlzI2YoIxTgwx2N3OA+dXqN87zsM4tvewmA= +k8s.io/client-go v0.29.13/go.mod h1:BBzF0Pr78Y8DM20j22E6tOMwTBpFaKnSnn6N0pNe4VE= +k8s.io/component-base v0.29.13 h1:RbksXVzXYYYvmOCArMKIkxna5eTt6DjI4Zy/4H3JFLo= +k8s.io/component-base v0.29.13/go.mod h1:pjMLwLNxDg0JvXRc69GIFUEawiZEtDzm0yAJ5+Naj9s= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 h1:qVoMaQV5t62UUvHe16Q3eb2c5HPzLHYzsi0Tu/xLndo=