diff --git a/features.md b/features.md
index f5231897023..00e08e288f1 100644
--- a/features.md
+++ b/features.md
@@ -24,6 +24,7 @@
| AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | | | Enabled | Enabled |
+| AdditionalStorageConfig| | | Enabled | Enabled | | | Enabled | Enabled |
| AutomatedEtcdBackup| | | Enabled | Enabled | | | Enabled | Enabled |
| AzureClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled |
| AzureDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled |
diff --git a/features/features.go b/features/features.go
index 711f0e3eae8..45b2a47129e 100644
--- a/features/features.go
+++ b/features/features.go
@@ -361,6 +361,14 @@ var (
enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
mustRegister()
+ FeatureGateAdditionalStorageConfig = newFeatureGate("AdditionalStorageConfig").
+ reportProblemsToJiraComponent("MachineConfigOperator").
+ contactPerson("saschagrunert").
+ productScope(ocpSpecific).
+ enhancementPR("https://github.com/openshift/enhancements/pull/1934").
+ enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
+ mustRegister()
+
FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus").
reportProblemsToJiraComponent("Cluster Version Operator").
contactPerson("pmuller").
diff --git a/machineconfiguration/v1/tests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml b/machineconfiguration/v1/tests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml
new file mode 100644
index 00000000000..eb9007176ca
--- /dev/null
+++ b/machineconfiguration/v1/tests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml
@@ -0,0 +1,248 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "ContainerRuntimeConfig"
+crdName: containerruntimeconfigs.machineconfiguration.openshift.io
+featureGates:
+- AdditionalStorageConfig
+tests:
+ onCreate:
+ # AdditionalLayerStores - comprehensive validation tests
+ - name: Should be able to create ContainerRuntimeConfig with multiple additionalLayerStores
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - path: /var/lib/stargz-store
+ - path: /mnt/nydus-store
+ - path: /opt/layer_store-v1.0
+ expected: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - path: /var/lib/stargz-store
+ - path: /mnt/nydus-store
+ - path: /opt/layer_store-v1.0
+
+ - name: Should fail if additionalLayerStores path is empty
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - path: ""
+ expectedError: "path in body should be at least 1 chars long"
+
+ - name: Should fail if additionalLayerStores path is not absolute
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - path: var/lib/stargz-store
+ expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+
+ - name: Should fail if additionalLayerStores path contains spaces
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - path: /var/lib/stargz store
+ expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+
+ - name: Should fail if additionalLayerStores path contains invalid characters
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - path: /var/lib/stargz@store
+ expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+
+ - name: Should fail if additionalLayerStores path is too long
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - path: /aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ expectedError: "Too long: may not be more than 256 bytes"
+
+ - name: Should fail if additionalLayerStores exceeds maximum of 5 items
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - path: /var/lib/store1
+ - path: /var/lib/store2
+ - path: /var/lib/store3
+ - path: /var/lib/store4
+ - path: /var/lib/store5
+ - path: /var/lib/store6
+ expectedError: "Too many: 6: must have at most 5 items"
+
+ - name: Should fail if additionalLayerStores item has no path field
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - {}
+ expectedError: "path: Required value"
+
+ - name: Should fail if additionalLayerStores contains duplicate paths
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalLayerStores:
+ - path: /var/lib/stargz-store
+ - path: /var/lib/stargz-store
+ expectedError: "additionalLayerStores must not contain duplicate paths"
+
+ # AdditionalImageStores - test max items validation (different from layer stores)
+ - name: Should fail if additionalImageStores exceeds maximum of 10 items
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalImageStores:
+ - path: /var/lib/store1
+ - path: /var/lib/store2
+ - path: /var/lib/store3
+ - path: /var/lib/store4
+ - path: /var/lib/store5
+ - path: /var/lib/store6
+ - path: /var/lib/store7
+ - path: /var/lib/store8
+ - path: /var/lib/store9
+ - path: /var/lib/store10
+ - path: /var/lib/store11
+ expectedError: "Too many: 11: must have at most 10 items"
+
+ - name: Should fail if additionalImageStores path is not absolute
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalImageStores:
+ - path: var/lib/images
+ expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+
+ - name: Should fail if additionalImageStores item has no path field
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalImageStores:
+ - {}
+ expectedError: "path: Required value"
+
+ - name: Should fail if additionalImageStores contains duplicate paths
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalImageStores:
+ - path: /mnt/nfs-images
+ - path: /mnt/nfs-images
+ expectedError: "additionalImageStores must not contain duplicate paths"
+
+ # AdditionalArtifactStores - test max items validation (different from layer stores)
+ - name: Should fail if additionalArtifactStores exceeds maximum of 10 items
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalArtifactStores:
+ - path: /var/lib/store1
+ - path: /var/lib/store2
+ - path: /var/lib/store3
+ - path: /var/lib/store4
+ - path: /var/lib/store5
+ - path: /var/lib/store6
+ - path: /var/lib/store7
+ - path: /var/lib/store8
+ - path: /var/lib/store9
+ - path: /var/lib/store10
+ - path: /var/lib/store11
+ expectedError: "Too many: 11: must have at most 10 items"
+
+ - name: Should fail if additionalArtifactStores path is not absolute
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalArtifactStores:
+ - path: var/lib/artifacts
+ expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+
+ - name: Should fail if additionalArtifactStores item has no path field
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalArtifactStores:
+ - {}
+ expectedError: "path: Required value"
+
+ - name: Should fail if additionalArtifactStores contains duplicate paths
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ additionalArtifactStores:
+ - path: /mnt/ssd-artifacts
+ - path: /mnt/ssd-artifacts
+ expectedError: "additionalArtifactStores must not contain duplicate paths"
+
+ # Combined test - all storage types together with other fields
+ - name: Should be able to create ContainerRuntimeConfig with all storage types and existing fields
+ initial: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ defaultRuntime: crun
+ logLevel: info
+ additionalLayerStores:
+ - path: /var/lib/stargz-store
+ additionalImageStores:
+ - path: /mnt/nfs-images
+ - path: /mnt/ssd-images
+ additionalArtifactStores:
+ - path: /mnt/ssd-artifacts
+ expected: |
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: ContainerRuntimeConfig
+ spec:
+ containerRuntimeConfig:
+ defaultRuntime: crun
+ logLevel: info
+ additionalLayerStores:
+ - path: /var/lib/stargz-store
+ additionalImageStores:
+ - path: /mnt/nfs-images
+ - path: /mnt/ssd-images
+ additionalArtifactStores:
+ - path: /mnt/ssd-artifacts
diff --git a/machineconfiguration/v1/types.go b/machineconfiguration/v1/types.go
index 6673adeb1b2..0870585e79a 100644
--- a/machineconfiguration/v1/types.go
+++ b/machineconfiguration/v1/types.go
@@ -892,6 +892,60 @@ type ContainerRuntimeConfiguration struct {
// +kubebuilder:validation:Enum=crun;runc
// +optional
DefaultRuntime ContainerRuntimeDefaultRuntime `json:"defaultRuntime,omitempty"`
+
+ // additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images.
+ //
+ // Layers are checked in order: additional stores first, then the default location.
+ // Stores are read-only.
+ // Maximum of 5 stores allowed.
+ // Each path must be unique.
+ //
+ // When omitted, only the default layer location is used.
+ // When specified, at least one store must be provided.
+ //
+ // +openshift:enable:FeatureGate=AdditionalStorageConfig
+ // +optional
+ // +listType=atomic
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=5
+ // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.path == y.path))",message="additionalLayerStores must not contain duplicate paths"
+ AdditionalLayerStores []AdditionalLayerStore `json:"additionalLayerStores,omitempty"`
+
+ // additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images.
+ //
+ // Images are checked in order: additional stores first, then the default location.
+ // Stores are read-only.
+ // Maximum of 10 stores allowed.
+ // Each path must be unique.
+ //
+ // When omitted, only the default image location is used.
+ // When specified, at least one store must be provided.
+ //
+ // +openshift:enable:FeatureGate=AdditionalStorageConfig
+ // +optional
+ // +listType=atomic
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=10
+ // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.path == y.path))",message="additionalImageStores must not contain duplicate paths"
+ AdditionalImageStores []AdditionalImageStore `json:"additionalImageStores,omitempty"`
+
+ // additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.
+ //
+ // Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts).
+ // Stores are read-only.
+ // Maximum of 10 stores allowed.
+ // Each path must be unique.
+ //
+ // When omitted, only the default artifact location is used.
+ // When specified, at least one store must be provided.
+ //
+ // +openshift:enable:FeatureGate=AdditionalStorageConfig
+ // +optional
+ // +listType=atomic
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=10
+ // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.path == y.path))",message="additionalArtifactStores must not contain duplicate paths"
+ AdditionalArtifactStores []AdditionalArtifactStore `json:"additionalArtifactStores,omitempty"`
}
type ContainerRuntimeDefaultRuntime string
@@ -904,6 +958,66 @@ const (
ContainerRuntimeDefaultRuntimeDefault = ContainerRuntimeDefaultRuntimeCrun
)
+// AdditionalLayerStore defines a read-only storage location for Open Container Initiative (OCI) container image layers.
+type AdditionalLayerStore struct {
+ // path specifies the absolute location of the additional layer store.
+ //
+ // The path must exist on the node before configuration is applied.
+ // When a container image is requested, layers found at this location will be used instead of
+ // retrieving from the registry.
+ //
+ // This field is required and must:
+ // - Have length between 1 and 256 characters
+ // - Start with '/' (absolute path)
+ // - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=256
+ // +kubebuilder:validation:XValidation:rule="self.matches('^/[a-zA-Z0-9/._-]+$')",message="path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+ Path string `json:"path,omitempty"`
+}
+
+// AdditionalImageStore defines an additional read-only storage location for Open Container Initiative (OCI) images.
+type AdditionalImageStore struct {
+ // path specifies the absolute location of the additional image store.
+ //
+ // The path must exist on the node before configuration is applied.
+ // When a container image is requested, images found at this location will be used instead of
+ // retrieving from the registry.
+ //
+ // This field is required and must:
+ // - Have length between 1 and 256 characters
+ // - Start with '/' (absolute path)
+ // - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=256
+ // +kubebuilder:validation:XValidation:rule="self.matches('^/[a-zA-Z0-9/._-]+$')",message="path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+ Path string `json:"path,omitempty"`
+}
+
+// AdditionalArtifactStore defines an additional read-only storage location for Open Container Initiative (OCI) artifacts.
+type AdditionalArtifactStore struct {
+ // path specifies the absolute location of the additional artifact store.
+ //
+ // The path must exist on the node before configuration is applied.
+ // When an artifact is requested, artifacts found at this location will be used instead of
+ // retrieving from the registry.
+ //
+ // This field is required and must:
+ // - Have length between 1 and 256 characters
+ // - Start with '/' (absolute path)
+ // - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ //
+ // +required
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=256
+ // +kubebuilder:validation:XValidation:rule="self.matches('^/[a-zA-Z0-9/._-]+$')",message="path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+ Path string `json:"path,omitempty"`
+}
+
// ContainerRuntimeConfigStatus defines the observed state of a ContainerRuntimeConfig
type ContainerRuntimeConfigStatus struct {
// observedGeneration represents the generation observed by the controller.
diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..efd2bd5f59c
--- /dev/null
+++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,331 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ labels:
+ openshift.io/operator-managed: ""
+ name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+ group: machineconfiguration.openshift.io
+ names:
+ kind: ContainerRuntimeConfig
+ listKind: ContainerRuntimeConfigList
+ plural: containerruntimeconfigs
+ shortNames:
+ - ctrcfg
+ singular: containerruntimeconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec contains the desired container runtime configuration.
+ properties:
+ containerRuntimeConfig:
+ description: containerRuntimeConfig defines the tuneables of the container
+ runtime.
+ properties:
+ additionalArtifactStores:
+ description: |-
+ additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.
+
+ Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts).
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default artifact location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalArtifactStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) artifacts.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional artifact store.
+
+ The path must exist on the node before configuration is applied.
+ When an artifact is requested, artifacts found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalArtifactStores must not contain duplicate
+ paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalImageStores:
+ description: |-
+ additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images.
+
+ Images are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default image location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalImageStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) images.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional image store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, images found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalImageStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalLayerStores:
+ description: |-
+ additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images.
+
+ Layers are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 5 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default layer location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalLayerStore defines a read-only storage
+ location for Open Container Initiative (OCI) container image
+ layers.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional layer store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, layers found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 5
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalLayerStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ defaultRuntime:
+ description: |-
+ defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+ Allowed values are `runc` and `crun`.
+ When set to `runc`, OpenShift will use runc to execute the container
+ When set to `crun`, OpenShift will use crun to execute the container
+ When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ which is subject to change over time. Currently, the default is `crun`.
+ enum:
+ - crun
+ - runc
+ type: string
+ logLevel:
+ description: |-
+ logLevel specifies the verbosity of the logs based on the level it is set to.
+ Options are fatal, panic, error, warn, info, and debug.
+ type: string
+ logSizeMax:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ logSizeMax specifies the Maximum size allowed for the container log file.
+ Negative numbers indicate that no size limit is imposed.
+ If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ overlaySize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ overlaySize specifies the maximum size of a container image.
+ This flag can be used to set quota on the size of container images. (default: 10GB)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ pidsLimit:
+ description: pidsLimit specifies the maximum number of processes
+ allowed in a container
+ format: int64
+ type: integer
+ type: object
+ machineConfigPoolSelector:
+ description: |-
+ machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+ A nil selector will result in no pools being selected.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - containerRuntimeConfig
+ type: object
+ status:
+ description: status contains observed information about the container
+ runtime configuration.
+ properties:
+ conditions:
+ description: conditions represents the latest available observations
+ of current state.
+ items:
+ description: ContainerRuntimeConfigCondition defines the state of
+ the ContainerRuntimeConfig
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status object.
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ description: |-
+ message provides additional information about the current condition.
+ This is only to be consumed by humans.
+ type: string
+ reason:
+ description: reason is the reason for the condition's last transition. Reasons
+ are PascalCase
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: type specifies the state of the operator's reconciliation
+ functionality.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedGeneration:
+ description: observedGeneration represents the generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml
new file mode 100644
index 00000000000..a983664180f
--- /dev/null
+++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml
@@ -0,0 +1,197 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: Default
+ labels:
+ openshift.io/operator-managed: ""
+ name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+ group: machineconfiguration.openshift.io
+ names:
+ kind: ContainerRuntimeConfig
+ listKind: ContainerRuntimeConfigList
+ plural: containerruntimeconfigs
+ shortNames:
+ - ctrcfg
+ singular: containerruntimeconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec contains the desired container runtime configuration.
+ properties:
+ containerRuntimeConfig:
+ description: containerRuntimeConfig defines the tuneables of the container
+ runtime.
+ properties:
+ defaultRuntime:
+ description: |-
+ defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+ Allowed values are `runc` and `crun`.
+ When set to `runc`, OpenShift will use runc to execute the container
+ When set to `crun`, OpenShift will use crun to execute the container
+ When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ which is subject to change over time. Currently, the default is `crun`.
+ enum:
+ - crun
+ - runc
+ type: string
+ logLevel:
+ description: |-
+ logLevel specifies the verbosity of the logs based on the level it is set to.
+ Options are fatal, panic, error, warn, info, and debug.
+ type: string
+ logSizeMax:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ logSizeMax specifies the Maximum size allowed for the container log file.
+ Negative numbers indicate that no size limit is imposed.
+ If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ overlaySize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ overlaySize specifies the maximum size of a container image.
+ This flag can be used to set quota on the size of container images. (default: 10GB)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ pidsLimit:
+ description: pidsLimit specifies the maximum number of processes
+ allowed in a container
+ format: int64
+ type: integer
+ type: object
+ machineConfigPoolSelector:
+ description: |-
+ machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+ A nil selector will result in no pools being selected.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - containerRuntimeConfig
+ type: object
+ status:
+ description: status contains observed information about the container
+ runtime configuration.
+ properties:
+ conditions:
+ description: conditions represents the latest available observations
+ of current state.
+ items:
+ description: ContainerRuntimeConfigCondition defines the state of
+ the ContainerRuntimeConfig
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status object.
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ description: |-
+ message provides additional information about the current condition.
+ This is only to be consumed by humans.
+ type: string
+ reason:
+ description: reason is the reason for the condition's last transition. Reasons
+ are PascalCase
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: type specifies the state of the operator's reconciliation
+ functionality.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedGeneration:
+ description: observedGeneration represents the generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..a3e2c828508
--- /dev/null
+++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,331 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ labels:
+ openshift.io/operator-managed: ""
+ name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+ group: machineconfiguration.openshift.io
+ names:
+ kind: ContainerRuntimeConfig
+ listKind: ContainerRuntimeConfigList
+ plural: containerruntimeconfigs
+ shortNames:
+ - ctrcfg
+ singular: containerruntimeconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec contains the desired container runtime configuration.
+ properties:
+ containerRuntimeConfig:
+ description: containerRuntimeConfig defines the tuneables of the container
+ runtime.
+ properties:
+ additionalArtifactStores:
+ description: |-
+ additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.
+
+ Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts).
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default artifact location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalArtifactStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) artifacts.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional artifact store.
+
+ The path must exist on the node before configuration is applied.
+ When an artifact is requested, artifacts found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalArtifactStores must not contain duplicate
+ paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalImageStores:
+ description: |-
+ additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images.
+
+ Images are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default image location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalImageStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) images.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional image store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, images found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalImageStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalLayerStores:
+ description: |-
+ additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images.
+
+ Layers are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 5 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default layer location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalLayerStore defines a read-only storage
+ location for Open Container Initiative (OCI) container image
+ layers.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional layer store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, layers found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 5
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalLayerStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ defaultRuntime:
+ description: |-
+ defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+ Allowed values are `runc` and `crun`.
+ When set to `runc`, OpenShift will use runc to execute the container
+ When set to `crun`, OpenShift will use crun to execute the container
+ When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ which is subject to change over time. Currently, the default is `crun`.
+ enum:
+ - crun
+ - runc
+ type: string
+ logLevel:
+ description: |-
+ logLevel specifies the verbosity of the logs based on the level it is set to.
+ Options are fatal, panic, error, warn, info, and debug.
+ type: string
+ logSizeMax:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ logSizeMax specifies the Maximum size allowed for the container log file.
+ Negative numbers indicate that no size limit is imposed.
+ If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ overlaySize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ overlaySize specifies the maximum size of a container image.
+ This flag can be used to set quota on the size of container images. (default: 10GB)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ pidsLimit:
+ description: pidsLimit specifies the maximum number of processes
+ allowed in a container
+ format: int64
+ type: integer
+ type: object
+ machineConfigPoolSelector:
+ description: |-
+ machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+ A nil selector will result in no pools being selected.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - containerRuntimeConfig
+ type: object
+ status:
+ description: status contains observed information about the container
+ runtime configuration.
+ properties:
+ conditions:
+ description: conditions represents the latest available observations
+ of current state.
+ items:
+ description: ContainerRuntimeConfigCondition defines the state of
+ the ContainerRuntimeConfig
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status object.
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ description: |-
+ message provides additional information about the current condition.
+ This is only to be consumed by humans.
+ type: string
+ reason:
+ description: reason is the reason for the condition's last transition. Reasons
+ are PascalCase
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: type specifies the state of the operator's reconciliation
+ functionality.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedGeneration:
+ description: observedGeneration represents the generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml
similarity index 99%
rename from machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml
rename to machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml
index 0ef5e23370c..db82f1a1418 100644
--- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml
+++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml
@@ -6,6 +6,7 @@ metadata:
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: OKD
labels:
openshift.io/operator-managed: ""
name: containerruntimeconfigs.machineconfiguration.openshift.io
diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..fc4f595dad4
--- /dev/null
+++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,331 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ labels:
+ openshift.io/operator-managed: ""
+ name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+ group: machineconfiguration.openshift.io
+ names:
+ kind: ContainerRuntimeConfig
+ listKind: ContainerRuntimeConfigList
+ plural: containerruntimeconfigs
+ shortNames:
+ - ctrcfg
+ singular: containerruntimeconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec contains the desired container runtime configuration.
+ properties:
+ containerRuntimeConfig:
+ description: containerRuntimeConfig defines the tuneables of the container
+ runtime.
+ properties:
+ additionalArtifactStores:
+ description: |-
+ additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.
+
+ Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts).
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default artifact location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalArtifactStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) artifacts.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional artifact store.
+
+ The path must exist on the node before configuration is applied.
+ When an artifact is requested, artifacts found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalArtifactStores must not contain duplicate
+ paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalImageStores:
+ description: |-
+ additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images.
+
+ Images are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default image location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalImageStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) images.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional image store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, images found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalImageStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalLayerStores:
+ description: |-
+ additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images.
+
+ Layers are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 5 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default layer location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalLayerStore defines a read-only storage
+ location for Open Container Initiative (OCI) container image
+ layers.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional layer store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, layers found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 5
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalLayerStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ defaultRuntime:
+ description: |-
+ defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+ Allowed values are `runc` and `crun`.
+ When set to `runc`, OpenShift will use runc to execute the container
+ When set to `crun`, OpenShift will use crun to execute the container
+ When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ which is subject to change over time. Currently, the default is `crun`.
+ enum:
+ - crun
+ - runc
+ type: string
+ logLevel:
+ description: |-
+ logLevel specifies the verbosity of the logs based on the level it is set to.
+ Options are fatal, panic, error, warn, info, and debug.
+ type: string
+ logSizeMax:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ logSizeMax specifies the Maximum size allowed for the container log file.
+ Negative numbers indicate that no size limit is imposed.
+ If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ overlaySize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ overlaySize specifies the maximum size of a container image.
+ This flag can be used to set quota on the size of container images. (default: 10GB)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ pidsLimit:
+ description: pidsLimit specifies the maximum number of processes
+ allowed in a container
+ format: int64
+ type: integer
+ type: object
+ machineConfigPoolSelector:
+ description: |-
+ machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+ A nil selector will result in no pools being selected.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - containerRuntimeConfig
+ type: object
+ status:
+ description: status contains observed information about the container
+ runtime configuration.
+ properties:
+ conditions:
+ description: conditions represents the latest available observations
+ of current state.
+ items:
+ description: ContainerRuntimeConfigCondition defines the state of
+ the ContainerRuntimeConfig
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status object.
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ description: |-
+ message provides additional information about the current condition.
+ This is only to be consumed by humans.
+ type: string
+ reason:
+ description: reason is the reason for the condition's last transition. Reasons
+ are PascalCase
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: type specifies the state of the operator's reconciliation
+ functionality.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedGeneration:
+ description: observedGeneration represents the generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/machineconfiguration/v1/zz_generated.deepcopy.go b/machineconfiguration/v1/zz_generated.deepcopy.go
index 5061d8b822e..a42a2f36ed0 100644
--- a/machineconfiguration/v1/zz_generated.deepcopy.go
+++ b/machineconfiguration/v1/zz_generated.deepcopy.go
@@ -13,6 +13,54 @@ import (
intstr "k8s.io/apimachinery/pkg/util/intstr"
)
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AdditionalArtifactStore) DeepCopyInto(out *AdditionalArtifactStore) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalArtifactStore.
+func (in *AdditionalArtifactStore) DeepCopy() *AdditionalArtifactStore {
+ if in == nil {
+ return nil
+ }
+ out := new(AdditionalArtifactStore)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AdditionalImageStore) DeepCopyInto(out *AdditionalImageStore) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalImageStore.
+func (in *AdditionalImageStore) DeepCopy() *AdditionalImageStore {
+ if in == nil {
+ return nil
+ }
+ out := new(AdditionalImageStore)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AdditionalLayerStore) DeepCopyInto(out *AdditionalLayerStore) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalLayerStore.
+func (in *AdditionalLayerStore) DeepCopy() *AdditionalLayerStore {
+ if in == nil {
+ return nil
+ }
+ out := new(AdditionalLayerStore)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertExpiry) DeepCopyInto(out *CertExpiry) {
*out = *in
@@ -178,6 +226,21 @@ func (in *ContainerRuntimeConfiguration) DeepCopyInto(out *ContainerRuntimeConfi
x := (*in).DeepCopy()
*out = &x
}
+ if in.AdditionalLayerStores != nil {
+ in, out := &in.AdditionalLayerStores, &out.AdditionalLayerStores
+ *out = make([]AdditionalLayerStore, len(*in))
+ copy(*out, *in)
+ }
+ if in.AdditionalImageStores != nil {
+ in, out := &in.AdditionalImageStores, &out.AdditionalImageStores
+ *out = make([]AdditionalImageStore, len(*in))
+ copy(*out, *in)
+ }
+ if in.AdditionalArtifactStores != nil {
+ in, out := &in.AdditionalArtifactStores, &out.AdditionalArtifactStores
+ *out = make([]AdditionalArtifactStore, len(*in))
+ copy(*out, *in)
+ }
return
}
diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml
index 1d96519e7e5..f82db003fc7 100644
--- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml
+++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml
@@ -4,7 +4,8 @@ containerruntimeconfigs.machineconfiguration.openshift.io:
CRDName: containerruntimeconfigs.machineconfiguration.openshift.io
Capability: ""
Category: ""
- FeatureGates: []
+ FeatureGates:
+ - AdditionalStorageConfig
FilenameOperatorName: machine-config
FilenameOperatorOrdering: "01"
FilenameRunLevel: "0000_80"
diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml
new file mode 100644
index 00000000000..7f1789be033
--- /dev/null
+++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml
@@ -0,0 +1,331 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+ api.openshift.io/filename-cvo-runlevel: "0000_80"
+ api.openshift.io/filename-operator: machine-config
+ api.openshift.io/filename-ordering: "01"
+ feature-gate.release.openshift.io/AdditionalStorageConfig: "true"
+ labels:
+ openshift.io/operator-managed: ""
+ name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+ group: machineconfiguration.openshift.io
+ names:
+ kind: ContainerRuntimeConfig
+ listKind: ContainerRuntimeConfigList
+ plural: containerruntimeconfigs
+ shortNames:
+ - ctrcfg
+ singular: containerruntimeconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec contains the desired container runtime configuration.
+ properties:
+ containerRuntimeConfig:
+ description: containerRuntimeConfig defines the tuneables of the container
+ runtime.
+ properties:
+ additionalArtifactStores:
+ description: |-
+ additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.
+
+ Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts).
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default artifact location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalArtifactStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) artifacts.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional artifact store.
+
+ The path must exist on the node before configuration is applied.
+ When an artifact is requested, artifacts found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalArtifactStores must not contain duplicate
+ paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalImageStores:
+ description: |-
+ additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images.
+
+ Images are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default image location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalImageStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) images.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional image store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, images found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalImageStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalLayerStores:
+ description: |-
+ additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images.
+
+ Layers are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 5 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default layer location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalLayerStore defines a read-only storage
+ location for Open Container Initiative (OCI) container image
+ layers.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional layer store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, layers found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 5
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalLayerStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ defaultRuntime:
+ description: |-
+ defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+ Allowed values are `runc` and `crun`.
+ When set to `runc`, OpenShift will use runc to execute the container
+ When set to `crun`, OpenShift will use crun to execute the container
+ When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ which is subject to change over time. Currently, the default is `crun`.
+ enum:
+ - crun
+ - runc
+ type: string
+ logLevel:
+ description: |-
+ logLevel specifies the verbosity of the logs based on the level it is set to.
+ Options are fatal, panic, error, warn, info, and debug.
+ type: string
+ logSizeMax:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ logSizeMax specifies the Maximum size allowed for the container log file.
+ Negative numbers indicate that no size limit is imposed.
+ If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ overlaySize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ overlaySize specifies the maximum size of a container image.
+ This flag can be used to set quota on the size of container images. (default: 10GB)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ pidsLimit:
+ description: pidsLimit specifies the maximum number of processes
+ allowed in a container
+ format: int64
+ type: integer
+ type: object
+ machineConfigPoolSelector:
+ description: |-
+ machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+ A nil selector will result in no pools being selected.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - containerRuntimeConfig
+ type: object
+ status:
+ description: status contains observed information about the container
+ runtime configuration.
+ properties:
+ conditions:
+ description: conditions represents the latest available observations
+ of current state.
+ items:
+ description: ContainerRuntimeConfigCondition defines the state of
+ the ContainerRuntimeConfig
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status object.
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ description: |-
+ message provides additional information about the current condition.
+ This is only to be consumed by humans.
+ type: string
+ reason:
+ description: reason is the reason for the condition's last transition. Reasons
+ are PascalCase
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: type specifies the state of the operator's reconciliation
+ functionality.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedGeneration:
+ description: observedGeneration represents the generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go
index 650fc1709da..dcf89979920 100644
--- a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go
+++ b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go
@@ -11,6 +11,33 @@ package v1
// Those methods can be generated by using hack/update-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
+var map_AdditionalArtifactStore = map[string]string{
+ "": "AdditionalArtifactStore defines an additional read-only storage location for Open Container Initiative (OCI) artifacts.",
+ "path": "path specifies the absolute location of the additional artifact store.\n\nThe path must exist on the node before configuration is applied. When an artifact is requested, artifacts found at this location will be used instead of retrieving from the registry.\n\nThis field is required and must:\n - Have length between 1 and 256 characters\n - Start with '/' (absolute path)\n - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)",
+}
+
+func (AdditionalArtifactStore) SwaggerDoc() map[string]string {
+ return map_AdditionalArtifactStore
+}
+
+var map_AdditionalImageStore = map[string]string{
+ "": "AdditionalImageStore defines an additional read-only storage location for Open Container Initiative (OCI) images.",
+ "path": "path specifies the absolute location of the additional image store.\n\nThe path must exist on the node before configuration is applied. When a container image is requested, images found at this location will be used instead of retrieving from the registry.\n\nThis field is required and must:\n - Have length between 1 and 256 characters\n - Start with '/' (absolute path)\n - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)",
+}
+
+func (AdditionalImageStore) SwaggerDoc() map[string]string {
+ return map_AdditionalImageStore
+}
+
+var map_AdditionalLayerStore = map[string]string{
+ "": "AdditionalLayerStore defines a read-only storage location for Open Container Initiative (OCI) container image layers.",
+ "path": "path specifies the absolute location of the additional layer store.\n\nThe path must exist on the node before configuration is applied. When a container image is requested, layers found at this location will be used instead of retrieving from the registry.\n\nThis field is required and must:\n - Have length between 1 and 256 characters\n - Start with '/' (absolute path)\n - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)",
+}
+
+func (AdditionalLayerStore) SwaggerDoc() map[string]string {
+ return map_AdditionalLayerStore
+}
+
var map_CertExpiry = map[string]string{
"": "ceryExpiry contains the bundle name and the expiry date",
"bundle": "bundle is the name of the bundle in which the subject certificate resides",
@@ -74,12 +101,15 @@ func (ContainerRuntimeConfigStatus) SwaggerDoc() map[string]string {
}
var map_ContainerRuntimeConfiguration = map[string]string{
- "": "ContainerRuntimeConfiguration defines the tuneables of the container runtime",
- "pidsLimit": "pidsLimit specifies the maximum number of processes allowed in a container",
- "logLevel": "logLevel specifies the verbosity of the logs based on the level it is set to. Options are fatal, panic, error, warn, info, and debug.",
- "logSizeMax": "logSizeMax specifies the Maximum size allowed for the container log file. Negative numbers indicate that no size limit is imposed. If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.",
- "overlaySize": "overlaySize specifies the maximum size of a container image. This flag can be used to set quota on the size of container images. (default: 10GB)",
- "defaultRuntime": "defaultRuntime is the name of the OCI runtime to be used as the default for containers. Allowed values are `runc` and `crun`. When set to `runc`, OpenShift will use runc to execute the container When set to `crun`, OpenShift will use crun to execute the container When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently, the default is `crun`.",
+ "": "ContainerRuntimeConfiguration defines the tuneables of the container runtime",
+ "pidsLimit": "pidsLimit specifies the maximum number of processes allowed in a container",
+ "logLevel": "logLevel specifies the verbosity of the logs based on the level it is set to. Options are fatal, panic, error, warn, info, and debug.",
+ "logSizeMax": "logSizeMax specifies the Maximum size allowed for the container log file. Negative numbers indicate that no size limit is imposed. If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.",
+ "overlaySize": "overlaySize specifies the maximum size of a container image. This flag can be used to set quota on the size of container images. (default: 10GB)",
+ "defaultRuntime": "defaultRuntime is the name of the OCI runtime to be used as the default for containers. Allowed values are `runc` and `crun`. When set to `runc`, OpenShift will use runc to execute the container When set to `crun`, OpenShift will use crun to execute the container When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently, the default is `crun`.",
+ "additionalLayerStores": "additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images.\n\nLayers are checked in order: additional stores first, then the default location. Stores are read-only. Maximum of 5 stores allowed. Each path must be unique.\n\nWhen omitted, only the default layer location is used. When specified, at least one store must be provided.",
+ "additionalImageStores": "additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images.\n\nImages are checked in order: additional stores first, then the default location. Stores are read-only. Maximum of 10 stores allowed. Each path must be unique.\n\nWhen omitted, only the default image location is used. When specified, at least one store must be provided.",
+ "additionalArtifactStores": "additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.\n\nArtifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts). Stores are read-only. Maximum of 10 stores allowed. Each path must be unique.\n\nWhen omitted, only the default artifact location is used. When specified, at least one store must be provided.",
}
func (ContainerRuntimeConfiguration) SwaggerDoc() map[string]string {
diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..efd2bd5f59c
--- /dev/null
+++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,331 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ labels:
+ openshift.io/operator-managed: ""
+ name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+ group: machineconfiguration.openshift.io
+ names:
+ kind: ContainerRuntimeConfig
+ listKind: ContainerRuntimeConfigList
+ plural: containerruntimeconfigs
+ shortNames:
+ - ctrcfg
+ singular: containerruntimeconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec contains the desired container runtime configuration.
+ properties:
+ containerRuntimeConfig:
+ description: containerRuntimeConfig defines the tuneables of the container
+ runtime.
+ properties:
+ additionalArtifactStores:
+ description: |-
+ additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.
+
+ Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts).
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default artifact location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalArtifactStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) artifacts.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional artifact store.
+
+ The path must exist on the node before configuration is applied.
+ When an artifact is requested, artifacts found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalArtifactStores must not contain duplicate
+ paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalImageStores:
+ description: |-
+ additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images.
+
+ Images are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default image location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalImageStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) images.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional image store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, images found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalImageStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalLayerStores:
+ description: |-
+ additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images.
+
+ Layers are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 5 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default layer location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalLayerStore defines a read-only storage
+ location for Open Container Initiative (OCI) container image
+ layers.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional layer store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, layers found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 5
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalLayerStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ defaultRuntime:
+ description: |-
+ defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+ Allowed values are `runc` and `crun`.
+ When set to `runc`, OpenShift will use runc to execute the container
+ When set to `crun`, OpenShift will use crun to execute the container
+ When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ which is subject to change over time. Currently, the default is `crun`.
+ enum:
+ - crun
+ - runc
+ type: string
+ logLevel:
+ description: |-
+ logLevel specifies the verbosity of the logs based on the level it is set to.
+ Options are fatal, panic, error, warn, info, and debug.
+ type: string
+ logSizeMax:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ logSizeMax specifies the Maximum size allowed for the container log file.
+ Negative numbers indicate that no size limit is imposed.
+ If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ overlaySize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ overlaySize specifies the maximum size of a container image.
+ This flag can be used to set quota on the size of container images. (default: 10GB)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ pidsLimit:
+ description: pidsLimit specifies the maximum number of processes
+ allowed in a container
+ format: int64
+ type: integer
+ type: object
+ machineConfigPoolSelector:
+ description: |-
+ machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+ A nil selector will result in no pools being selected.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - containerRuntimeConfig
+ type: object
+ status:
+ description: status contains observed information about the container
+ runtime configuration.
+ properties:
+ conditions:
+ description: conditions represents the latest available observations
+ of current state.
+ items:
+ description: ContainerRuntimeConfigCondition defines the state of
+ the ContainerRuntimeConfig
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status object.
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ description: |-
+ message provides additional information about the current condition.
+ This is only to be consumed by humans.
+ type: string
+ reason:
+ description: reason is the reason for the condition's last transition. Reasons
+ are PascalCase
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: type specifies the state of the operator's reconciliation
+ functionality.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedGeneration:
+ description: observedGeneration represents the generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml
new file mode 100644
index 00000000000..a983664180f
--- /dev/null
+++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml
@@ -0,0 +1,197 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: Default
+ labels:
+ openshift.io/operator-managed: ""
+ name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+ group: machineconfiguration.openshift.io
+ names:
+ kind: ContainerRuntimeConfig
+ listKind: ContainerRuntimeConfigList
+ plural: containerruntimeconfigs
+ shortNames:
+ - ctrcfg
+ singular: containerruntimeconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec contains the desired container runtime configuration.
+ properties:
+ containerRuntimeConfig:
+ description: containerRuntimeConfig defines the tuneables of the container
+ runtime.
+ properties:
+ defaultRuntime:
+ description: |-
+ defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+ Allowed values are `runc` and `crun`.
+ When set to `runc`, OpenShift will use runc to execute the container
+ When set to `crun`, OpenShift will use crun to execute the container
+ When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ which is subject to change over time. Currently, the default is `crun`.
+ enum:
+ - crun
+ - runc
+ type: string
+ logLevel:
+ description: |-
+ logLevel specifies the verbosity of the logs based on the level it is set to.
+ Options are fatal, panic, error, warn, info, and debug.
+ type: string
+ logSizeMax:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ logSizeMax specifies the Maximum size allowed for the container log file.
+ Negative numbers indicate that no size limit is imposed.
+ If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ overlaySize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ overlaySize specifies the maximum size of a container image.
+ This flag can be used to set quota on the size of container images. (default: 10GB)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ pidsLimit:
+ description: pidsLimit specifies the maximum number of processes
+ allowed in a container
+ format: int64
+ type: integer
+ type: object
+ machineConfigPoolSelector:
+ description: |-
+ machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+ A nil selector will result in no pools being selected.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - containerRuntimeConfig
+ type: object
+ status:
+ description: status contains observed information about the container
+ runtime configuration.
+ properties:
+ conditions:
+ description: conditions represents the latest available observations
+ of current state.
+ items:
+ description: ContainerRuntimeConfigCondition defines the state of
+ the ContainerRuntimeConfig
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status object.
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ description: |-
+ message provides additional information about the current condition.
+ This is only to be consumed by humans.
+ type: string
+ reason:
+ description: reason is the reason for the condition's last transition. Reasons
+ are PascalCase
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: type specifies the state of the operator's reconciliation
+ functionality.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedGeneration:
+ description: observedGeneration represents the generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..a3e2c828508
--- /dev/null
+++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,331 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ labels:
+ openshift.io/operator-managed: ""
+ name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+ group: machineconfiguration.openshift.io
+ names:
+ kind: ContainerRuntimeConfig
+ listKind: ContainerRuntimeConfigList
+ plural: containerruntimeconfigs
+ shortNames:
+ - ctrcfg
+ singular: containerruntimeconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec contains the desired container runtime configuration.
+ properties:
+ containerRuntimeConfig:
+ description: containerRuntimeConfig defines the tuneables of the container
+ runtime.
+ properties:
+ additionalArtifactStores:
+ description: |-
+ additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.
+
+ Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts).
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default artifact location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalArtifactStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) artifacts.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional artifact store.
+
+ The path must exist on the node before configuration is applied.
+ When an artifact is requested, artifacts found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalArtifactStores must not contain duplicate
+ paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalImageStores:
+ description: |-
+ additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images.
+
+ Images are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default image location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalImageStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) images.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional image store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, images found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalImageStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalLayerStores:
+ description: |-
+ additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images.
+
+ Layers are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 5 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default layer location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalLayerStore defines a read-only storage
+ location for Open Container Initiative (OCI) container image
+ layers.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional layer store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, layers found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 5
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalLayerStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ defaultRuntime:
+ description: |-
+ defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+ Allowed values are `runc` and `crun`.
+ When set to `runc`, OpenShift will use runc to execute the container
+ When set to `crun`, OpenShift will use crun to execute the container
+ When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ which is subject to change over time. Currently, the default is `crun`.
+ enum:
+ - crun
+ - runc
+ type: string
+ logLevel:
+ description: |-
+ logLevel specifies the verbosity of the logs based on the level it is set to.
+ Options are fatal, panic, error, warn, info, and debug.
+ type: string
+ logSizeMax:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ logSizeMax specifies the Maximum size allowed for the container log file.
+ Negative numbers indicate that no size limit is imposed.
+ If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ overlaySize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ overlaySize specifies the maximum size of a container image.
+ This flag can be used to set quota on the size of container images. (default: 10GB)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ pidsLimit:
+ description: pidsLimit specifies the maximum number of processes
+ allowed in a container
+ format: int64
+ type: integer
+ type: object
+ machineConfigPoolSelector:
+ description: |-
+ machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+ A nil selector will result in no pools being selected.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - containerRuntimeConfig
+ type: object
+ status:
+ description: status contains observed information about the container
+ runtime configuration.
+ properties:
+ conditions:
+ description: conditions represents the latest available observations
+ of current state.
+ items:
+ description: ContainerRuntimeConfigCondition defines the state of
+ the ContainerRuntimeConfig
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status object.
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ description: |-
+ message provides additional information about the current condition.
+ This is only to be consumed by humans.
+ type: string
+ reason:
+ description: reason is the reason for the condition's last transition. Reasons
+ are PascalCase
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: type specifies the state of the operator's reconciliation
+ functionality.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedGeneration:
+ description: observedGeneration represents the generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml
similarity index 99%
rename from payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml
rename to payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml
index 0ef5e23370c..db82f1a1418 100644
--- a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml
+++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml
@@ -6,6 +6,7 @@ metadata:
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: OKD
labels:
openshift.io/operator-managed: ""
name: containerruntimeconfigs.machineconfiguration.openshift.io
diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..fc4f595dad4
--- /dev/null
+++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,331 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ labels:
+ openshift.io/operator-managed: ""
+ name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+ group: machineconfiguration.openshift.io
+ names:
+ kind: ContainerRuntimeConfig
+ listKind: ContainerRuntimeConfigList
+ plural: containerruntimeconfigs
+ shortNames:
+ - ctrcfg
+ singular: containerruntimeconfig
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec contains the desired container runtime configuration.
+ properties:
+ containerRuntimeConfig:
+ description: containerRuntimeConfig defines the tuneables of the container
+ runtime.
+ properties:
+ additionalArtifactStores:
+ description: |-
+ additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.
+
+ Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts).
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default artifact location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalArtifactStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) artifacts.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional artifact store.
+
+ The path must exist on the node before configuration is applied.
+ When an artifact is requested, artifacts found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalArtifactStores must not contain duplicate
+ paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalImageStores:
+ description: |-
+ additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images.
+
+ Images are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 10 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default image location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalImageStore defines an additional read-only
+ storage location for Open Container Initiative (OCI) images.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional image store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, images found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalImageStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ additionalLayerStores:
+ description: |-
+ additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images.
+
+ Layers are checked in order: additional stores first, then the default location.
+ Stores are read-only.
+ Maximum of 5 stores allowed.
+ Each path must be unique.
+
+ When omitted, only the default layer location is used.
+ When specified, at least one store must be provided.
+ items:
+ description: AdditionalLayerStore defines a read-only storage
+ location for Open Container Initiative (OCI) container image
+ layers.
+ properties:
+ path:
+ description: |-
+ path specifies the absolute location of the additional layer store.
+
+ The path must exist on the node before configuration is applied.
+ When a container image is requested, layers found at this location will be used instead of
+ retrieving from the registry.
+
+ This field is required and must:
+ - Have length between 1 and 256 characters
+ - Start with '/' (absolute path)
+ - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)
+ maxLength: 256
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: path must be absolute and contain only alphanumeric
+ characters, '/', '.', '_', and '-'
+ rule: self.matches('^/[a-zA-Z0-9/._-]+$')
+ required:
+ - path
+ type: object
+ maxItems: 5
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: additionalLayerStores must not contain duplicate paths
+ rule: self.all(x, self.exists_one(y, x.path == y.path))
+ defaultRuntime:
+ description: |-
+ defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+ Allowed values are `runc` and `crun`.
+ When set to `runc`, OpenShift will use runc to execute the container
+ When set to `crun`, OpenShift will use crun to execute the container
+ When omitted, this means no opinion and the platform is left to choose a reasonable default,
+ which is subject to change over time. Currently, the default is `crun`.
+ enum:
+ - crun
+ - runc
+ type: string
+ logLevel:
+ description: |-
+ logLevel specifies the verbosity of the logs based on the level it is set to.
+ Options are fatal, panic, error, warn, info, and debug.
+ type: string
+ logSizeMax:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ logSizeMax specifies the Maximum size allowed for the container log file.
+ Negative numbers indicate that no size limit is imposed.
+ If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ overlaySize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ overlaySize specifies the maximum size of a container image.
+ This flag can be used to set quota on the size of container images. (default: 10GB)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ pidsLimit:
+ description: pidsLimit specifies the maximum number of processes
+ allowed in a container
+ format: int64
+ type: integer
+ type: object
+ machineConfigPoolSelector:
+ description: |-
+ machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+ A nil selector will result in no pools being selected.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - containerRuntimeConfig
+ type: object
+ status:
+ description: status contains observed information about the container
+ runtime configuration.
+ properties:
+ conditions:
+ description: conditions represents the latest available observations
+ of current state.
+ items:
+ description: ContainerRuntimeConfigCondition defines the state of
+ the ContainerRuntimeConfig
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status object.
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ description: |-
+ message provides additional information about the current condition.
+ This is only to be consumed by humans.
+ type: string
+ reason:
+ description: reason is the reason for the condition's last transition. Reasons
+ are PascalCase
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: type specifies the state of the operator's reconciliation
+ functionality.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedGeneration:
+ description: observedGeneration represents the generation observed
+ by the controller.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
index 6e7f38a3952..c1ebc1a4e9a 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
@@ -27,6 +27,9 @@
{
"name": "AWSServiceLBNetworkSecurityGroup"
},
+ {
+ "name": "AdditionalStorageConfig"
+ },
{
"name": "AutomatedEtcdBackup"
},
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
index f2d42970b3c..5820d46aadd 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
@@ -70,6 +70,9 @@
{
"name": "AWSServiceLBNetworkSecurityGroup"
},
+ {
+ "name": "AdditionalStorageConfig"
+ },
{
"name": "AutomatedEtcdBackup"
},
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml b/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml
index f04e1374f45..b64f8afe5c5 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml
@@ -29,6 +29,9 @@
{
"name": "AWSServiceLBNetworkSecurityGroup"
},
+ {
+ "name": "AdditionalStorageConfig"
+ },
{
"name": "AutomatedEtcdBackup"
},
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
index 80149f830a0..13dc817ec5e 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
@@ -97,6 +97,9 @@
{
"name": "AWSServiceLBNetworkSecurityGroup"
},
+ {
+ "name": "AdditionalStorageConfig"
+ },
{
"name": "AutomatedEtcdBackup"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
index 72ba161bd2d..1c718db3e79 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
@@ -27,6 +27,9 @@
{
"name": "AWSServiceLBNetworkSecurityGroup"
},
+ {
+ "name": "AdditionalStorageConfig"
+ },
{
"name": "AutomatedEtcdBackup"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
index b5713ccc677..c4dec2ab158 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
@@ -52,6 +52,9 @@
{
"name": "AWSServiceLBNetworkSecurityGroup"
},
+ {
+ "name": "AdditionalStorageConfig"
+ },
{
"name": "AutomatedEtcdBackup"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml
index 6b1778c2fe7..92b29522d8c 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml
@@ -29,6 +29,9 @@
{
"name": "AWSServiceLBNetworkSecurityGroup"
},
+ {
+ "name": "AdditionalStorageConfig"
+ },
{
"name": "AutomatedEtcdBackup"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml
index dcf280fee1d..8c4ea62dd49 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml
@@ -79,6 +79,9 @@
{
"name": "AWSServiceLBNetworkSecurityGroup"
},
+ {
+ "name": "AdditionalStorageConfig"
+ },
{
"name": "AutomatedEtcdBackup"
},