diff --git a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/register.go b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/register.go index c72b1ab..e8edf2d 100644 --- a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/register.go +++ b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/register.go @@ -45,6 +45,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ControlPlaneConfig{}, &WorkerConfig{}, &WorkerStatus{}, + &WorkloadIdentityConfig{}, + &BackupBucketConfig{}, ) return nil } diff --git a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_backupbucket.go b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_backupbucket.go new file mode 100644 index 0000000..bfd294c --- /dev/null +++ b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_backupbucket.go @@ -0,0 +1,52 @@ +// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// RetentionType defines the level at which immutability properties are applied on objects. +type RetentionType string + +// ModeType defines the type of object lock mode for immutability settings. +type ModeType string + +const ( + // BucketLevelImmutability sets the immutability feature on the bucket level. + BucketLevelImmutability RetentionType = "bucket" + // ComplianceMode sets the "compliance" mode immutability. + ComplianceMode ModeType = "compliance" + // GovernanceMode sets the "governance" mode immutability. + GovernanceMode ModeType = "governance" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// BackupBucketConfig represents the configuration for a backup bucket. +type BackupBucketConfig struct { + metav1.TypeMeta `json:",inline"` + + // Immutability defines the immutability configuration for the backup bucket. + // +optional + Immutability *ImmutableConfig `json:"immutability,omitempty"` +} + +// ImmutableConfig represents the immutability configuration for a backup bucket. +type ImmutableConfig struct { + // RetentionType specifies the type of retention for the backup bucket. + // Currently allowed value is: + // - "bucket": retention policy applies on the entire bucket. + RetentionType RetentionType `json:"retentionType"` + + // RetentionPeriod specifies the immutability retention period for the backup bucket. + // S3 only supports immutability durations in days or years, therefore this field must be set as multiple of 24h. + RetentionPeriod metav1.Duration `json:"retentionPeriod"` + + // S3 provides two retention modes that apply different levels of protection to objects: + // Allowed values are: "governance" or "compliance" mode. + Mode ModeType `json:"mode"` +} diff --git a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_workloadidentity.go b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_workloadidentity.go new file mode 100644 index 0000000..47f2a74 --- /dev/null +++ b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_workloadidentity.go @@ -0,0 +1,20 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// WorkloadIdentityConfig contains configuration settings for workload identity. +type WorkloadIdentityConfig struct { + metav1.TypeMeta + + // RoleARN is the identifier of the role that the workload identity will assume. + RoleARN string `json:"roleARN,omitempty"` +} diff --git a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go index 39d8cad..cf310b6 100644 --- a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go +++ b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go @@ -14,6 +14,36 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupBucketConfig) DeepCopyInto(out *BackupBucketConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + if in.Immutability != nil { + in, out := &in.Immutability, &out.Immutability + *out = new(ImmutableConfig) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupBucketConfig. +func (in *BackupBucketConfig) DeepCopy() *BackupBucketConfig { + if in == nil { + return nil + } + out := new(BackupBucketConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BackupBucketConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudControllerManagerConfig) DeepCopyInto(out *CloudControllerManagerConfig) { *out = *in @@ -272,6 +302,23 @@ func (in *IgnoreTags) DeepCopy() *IgnoreTags { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImmutableConfig) DeepCopyInto(out *ImmutableConfig) { + *out = *in + out.RetentionPeriod = in.RetentionPeriod + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImmutableConfig. +func (in *ImmutableConfig) DeepCopy() *ImmutableConfig { + if in == nil { + return nil + } + out := new(ImmutableConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InfrastructureConfig) DeepCopyInto(out *InfrastructureConfig) { *out = *in @@ -789,6 +836,31 @@ func (in *WorkerStatus) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WorkloadIdentityConfig) DeepCopyInto(out *WorkloadIdentityConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityConfig. +func (in *WorkloadIdentityConfig) DeepCopy() *WorkloadIdentityConfig { + if in == nil { + return nil + } + out := new(WorkloadIdentityConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WorkloadIdentityConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Zone) DeepCopyInto(out *Zone) { *out = *in diff --git a/api/external/gardener/pkg/apis/authentication/v1alpha1/register.go b/api/external/gardener/pkg/apis/authentication/v1alpha1/register.go index d89ee2b..acaa4a1 100644 --- a/api/external/gardener/pkg/apis/authentication/v1alpha1/register.go +++ b/api/external/gardener/pkg/apis/authentication/v1alpha1/register.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 package v1alpha1 diff --git a/api/external/gardener/pkg/apis/authentication/v1alpha1/types_adminkubeconfigrequest.go b/api/external/gardener/pkg/apis/authentication/v1alpha1/types_adminkubeconfigrequest.go index d6b3ef2..4d11eef 100644 --- a/api/external/gardener/pkg/apis/authentication/v1alpha1/types_adminkubeconfigrequest.go +++ b/api/external/gardener/pkg/apis/authentication/v1alpha1/types_adminkubeconfigrequest.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -16,6 +16,7 @@ type AdminKubeconfigRequest struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Spec is the specification of the AdminKubeconfigRequest. Spec AdminKubeconfigRequestSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` // Status is the status of the AdminKubeconfigRequest. diff --git a/api/external/gardener/pkg/apis/authentication/v1alpha1/types_viewerkubeconfigrequest.go b/api/external/gardener/pkg/apis/authentication/v1alpha1/types_viewerkubeconfigrequest.go index 147997c..b404102 100644 --- a/api/external/gardener/pkg/apis/authentication/v1alpha1/types_viewerkubeconfigrequest.go +++ b/api/external/gardener/pkg/apis/authentication/v1alpha1/types_viewerkubeconfigrequest.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -16,6 +16,7 @@ type ViewerKubeconfigRequest struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Spec is the specification of the ViewerKubeconfigRequest. Spec ViewerKubeconfigRequestSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` // Status is the status of the ViewerKubeconfigRequest. diff --git a/api/external/gardener/pkg/apis/core/types.go b/api/external/gardener/pkg/apis/core/types.go index ec9a7dc..7f2a134 100644 --- a/api/external/gardener/pkg/apis/core/types.go +++ b/api/external/gardener/pkg/apis/core/types.go @@ -1,17 +1,27 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 package core import ( + autoscalingv1 "k8s.io/api/autoscaling/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" ) const ( // GardenerSeedLeaseNamespace is the namespace in which Gardenlet will report Seeds' // status using Lease resources for each Seed GardenerSeedLeaseNamespace = "gardener-system-seed-lease" + // GardenerShootIssuerNamespace is the namespace in which Gardenlet + // will sync service account issuer discovery documents + // of Shoot clusters which require managed issuer + GardenerShootIssuerNamespace = "gardener-system-shoot-issuer" + // GardenerSystemPublicNamespace is the namespace which will contain a resources + // describing gardener installation itself. The resources in this namespace + // may be visible to all authenticated users. + GardenerSystemPublicNamespace = "gardener-system-public" ) // Object is a core object resource. @@ -49,7 +59,26 @@ type AccessRestriction struct { // allows to specify additional options. type AccessRestrictionWithOptions struct { AccessRestriction + // Options is a map of additional options for the access restriction. // +optional Options map[string]string } + +// Extension contains type and provider information for extensions. +type Extension struct { + // Type is the type of the extension resource. + Type string + // ProviderConfig is the configuration passed to extension resource. + ProviderConfig *runtime.RawExtension + // Disabled allows to disable extensions that were marked as 'automatically enabled' by Gardener administrators. + Disabled *bool +} + +// NamedResourceReference is a named reference to a resource. +type NamedResourceReference struct { + // Name of the resource reference. + Name string + // ResourceRef is a reference to a resource. + ResourceRef autoscalingv1.CrossVersionObjectReference +} diff --git a/api/external/gardener/pkg/apis/core/v1beta1/constants/types_constants.go b/api/external/gardener/pkg/apis/core/v1beta1/constants/types_constants.go index 604a5cb..2db55c9 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/constants/types_constants.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/constants/types_constants.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -171,6 +171,10 @@ const ( // the machine-controller-manager pod. DeploymentNameMachineControllerManager = "machine-controller-manager" + // DeploymentNameOpenTelemetryOperator is a constant for the name of a Kubernetes deployment object that contains + // the opentelemetry-operator pod. + DeploymentNameOpenTelemetryOperator = "opentelemetry-operator" + // ConfigMapNameShootInfo is the name of a ConfigMap in the kube-system namespace of shoot clusters which contains // information about the shoot cluster. ConfigMapNameShootInfo = "shoot-info" @@ -208,6 +212,9 @@ const ( // GardenerOperationReconcile is a constant for the value of the operation annotation describing a reconcile // operation. GardenerOperationReconcile = "reconcile" + // OperationForceRedeploy is a constant for the value of the operation annotation describing a forceful redeployment + // of the gardenlet via gardener-operator. + OperationForceRedeploy = "force-redeploy" // GardenerTimestamp is a constant for an annotation on a resource that describes the timestamp when a reconciliation has been requested. // It is only used to guarantee an update event for watching clients in case the operation-annotation is already present. GardenerTimestamp = "gardener.cloud/timestamp" @@ -261,6 +268,8 @@ const ( GardenRoleKubeconfig = "kubeconfig" // GardenRoleCACluster is the value of the GardenRole key indicating type 'ca-cluster'. GardenRoleCACluster = "ca-cluster" + // GardenRoleCAKubelet is the value of the GardenRole key indicating type 'ca-kubelet'. + GardenRoleCAKubelet = "ca-kubelet" // GardenRoleCAClient is the value of the GardenRole key indicating type 'ca-client'. GardenRoleCAClient = "ca-client" // GardenRoleSSHKeyPair is the value of the GardenRole key indicating type 'ssh-keypair'. @@ -285,6 +294,10 @@ const ( GardenRoleExposureClassHandler = "exposureclass-handler" // GardenRoleShootServiceAccountIssuer is the value of the GardenRole key indicating type 'shoot-service-account-issuer'. GardenRoleShootServiceAccountIssuer = "shoot-service-account-issuer" + // GardenRoleHelmPullSecret is the value of the GardenRole key indicating type 'helm-pull-secret'. + GardenRoleHelmPullSecret = "helm-pull-secret" + // GardenRoleObservability is the value of the GardenRole key indicating type 'observability'. + GardenRoleObservability = "observability" // ShootUID is an annotation key for the shoot namespace in the seed cluster, // which value will be the value of `shoot.status.uid` @@ -303,6 +316,9 @@ const ( // ShootNoCleanup is a constant for a label on a resource indicating that the Gardener cleaner should not delete this // resource when cleaning a shoot during the deletion flow. ShootNoCleanup = "shoot.gardener.cloud/no-cleanup" + // ShootDisableIstioTLSTermination is a constant for an annotation on a Shoot stating that the Istio TLS termination + // for its kube-apiserver shall be disabled. + ShootDisableIstioTLSTermination = "shoot.gardener.cloud/disable-istio-tls-termination" // ShootAlphaControlPlaneScaleDownDisabled is a constant for an annotation on the Shoot resource stating that the // automatic scale-down shall be disabled for the etcd, kube-apiserver, kube-controller-manager. @@ -319,10 +335,6 @@ const ( // ShootAlphaControlPlaneVPNVPAUpdateDisabled is a constant for an annotation on the Shoot resource to enforce // disabling the vertical pod autoscaler update resources related to the VPN connection. ShootAlphaControlPlaneVPNVPAUpdateDisabled = "alpha.control-plane.shoot.gardener.cloud/vpn-vpa-update-disabled" - // ShootAlphaControlPlaneDisableNewVPN is a constant for an annotation on the Shoot resource to disabling the - // new Go implementation of VPN. - // TODO(MartinWeindel) Remove after feature gate `NewVPN` gets promoted to GA. - ShootAlphaControlPlaneDisableNewVPN = "alpha.control-plane.shoot.gardener.cloud/disable-new-vpn" // ShootExpirationTimestamp is an annotation on a Shoot resource whose value represents the time when the Shoot lifetime // is expired. The lifetime can be extended, but at most by the minimal value of the 'clusterLifetimeDays' property // of referenced quotas. @@ -359,6 +371,9 @@ const ( // ShootOperationRetry is a constant for an annotation on a Shoot indicating that a failed Shoot reconciliation shall be // retried. ShootOperationRetry = "retry" + // ShootOperationForceInPlaceUpdate is a constant for the value of the operation annotation that must be set + // to forcibly trigger an in-place update when a previous update is still in progress. + ShootOperationForceInPlaceUpdate = "force-in-place-update" // OperationRotateCredentialsStart is a constant for an annotation indicating that the rotation of all credentials // shall be started. This includes CAs, certificates, kubeconfigs, SSH keypairs, observability credentials, and // ServiceAccount signing key. @@ -370,9 +385,6 @@ const ( // OperationRotateCredentialsComplete is a constant for an annotation indicating that the rotation of the // credentials shall be completed. OperationRotateCredentialsComplete = "rotate-credentials-complete" // #nosec G101 -- No credential. - // ShootOperationRotateKubeconfigCredentials is a constant for an annotation on a Shoot indicating that the - // credentialscontained in the kubeconfig that is handed out to the user shall be rotated. - ShootOperationRotateKubeconfigCredentials = "rotate-kubeconfig-credentials" // #nosec G101 -- No credential. // ShootOperationRotateSSHKeypair is a constant for an annotation on a Shoot indicating that the SSH keypair for the // shoot nodes shall be rotated. ShootOperationRotateSSHKeypair = "rotate-ssh-keypair" @@ -447,6 +459,9 @@ const ( // LabelPrefixMonitoringDashboard is the prefix of a label key on ConfigMaps for indicating that the data contains a // dashboard. LabelPrefixMonitoringDashboard = "dashboard.monitoring.gardener.cloud/" + // LabelPrefixMonitoringDataSource is the prefix of a label key on ConfigMaps for indicating that the data contains + // a datasource. + LabelPrefixMonitoringDataSource = "datasource.monitoring.gardener.cloud/" // LabelKeyCustomLoggingResource is the key of the label which is used from the operator to select the CustomResources which will be imported in the FluentBit configuration. // TODO(nickytd): the label key has to be migrated to "fluentbit.gardener.cloud/type". LabelKeyCustomLoggingResource = "fluentbit.gardener/type" @@ -460,13 +475,16 @@ const ( // LabelKeyAggregateToProjectMember is a constant for a label on ClusterRoles that are aggregated to the project // member ClusterRole. LabelKeyAggregateToProjectMember = "rbac.gardener.cloud/aggregate-to-project-member" - + // LabelAutonomousShootCluster is a constant for a label on a Seed indicating that it is an autonomous shoot cluster. + LabelAutonomousShootCluster = "seed.gardener.cloud/autonomous-shoot-cluster" // LabelSecretBindingReference is used to identify secrets which are referred by a SecretBinding (not necessarily in the same namespace). LabelSecretBindingReference = "reference.gardener.cloud/secretbinding" // LabelCredentialsBindingReference is used to identify credentials which are referred by a CredentialsBinding (not necessarily in the same namespace). LabelCredentialsBindingReference = "reference.gardener.cloud/credentialsbinding" - // LabelPrefixSeedName is the prefix for the label key describing the name of a seed, e.g. seed.gardener.cloud/my-seed=true. - LabelPrefixSeedName = "seed.gardener.cloud/" + // LabelPrefixSeedName is the prefix for the label key describing the name of a seed, e.g. name.seed.gardener.cloud/my-seed=true. + LabelPrefixSeedName = "name.seed.gardener.cloud/" + // LabelObservability is a constant for a label for observability stack configurations + LabelObservability = "observability" // LabelExtensionExtensionTypePrefix is used to prefix extension label for extension types. LabelExtensionExtensionTypePrefix = "extensions.extensions.gardener.cloud/" @@ -642,6 +660,8 @@ const ( DefaultSNIIngressServiceName = "istio-ingressgateway" // DefaultIngressGatewayAppLabelValue is the ingress gateway value for the app label. DefaultIngressGatewayAppLabelValue = "istio-ingressgateway" + // InternalSNIIngressServiceName is the internal sni ingress service name. + InternalSNIIngressServiceName = DefaultSNIIngressServiceName + "-internal" // DataTypeSecret is a constant for a value of the 'Type' field in 'GardenerResourceData' structs describing that // the data is a secret. @@ -663,8 +683,6 @@ const ( // AnnotationConfirmationForceDeletion is a constant for an annotation on a Shoot resource whose value must be set to "true" in order to // trigger force-deletion of the cluster. It can only be set if the Shoot has a deletion timestamp and contains an ErrorCode in the Shoot Status. AnnotationConfirmationForceDeletion = "confirmation.gardener.cloud/force-deletion" - // AnnotationManagedSeedAPIServer is a constant for an annotation on a Shoot resource containing the API server settings for a managed seed. - AnnotationManagedSeedAPIServer = "shoot.gardener.cloud/managed-seed-api-server" // AnnotationShootIgnoreAlerts is the key for an annotation of a Shoot cluster whose value indicates // if alerts for this cluster should be ignored AnnotationShootIgnoreAlerts = "shoot.gardener.cloud/ignore-alerts" @@ -736,6 +754,8 @@ const ( // ObservabilityComponentsHealthy is a constant for a condition type indicating the health of observability components. ObservabilityComponentsHealthy = "ObservabilityComponentsHealthy" + // LabelWorkerName is a constant for a label that indicates the name of the Worker resource the MachineDeployment belongs to. + LabelWorkerName = "worker.gardener.cloud/name" // LabelWorkerPool is a constant for a label that indicates the worker pool the node belongs to LabelWorkerPool = "worker.gardener.cloud/pool" // LabelWorkerKubernetesVersion is a constant for a label that indicates the Kubernetes version used for the worker pool nodes. @@ -806,12 +826,24 @@ const ( // or the specified namespace was not present. NamespaceCreatedByProjectController = "namespace.gardener.cloud/created-by-project-controller" - // DefaultVPNRange is the default IPv4 network range for the VPN between seed and shoot cluster. - DefaultVPNRange = "192.168.123.0/24" // DefaultVPNRangeV6 is the default IPv6 network range for the VPN between seed and shoot cluster. DefaultVPNRangeV6 = "fd8f:6d53:b97a:1::/96" // ReservedKubeApiServerMappingRange is the IPv4 network range for the "kubernetes" service used by apiserver-proxy ReservedKubeApiServerMappingRange = "240.0.0.0/8" + // ReservedSeedPodNetworkMappedRange is the IPv4 network range for the seed pod network used in the VPN between seed and shoot cluster. + ReservedSeedPodNetworkMappedRange = "241.0.0.0/8" + // ReservedShootNodeNetworkMappedRange is the IPv4 network range for the shoot node network used in the VPN between seed and shoot cluster. + ReservedShootNodeNetworkMappedRange = "242.0.0.0/8" + // ReservedShootServiceNetworkMappedRange is the IPv4 network range for the shoot service network used in the VPN between seed and shoot cluster. + ReservedShootServiceNetworkMappedRange = "243.0.0.0/8" + // ReservedShootPodNetworkMappedRange is the IPv4 network range for the shoot pod network used in the VPN between seed and shoot cluster. + ReservedShootPodNetworkMappedRange = "244.0.0.0/8" + // EnvoyNonRootUserId is the user ID for the non-root user in the envoy container. + EnvoyNonRootUserId = 65532 + // DistrolessNonRootUserId is the user ID for the 'nonroot' user in the github.com/GoogleContainerTools/distroless image. + DistrolessNonRootUserId = EnvoyNonRootUserId + // EnvoyVPNGroupId is the group ID used for the envoy process in VPN. It is used for mapping of seed/shoot ranges to 240/4. + EnvoyVPNGroupId = 31415 // BackupSecretName is the name of secret having credentials for etcd backups. BackupSecretName string = "etcd-backup" @@ -819,6 +851,10 @@ const ( DataKeyBackupBucketName string = "bucketName" // BackupSourcePrefix is the prefix for names of resources related to source backupentries when copying backups. BackupSourcePrefix = "source" + // AnnotationBackupBucketGeneratedSecretNamespace is a constant for an annotation on an + // `extension.gardener.cloud/v1alpha1.BackupBucket` resource which indicates the namespace in which the generated + // secret should be created. If not specified, 'garden' should be used. + AnnotationBackupBucketGeneratedSecretNamespace = "backupbucket.extensions.gardener.cloud/generated-secret-namespace" // GardenerAudience is the identifier for Gardener controllers when interacting with the API Server GardenerAudience = "gardener" @@ -828,6 +864,8 @@ const ( // DNSRecordExternalName is a constant for DNSRecord objects used for the external domain name. DNSRecordExternalName = "external" + // ArchitectureName is a constant for the 'architecture' cloud profile capability name. + ArchitectureName = "architecture" // ArchitectureAMD64 is a constant for the 'amd64' architecture. ArchitectureAMD64 = "amd64" // ArchitectureARM64 is a constant for the 'arm64' architecture. @@ -853,14 +891,22 @@ const ( AdvertisedAddressInternal = "internal" // AdvertisedAddressUnmanaged is a constant that represents the name of the unmanaged kube-apiserver address. AdvertisedAddressUnmanaged = "unmanaged" - // AdvertisedAddressServiceAccountIssuer is a constant that represents the name of the address - // that is used as a service account issuer for the kube-apiserver. + // AdvertisedAddressServiceAccountIssuer is a constant that represents the name of the address that is used as a + // service account issuer for the kube-apiserver. AdvertisedAddressServiceAccountIssuer = "service-account-issuer" + // AdvertisedAddressWildcardTLSSeedBound is a constant that represents the name of the address that is + // seed-specific (i.e., changes when the Seed changes) and backed by a central wildcard TLS certificate. + AdvertisedAddressWildcardTLSSeedBound = "wildcard-tls-seed-bound" // CloudProfileReferenceKindCloudProfile is a constant for the CloudProfile kind reference. CloudProfileReferenceKindCloudProfile = "CloudProfile" // CloudProfileReferenceKindNamespacedCloudProfile is a constant for the NamespacedCloudProfile kind reference. CloudProfileReferenceKindNamespacedCloudProfile = "NamespacedCloudProfile" + + // APIServerFQDNPrefix is the part of a FQDN which will be used to construct the domain name for the kube-apiserver of + // a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the apiserver domain would be + // 'api.cluster.example.com'. + APIServerFQDNPrefix = "api" ) var ( @@ -969,4 +1015,8 @@ const ( // GardenPurposeMachineClass is a constant for the 'machineclass' value in a label. GardenPurposeMachineClass = "machineclass" + + // LabelInjectGardenKubeconfig is a constant for a label on workload resources that indicates that a kubeconfig to + // the garden cluster should be injected. + LabelInjectGardenKubeconfig = "extensions.gardener.cloud/inject-garden-kubeconfig" ) diff --git a/api/external/gardener/pkg/apis/core/v1beta1/register.go b/api/external/gardener/pkg/apis/core/v1beta1/register.go index 02b5ea4..11e2d9d 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/register.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/register.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types.go b/api/external/gardener/pkg/apis/core/v1beta1/types.go index 441b83d..9015078 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types.go @@ -1,9 +1,14 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 package v1beta1 +import ( + autoscalingv1 "k8s.io/api/autoscaling/v1" + "k8s.io/apimachinery/pkg/runtime" +) + const ( // GardenerSeedLeaseNamespace is the namespace in which Gardenlet will report Seeds' // status using Lease resources for each Seed @@ -12,6 +17,10 @@ const ( // will sync service account issuer discovery documents // of Shoot clusters which require managed issuer GardenerShootIssuerNamespace = "gardener-system-shoot-issuer" + // GardenerSystemPublicNamespace is the namespace which will contain a resources + // describing gardener installation itself. The resources in this namespace + // may be visible to all authenticated users. + GardenerSystemPublicNamespace = "gardener-system-public" ) // IPFamily is a type for specifying an IP protocol version to use in Gardener clusters. @@ -44,7 +53,28 @@ type AccessRestriction struct { // allows to specify additional options. type AccessRestrictionWithOptions struct { AccessRestriction `json:",inline" protobuf:"bytes,1,opt,name=accessRestriction"` + // Options is a map of additional options for the access restriction. // +optional Options map[string]string `json:"options,omitempty" protobuf:"bytes,2,rep,name=options"` } + +// Extension contains type and provider information for extensions. +type Extension struct { + // Type is the type of the extension resource. + Type string `json:"type" protobuf:"bytes,1,opt,name=type"` + // ProviderConfig is the configuration passed to extension resource. + // +optional + ProviderConfig *runtime.RawExtension `json:"providerConfig,omitempty" protobuf:"bytes,2,opt,name=providerConfig"` + // Disabled allows to disable extensions that were marked as 'automatically enabled' by Gardener administrators. + // +optional + Disabled *bool `json:"disabled,omitempty" protobuf:"varint,3,opt,name=disabled"` +} + +// NamedResourceReference is a named reference to a resource. +type NamedResourceReference struct { + // Name of the resource reference. + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + // ResourceRef is a reference to a resource. + ResourceRef autoscalingv1.CrossVersionObjectReference `json:"resourceRef" protobuf:"bytes,2,opt,name=resourceRef"` +} diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_backupbucket.go b/api/external/gardener/pkg/apis/core/v1beta1/types_backupbucket.go index e78d02c..d1cbf5b 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_backupbucket.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_backupbucket.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -19,6 +19,7 @@ type BackupBucket struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` + // Specification of the Backup Bucket. Spec BackupBucketSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` // Most recently observed status of the Backup Bucket. @@ -33,6 +34,7 @@ type BackupBucketList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of BackupBucket. Items []BackupBucket `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -44,12 +46,20 @@ type BackupBucketSpec struct { // ProviderConfig is the configuration passed to BackupBucket resource. // +optional ProviderConfig *runtime.RawExtension `json:"providerConfig,omitempty" protobuf:"bytes,2,opt,name=providerConfig"` - // SecretRef is a reference to a secret that contains the credentials to access object store. - SecretRef corev1.SecretReference `json:"secretRef" protobuf:"bytes,3,opt,name=secretRef"` + + // SecretRef is tombstoned to show why 3 is reserved protobuf tag. + // SecretRef corev1.SecretReference `json:"secretRef" protobuf:"bytes,3,opt,name=secretRef"` + // SeedName holds the name of the seed allocated to BackupBucket for running controller. // This field is immutable. // +optional SeedName *string `json:"seedName,omitempty" protobuf:"bytes,4,opt,name=seedName"` + // CredentialsRef is reference to a resource holding the credentials used for + // authentication with the object store service where the backups are stored. + // Supported referenced resources are v1.Secrets and + // security.gardener.cloud/v1alpha1.WorkloadIdentity + // +optional + CredentialsRef *corev1.ObjectReference `json:"credentialsRef,omitempty" protobuf:"bytes,5,opt,name=credentialsRef"` } // BackupBucketStatus holds the most recently observed status of the Backup Bucket. diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_backupentry.go b/api/external/gardener/pkg/apis/core/v1beta1/types_backupentry.go index c8bd74c..1e0b8e1 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_backupentry.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_backupentry.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -21,6 +21,7 @@ type BackupEntry struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` + // Spec contains the specification of the Backup Entry. // +optional Spec BackupEntrySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` @@ -37,6 +38,7 @@ type BackupEntryList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of BackupEntry. Items []BackupEntry `json:"items" protobuf:"bytes,2,rep,name=items"` } diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_cloudprofile.go b/api/external/gardener/pkg/apis/core/v1beta1/types_cloudprofile.go index 90858fb..92b714a 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_cloudprofile.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_cloudprofile.go @@ -1,13 +1,19 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 package v1beta1 import ( + "encoding/json" + "fmt" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/utils/ptr" + + "github.com/openmcp-project/mcp-operator/api/external/gardener/pkg/apis/core/v1beta1/constants" ) // +genclient @@ -20,6 +26,7 @@ type CloudProfile struct { // Standard object metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Spec defines the provider environment properties. // +optional Spec CloudProfileSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` @@ -33,6 +40,7 @@ type CloudProfileList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of CloudProfiles. Items []CloudProfile `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -77,6 +85,16 @@ type CloudProfileSpec struct { // Bastion contains the machine and image properties // +optional Bastion *Bastion `json:"bastion,omitempty" protobuf:"bytes,10,opt,name=bastion"` + // Limits configures operational limits for Shoot clusters using this CloudProfile. + // See https://github.com/gardener/gardener/blob/master/docs/usage/shoot/shoot_limits.md. + // +optional + Limits *Limits `json:"limits,omitempty" protobuf:"bytes,11,opt,name=limits"` + // Capabilities contains the definition of all possible capabilities in the CloudProfile. + // Only capabilities and values defined here can be used to describe MachineImages and MachineTypes. + // The order of values for a given capability is relevant. The most important value is listed first. + // During maintenance upgrades, the image that matches most capabilities will be selected. + // +optional + Capabilities []CapabilityDefinition `json:"capabilities,omitempty" protobuf:"bytes,12,rep,name=capabilities"` } // SeedSelector contains constraints for selecting seed to be usable for shoots using a profile @@ -84,6 +102,7 @@ type SeedSelector struct { // LabelSelector is optional and can be used to select seeds by their label settings // +optional metav1.LabelSelector `json:",inline,omitempty" protobuf:"bytes,1,opt,name=labelSelector"` + // Providers is optional and can be used by restricting seeds by their provider type. '*' can be used to enable seeds regardless of their provider type. // +optional ProviderTypes []string `json:"providerTypes,omitempty" protobuf:"bytes,2,rep,name=providerTypes"` @@ -117,6 +136,7 @@ type MachineImage struct { // MachineImageVersion is an expirable version with list of supported container runtimes and interfaces type MachineImageVersion struct { ExpirableVersion `json:",inline" protobuf:"bytes,1,opt,name=expirableVersion"` + // CRI list of supported container runtime and interfaces supported by this version // +optional CRI []CRI `json:"cri,omitempty" protobuf:"bytes,2,rep,name=cri"` @@ -130,6 +150,13 @@ type MachineImageVersion struct { // - '< 1.26' - supports only kubelet versions less than 1.26 // +optional KubeletVersionConstraint *string `json:"kubeletVersionConstraint,omitempty" protobuf:"bytes,4,opt,name=kubeletVersionConstraint"` + // InPlaceUpdates contains the configuration for in-place updates for this machine image version. + // +optional + InPlaceUpdates *InPlaceUpdates `json:"inPlaceUpdates,omitempty" protobuf:"bytes,5,opt,name=inPlaceUpdates"` + // CapabilitySets is an array of capability sets. Each entry represents a combination of capabilities that is provided by + // the machine image version. + // +optional + CapabilitySets []CapabilitySet `json:"capabilitySets,omitempty" protobuf:"bytes,6,rep,name=capabilitySets"` } // ExpirableVersion contains a version and an expiration date. @@ -139,7 +166,8 @@ type ExpirableVersion struct { // ExpirationDate defines the time at which this version expires. // +optional ExpirationDate *metav1.Time `json:"expirationDate,omitempty" protobuf:"bytes,2,opt,name=expirationDate"` - // Classification defines the state of a version (preview, supported, deprecated) + // Classification defines the state of a version (preview, supported, deprecated). + // To get the currently valid classification, use CurrentLifecycleClassification(). // +optional Classification *VersionClassification `json:"classification,omitempty" protobuf:"bytes,3,opt,name=classification,casttype=VersionClassification"` } @@ -163,6 +191,17 @@ type MachineType struct { // Architecture is the CPU architecture of this machine type. // +optional Architecture *string `json:"architecture,omitempty" protobuf:"bytes,7,opt,name=architecture"` + // Capabilities contains the machine type capabilities. + // +optional + Capabilities Capabilities `json:"capabilities,omitempty" protobuf:"bytes,8,rep,name=capabilities,casttype=Capabilities"` +} + +// GetArchitecture returns the architecture of the machine type. +func (m *MachineType) GetArchitecture() string { + if len(m.Capabilities[constants.ArchitectureName]) == 1 { + return m.Capabilities[constants.ArchitectureName][0] + } + return ptr.Deref(m.Architecture, "") } // MachineTypeStorage is the amount of storage associated with the root volume of this machine type. @@ -250,6 +289,14 @@ type BastionMachineType struct { Name string `json:"name" protobuf:"bytes,1,name=name"` } +// Limits configures operational limits for Shoot clusters using this CloudProfile. +// See https://github.com/gardener/gardener/blob/master/docs/usage/shoot/shoot_limits.md. +type Limits struct { + // MaxNodesTotal configures the maximum node count a Shoot cluster can have during runtime. + // +optional + MaxNodesTotal *int32 `json:"maxNodesTotal,omitempty" protobuf:"varint,1,opt,name=maxNodesTotal"` +} + const ( // VolumeClassStandard is a constant for the standard volume class. VolumeClassStandard string = "standard" @@ -260,7 +307,14 @@ const ( // VersionClassification is the logical state of a version. type VersionClassification string +// IsActive returns whether the version can be used. +func (v VersionClassification) IsActive() bool { + return v != ClassificationExpired && v != ClassificationUnavailable +} + const ( + // ClassificationUnavailable indicates that a version is currently not available and is planned to become available depending on the classification lifecycle. + ClassificationUnavailable VersionClassification = "unavailable" // ClassificationPreview indicates that a version has recently been added and not promoted to "Supported" yet. // ClassificationPreview versions will not be considered for automatic Kubernetes and Machine Image patch version updates. ClassificationPreview VersionClassification = "preview" @@ -271,6 +325,9 @@ const ( // ClassificationDeprecated indicates that a patch version should not be used anymore, should be updated to a new version // and will eventually expire. ClassificationDeprecated VersionClassification = "deprecated" + // ClassificationExpired indicates that a version has expired. + // New entities with that version cannot be created and existing entities are forcefully migrated to a higher version during the maintenance time. + ClassificationExpired VersionClassification = "expired" ) // MachineImageUpdateStrategy is the update strategy to use for a machine image @@ -286,3 +343,52 @@ const ( // UpdateStrategyMajor indicates that auto-updates are performed always to the overall latest version. UpdateStrategyMajor MachineImageUpdateStrategy = "major" ) + +// InPlaceUpdates contains the configuration for in-place updates for a machine image version. +type InPlaceUpdates struct { + // Supported indicates whether in-place updates are supported for this machine image version. + Supported bool `json:"supported" protobuf:"varint,1,opt,name=supported"` + // MinVersionForInPlaceUpdate specifies the minimum supported version from which an in-place update to this machine image version can be performed. + // +optional + MinVersionForUpdate *string `json:"minVersionForUpdate,omitempty" protobuf:"bytes,2,opt,name=minVersionForUpdate"` +} + +// CapabilityDefinition contains the Name and Values of a capability. +type CapabilityDefinition struct { + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + Values CapabilityValues `json:"values" protobuf:"bytes,2,rep,name=values"` +} + +// CapabilityValues contains capability values. +// This is a workaround as the Protobuf generator can't handle a map with slice values. +// +protobuf.nullable=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +type CapabilityValues []string + +func (t CapabilityValues) String() string { + return fmt.Sprintf("%v", []string(t)) +} + +// Capabilities of a machine type or machine image. +// +protobuf.options.(gogoproto.goproto_stringer)=false +type Capabilities map[string]CapabilityValues + +func (t Capabilities) String() string { + return fmt.Sprintf("%v", map[string]CapabilityValues(t)) +} + +// CapabilitySet is a wrapper for Capabilities. +// This is a workaround as the Protobuf generator can't handle a slice of maps. +type CapabilitySet struct { + Capabilities `json:"-" protobuf:"bytes,1,rep,name=capabilities,casttype=Capabilities"` +} + +// UnmarshalJSON unmarshals the given data to a CapabilitySet. +func (c *CapabilitySet) UnmarshalJSON(data []byte) error { + return json.Unmarshal(data, &c.Capabilities) +} + +// MarshalJSON marshals the CapabilitySet object to JSON. +func (c *CapabilitySet) MarshalJSON() ([]byte, error) { + return json.Marshal(c.Capabilities) +} diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_common.go b/api/external/gardener/pkg/apis/core/v1beta1/types_common.go index e4b8ba2..62f7fff 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_common.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_common.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_controllerdeployment.go b/api/external/gardener/pkg/apis/core/v1beta1/types_controllerdeployment.go index 61edb2e..29feb30 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_controllerdeployment.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_controllerdeployment.go @@ -1,10 +1,11 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 package v1beta1 import ( + corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -19,10 +20,15 @@ type ControllerDeployment struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Type is the deployment type. Type string `json:"type" protobuf:"bytes,2,opt,name=type"` // ProviderConfig contains type-specific configuration. It contains assets that deploy the controller. ProviderConfig runtime.RawExtension `json:"providerConfig" protobuf:"bytes,3,opt,name=providerConfig"` + // InjectGardenKubeconfig controls whether a kubeconfig to the garden cluster should be injected into workload + // resources. + // +optional + InjectGardenKubeconfig *bool `json:"injectGardenKubeconfig,omitempty" protobuf:"varint,4,opt,name=injectGardenKubeconfig"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -33,6 +39,7 @@ type ControllerDeploymentList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of ControllerDeployments. Items []ControllerDeployment `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -72,4 +79,8 @@ type OCIRepository struct { // Digest of the image to pull, takes precedence over tag. // +optional Digest *string `json:"digest,omitempty" protobuf:"bytes,4,opt,name=digest"` + // PullSecretRef is a reference to a secret containing the pull secret. + // The secret must be of type `kubernetes.io/dockerconfigjson` and must be located in the `garden` namespace. + // +optional + PullSecretRef *corev1.LocalObjectReference `json:"pullSecretRef,omitempty" protobuf:"bytes,5,opt,name=pullSecretRef"` } diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_controllerinstallation.go b/api/external/gardener/pkg/apis/core/v1beta1/types_controllerinstallation.go index ac9d28c..e7890ae 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_controllerinstallation.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_controllerinstallation.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -19,6 +19,7 @@ type ControllerInstallation struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Spec contains the specification of this installation. // If the object's deletion timestamp is set, this field is immutable. Spec ControllerInstallationSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` @@ -34,6 +35,7 @@ type ControllerInstallationList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of ControllerInstallations. Items []ControllerInstallation `json:"items" protobuf:"bytes,2,rep,name=items"` } diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_controllerregistration.go b/api/external/gardener/pkg/apis/core/v1beta1/types_controllerregistration.go index 0d91882..f9572cc 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_controllerregistration.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_controllerregistration.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -17,6 +17,7 @@ type ControllerRegistration struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Spec contains the specification of this registration. // If the object's deletion timestamp is set, this field is immutable. Spec ControllerRegistrationSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` @@ -30,6 +31,7 @@ type ControllerRegistrationList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of ControllerRegistrations. Items []ControllerRegistration `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -45,6 +47,16 @@ type ControllerRegistrationSpec struct { Deployment *ControllerRegistrationDeployment `json:"deployment,omitempty" protobuf:"bytes,2,opt,name=deployment"` } +// ClusterType defines the type of cluster. +type ClusterType string + +const ( + // ClusterTypeShoot represents the shoot cluster type. + ClusterTypeShoot ClusterType = "shoot" + // ClusterTypeSeed represents the seed cluster type. + ClusterTypeSeed ClusterType = "seed" +) + // ControllerResource is a combination of a kind (DNSProvider, Infrastructure, Generic, ...) and the actual type for this // kind (aws-route53, gcp, auditlog, ...). type ControllerResource struct { @@ -52,10 +64,10 @@ type ControllerResource struct { Kind string `json:"kind" protobuf:"bytes,1,opt,name=kind"` // Type is the resource type, for example "coreos" or "ubuntu". Type string `json:"type" protobuf:"bytes,2,opt,name=type"` - // GloballyEnabled determines if this ControllerResource is required by all Shoot clusters. - // This field is defaulted to false when kind is "Extension". - // +optional - GloballyEnabled *bool `json:"globallyEnabled,omitempty" protobuf:"varint,3,opt,name=globallyEnabled"` + + // GloballyEnabled is tombstoned to show why 3 is reserved protobuf tag. + // GloballyEnabled *bool `json:"globallyEnabled,omitempty" protobuf:"varint,3,opt,name=globallyEnabled"` + // ReconcileTimeout defines how long Gardener should wait for the resource reconciliation. // This field is defaulted to 3m0s when kind is "Extension". // +optional @@ -76,6 +88,15 @@ type ControllerResource struct { // This field is only relevant when kind is "Extension". // +optional WorkerlessSupported *bool `json:"workerlessSupported,omitempty" protobuf:"varint,7,opt,name=workerlessSupported"` + // AutoEnable determines if this resource is automatically enabled for shoot or seed clusters, or both. + // This field can only be set for resources of kind "Extension". + // +optional + AutoEnable []ClusterType `json:"autoEnable,omitempty" protobuf:"bytes,8,rep,name=autoEnable,casttype=ClusterType"` + // ClusterCompatibility defines the compatibility of this resource with different cluster types. + // If compatibility is not specified, it will be defaulted to 'shoot'. + // This field can only be set for resources of kind "Extension". + // +optional + ClusterCompatibility []ClusterType `json:"clusterCompatibility,omitempty" protobuf:"bytes,9,rep,name=clusterCompatibility,casttype=ClusterType"` } // DeploymentRef contains information about `ControllerDeployment` references. diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_exposureclass.go b/api/external/gardener/pkg/apis/core/v1beta1/types_exposureclass.go index a2e6d51..88b0dc8 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_exposureclass.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_exposureclass.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -18,6 +18,7 @@ type ExposureClass struct { // Standard object metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Handler is the name of the handler which applies the control plane endpoint exposure strategy. // This field is immutable. Handler string `json:"handler" protobuf:"bytes,2,opt,name=handler"` @@ -35,6 +36,7 @@ type ExposureClassList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of ExposureClasses. Items []ExposureClass `json:"items" protobuf:"bytes,2,rep,name=items"` } diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_internalsecret.go b/api/external/gardener/pkg/apis/core/v1beta1/types_internalsecret.go index f9e85d8..6eb2461 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_internalsecret.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_internalsecret.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_namespacedcloudprofile.go b/api/external/gardener/pkg/apis/core/v1beta1/types_namespacedcloudprofile.go index fdaca65..ca08bf6 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_namespacedcloudprofile.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_namespacedcloudprofile.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -17,6 +17,7 @@ type NamespacedCloudProfile struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Spec defines the provider environment properties. Spec NamespacedCloudProfileSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` // Most recently observed status of the NamespacedCloudProfile. @@ -31,6 +32,7 @@ type NamespacedCloudProfileList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of NamespacedCloudProfiles. Items []NamespacedCloudProfile `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -63,6 +65,11 @@ type NamespacedCloudProfileSpec struct { // ProviderConfig contains provider-specific configuration for the profile. // +optional ProviderConfig *runtime.RawExtension `json:"providerConfig,omitempty" protobuf:"bytes,8,opt,name=providerConfig"` + // Limits configures operational limits for Shoot clusters using this NamespacedCloudProfile. + // Any limits specified here override those set in the parent CloudProfile. + // See https://github.com/gardener/gardener/blob/master/docs/usage/shoot/shoot_limits.md. + // +optional + Limits *Limits `json:"limits,omitempty" protobuf:"bytes,9,opt,name=limits"` } // NamespacedCloudProfileStatus holds the most recently observed status of the NamespacedCloudProfile. diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_project.go b/api/external/gardener/pkg/apis/core/v1beta1/types_project.go index 56887c7..5363e0b 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_project.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_project.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -19,6 +19,7 @@ type Project struct { // Standard object metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Spec defines the project properties. // +optional Spec ProjectSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` @@ -35,6 +36,7 @@ type ProjectList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of Projects. Items []Project `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -65,6 +67,7 @@ type ProjectSpec struct { Members []ProjectMember `json:"members,omitempty" protobuf:"bytes,5,rep,name=members"` // Namespace is the name of the namespace that has been created for the Project object. // A nil value means that Gardener will determine the name of the namespace. + // If set, its value must be prefixed with `garden-`. // This field is immutable. // +optional Namespace *string `json:"namespace,omitempty" protobuf:"bytes,6,opt,name=namespace"` @@ -100,6 +103,7 @@ type ProjectMember struct { // Subject is representing a user name, an email address, or any other identifier of a user, group, or service // account that has a certain role. rbacv1.Subject `json:",inline" protobuf:"bytes,1,opt,name=subject"` + // Role represents the role of this member. // IMPORTANT: Be aware that this field will be removed in the `v1` version of this API in favor of the `roles` // list. diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_quota.go b/api/external/gardener/pkg/apis/core/v1beta1/types_quota.go index c7609a6..79808bd 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_quota.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_quota.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -18,6 +18,7 @@ type Quota struct { // Standard object metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Spec defines the Quota constraints. // +optional Spec QuotaSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` @@ -31,6 +32,7 @@ type QuotaList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of Quotas. Items []Quota `json:"items" protobuf:"bytes,2,rep,name=items"` } diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_secretbinding.go b/api/external/gardener/pkg/apis/core/v1beta1/types_secretbinding.go index c8e12f4..d846571 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_secretbinding.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_secretbinding.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -18,6 +18,7 @@ type SecretBinding struct { // Standard object metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // SecretRef is a reference to a secret object in the same or another namespace. // This field is immutable. SecretRef corev1.SecretReference `json:"secretRef" protobuf:"bytes,2,opt,name=secretRef"` @@ -48,6 +49,7 @@ type SecretBindingList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of SecretBindings. Items []SecretBinding `json:"items" protobuf:"bytes,2,rep,name=items"` } diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_seed.go b/api/external/gardener/pkg/apis/core/v1beta1/types_seed.go index 2f0a5a5..8f21173 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_seed.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_seed.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -20,6 +20,7 @@ type Seed struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Spec contains the specification of this installation. Spec SeedSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` // Status contains the status of this installation. @@ -34,6 +35,7 @@ type SeedList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of Seeds. Items []Seed `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -43,6 +45,7 @@ type SeedTemplate struct { // Standard object metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Specification of the desired behavior of the Seed. // +optional Spec SeedSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` @@ -55,7 +58,7 @@ type SeedSpec struct { // If backup field is present in seed, then backups of the etcd from shoot control plane will be stored // under the configured object store. // +optional - Backup *SeedBackup `json:"backup,omitempty" protobuf:"bytes,1,opt,name=backup"` + Backup *Backup `json:"backup,omitempty" protobuf:"bytes,1,opt,name=backup"` // DNS contains DNS-relevant information about this seed cluster. DNS SeedDNS `json:"dns" protobuf:"bytes,2,opt,name=dns"` // Networks defines the pod, service and worker network of the Seed cluster. @@ -81,6 +84,12 @@ type SeedSpec struct { // AccessRestrictions describe a list of access restrictions for this seed cluster. // +optional AccessRestrictions []AccessRestriction `json:"accessRestrictions,omitempty" protobuf:"bytes,10,rep,name=accessRestrictions"` + // Extensions contain type and provider information for Seed extensions. + // +optional + Extensions []Extension `json:"extensions,omitempty" protobuf:"bytes,11,rep,name=extensions"` + // Resources holds a list of named resource references that can be referred to in extension configs by their names. + // +optional + Resources []NamedResourceReference `json:"resources,omitempty" protobuf:"bytes,12,rep,name=resources"` } // SeedStatus is the status of a Seed. @@ -118,8 +127,8 @@ type SeedStatus struct { LastOperation *LastOperation `json:"lastOperation,omitempty" protobuf:"bytes,9,opt,name=lastOperation"` } -// SeedBackup contains the object store configuration for backups for shoot (currently only etcd). -type SeedBackup struct { +// Backup contains the object store configuration for backups for shoot (currently only etcd). +type Backup struct { // Provider is a provider name. This field is immutable. Provider string `json:"provider" protobuf:"bytes,1,opt,name=provider"` // ProviderConfig is the configuration passed to BackupBucket resource. @@ -128,10 +137,16 @@ type SeedBackup struct { // Region is a region name. This field is immutable. // +optional Region *string `json:"region,omitempty" protobuf:"bytes,3,opt,name=region"` - // SecretRef is a reference to a Secret object containing the cloud provider credentials for - // the object store where backups should be stored. It should have enough privileges to manipulate - // the objects as well as buckets. - SecretRef corev1.SecretReference `json:"secretRef" protobuf:"bytes,4,opt,name=secretRef"` + + // SecretRef is tombstoned to show why 4 is reserved protobuf tag. + // SecretRef corev1.SecretReference `json:"secretRef" protobuf:"bytes,4,opt,name=secretRef"` + + // CredentialsRef is reference to a resource holding the credentials used for + // authentication with the object store service where the backups are stored. + // Supported referenced resources are v1.Secrets and + // security.gardener.cloud/v1alpha1.WorkloadIdentity + // +optional + CredentialsRef *corev1.ObjectReference `json:"credentialsRef,omitempty" protobuf:"bytes,5,opt,name=credentialsRef"` } // SeedDNS contains DNS-relevant information about this seed cluster. @@ -344,6 +359,9 @@ type SeedSettingVerticalPodAutoscaler struct { // is enabled by default because Gardener heavily relies on a VPA being deployed. You should only disable this if // your seed cluster already has another, manually/custom managed VPA deployment. Enabled bool `json:"enabled" protobuf:"bytes,1,opt,name=enabled"` + // FeatureGates contains information about enabled feature gates. + // +optional + FeatureGates map[string]bool `json:"featureGates,omitempty" protobuf:"bytes,2,opt,name=featureGates"` } // SeedSettingDependencyWatchdog controls the dependency-watchdog settings for the seed. diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_shoot.go b/api/external/gardener/pkg/apis/core/v1beta1/types_shoot.go index 5defed2..1df29ce 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_shoot.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_shoot.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -7,7 +7,6 @@ package v1beta1 import ( "time" - autoscalingv1 "k8s.io/api/autoscaling/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -27,6 +26,7 @@ type Shoot struct { // Standard object metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Specification of the Shoot cluster. // If the object's deletion timestamp is set, this field is immutable. // +optional @@ -44,6 +44,7 @@ type ShootList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of Shoots. Items []Shoot `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -53,6 +54,7 @@ type ShootTemplate struct { // Standard object metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Specification of the desired behavior of the Shoot. // +optional Spec ShootSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` @@ -65,7 +67,8 @@ type ShootSpec struct { Addons *Addons `json:"addons,omitempty" protobuf:"bytes,1,opt,name=addons"` // CloudProfileName is a name of a CloudProfile object. // Deprecated: This field will be removed in a future version of Gardener. Use `CloudProfile` instead. - // Until removed, this field is synced with the `CloudProfile` field. + // Until Kubernetes v1.33, this field is synced with the `CloudProfile` field. + // Starting with Kubernetes v1.34, this field is set to empty string and must not be provided anymore. // +optional CloudProfileName *string `json:"cloudProfileName,omitempty" protobuf:"bytes,2,opt,name=cloudProfileName"` // DNS contains information about the DNS settings of the Shoot. @@ -177,8 +180,9 @@ type ShootStatus struct { // after a successful create/reconcile operation. It will be used when control planes are moved between Seeds. // +optional SeedName *string `json:"seedName,omitempty" protobuf:"bytes,9,opt,name=seedName"` - // TechnicalID is the name that is used for creating the Seed namespace, the infrastructure resources, and - // basically everything that is related to this particular Shoot. This field is immutable. + // TechnicalID is a unique technical ID for this Shoot. It is used for the infrastructure resources, and + // basically everything that is related to this particular Shoot. For regular shoot clusters, this is also the name + // of the namespace in the seed cluster running the shoot's control plane. This field is immutable. TechnicalID string `json:"technicalID" protobuf:"bytes,10,opt,name=technicalID"` // UID is a unique identifier for the Shoot cluster to avoid portability between Kubernetes clusters. // It is used to compute unique hashes. This field is immutable. @@ -213,6 +217,9 @@ type ShootStatus struct { // Networking contains information about cluster networking such as CIDRs. // +optional Networking *NetworkingStatus `json:"networking,omitempty" protobuf:"bytes,19,opt,name=networking"` + // InPlaceUpdates contains information about in-place updates for the Shoot workers. + // +optional + InPlaceUpdates *InPlaceUpdatesStatus `json:"inPlaceUpdates,omitempty" protobuf:"bytes,20,opt,name=inPlaceUpdates"` } // LastMaintenance holds information about a maintenance operation on the Shoot. @@ -246,6 +253,23 @@ type NetworkingStatus struct { EgressCIDRs []string `json:"egressCIDRs,omitempty" protobuf:"bytes,4,rep,name=egressCIDRs"` } +// InPlaceUpdatesStatus contains information about in-place updates for the Shoot workers. +type InPlaceUpdatesStatus struct { + // PendingWorkerUpdates contains information about worker pools pending in-place updates. + // +optional + PendingWorkerUpdates *PendingWorkerUpdates `json:"pendingWorkerUpdates,omitempty" protobuf:"bytes,1,opt,name=pendingWorkerUpdates"` +} + +// PendingWorkerUpdates contains information about worker pools pending in-place update. +type PendingWorkerUpdates struct { + // AutoInPlaceUpdate contains the names of the pending worker pools with strategy AutoInPlaceUpdate. + // +optional + AutoInPlaceUpdate []string `json:"autoInPlaceUpdate,omitempty" protobuf:"bytes,1,rep,name=autoInPlaceUpdate"` + // ManualInPlaceUpdate contains the names of the pending worker pools with strategy ManualInPlaceUpdate. + // +optional + ManualInPlaceUpdate []string `json:"manualInPlaceUpdate,omitempty" protobuf:"bytes,2,rep,name=manualInPlaceUpdate"` +} + // ShootCredentials contains information about the shoot credentials. type ShootCredentials struct { // Rotation contains information about the credential rotations. @@ -260,6 +284,8 @@ type ShootCredentialsRotation struct { CertificateAuthorities *CARotation `json:"certificateAuthorities,omitempty" protobuf:"bytes,1,opt,name=certificateAuthorities"` // Kubeconfig contains information about the kubeconfig credential rotation. // +optional + // + // Deprecated: This field is deprecated and will be removed in gardener v1.120 Kubeconfig *ShootKubeconfigRotation `json:"kubeconfig,omitempty" protobuf:"bytes,2,opt,name=kubeconfig"` // SSHKeypair contains information about the ssh-keypair credential rotation. // +optional @@ -434,6 +460,7 @@ type Addon struct { // KubernetesDashboard describes configuration values for the kubernetes-dashboard addon. type KubernetesDashboard struct { Addon `json:",inline" protobuf:"bytes,2,opt,name=addon"` + // AuthenticationMode defines the authentication mode for the kubernetes-dashboard. // +optional AuthenticationMode *string `json:"authenticationMode,omitempty" protobuf:"bytes,1,opt,name=authenticationMode"` @@ -447,6 +474,7 @@ const ( // NginxIngress describes configuration values for the nginx-ingress addon. type NginxIngress struct { Addon `json:",inline" protobuf:"bytes,1,opt,name=addon"` + // LoadBalancerSourceRanges is list of allowed IP sources for NginxIngress // +optional LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty" protobuf:"bytes,2,rep,name=loadBalancerSourceRanges"` @@ -532,26 +560,6 @@ type DNSIncludeExclude struct { // DefaultDomain is the default value in the Shoot's '.spec.dns.domain' when '.spec.dns.provider' is 'unmanaged' const DefaultDomain = "cluster.local" -// Extension contains type and provider information for Shoot extensions. -type Extension struct { - // Type is the type of the extension resource. - Type string `json:"type" protobuf:"bytes,1,opt,name=type"` - // ProviderConfig is the configuration passed to extension resource. - // +optional - ProviderConfig *runtime.RawExtension `json:"providerConfig,omitempty" protobuf:"bytes,2,opt,name=providerConfig"` - // Disabled allows to disable extensions that were marked as 'globally enabled' by Gardener administrators. - // +optional - Disabled *bool `json:"disabled,omitempty" protobuf:"varint,3,opt,name=disabled"` -} - -// NamedResourceReference is a named reference to a resource. -type NamedResourceReference struct { - // Name of the resource reference. - Name string `json:"name" protobuf:"bytes,1,opt,name=name"` - // ResourceRef is a reference to a resource. - ResourceRef autoscalingv1.CrossVersionObjectReference `json:"resourceRef" protobuf:"bytes,2,opt,name=resourceRef"` -} - // Hibernation contains information whether the Shoot is suspended or not. type Hibernation struct { // Enabled specifies whether the Shoot needs to be hibernated or not. If it is true, the Shoot's desired state is to be hibernated. @@ -613,11 +621,30 @@ type Kubernetes struct { // VerticalPodAutoscaler contains the configuration flags for the Kubernetes vertical pod autoscaler. // +optional VerticalPodAutoscaler *VerticalPodAutoscaler `json:"verticalPodAutoscaler,omitempty" protobuf:"bytes,9,opt,name=verticalPodAutoscaler"` - // EnableStaticTokenKubeconfig indicates whether static token kubeconfig secret will be created for the Shoot cluster. - // Defaults to true for Shoots with Kubernetes versions < 1.26. Defaults to false for Shoots with Kubernetes versions >= 1.26. - // Starting Kubernetes 1.27 the field will be locked to false. + + // EnableStaticTokenKubeconfig is tombstoned to show why 10 is reserved protobuf tag. + // EnableStaticTokenKubeconfig *bool `json:"enableStaticTokenKubeconfig,omitempty" protobuf:"varint,10,opt,name=enableStaticTokenKubeconfig"` + + // ETCD contains configuration for etcds of the shoot cluster. // +optional - EnableStaticTokenKubeconfig *bool `json:"enableStaticTokenKubeconfig,omitempty" protobuf:"varint,10,opt,name=enableStaticTokenKubeconfig"` + ETCD *ETCD `json:"etcd,omitempty" protobuf:"bytes,11,opt,name=etcd"` +} + +// ETCD contains configuration for etcds of the shoot cluster. +type ETCD struct { + // Main contains configuration for the main etcd. + // +optional + Main *ETCDConfig `json:"main,omitempty" protobuf:"bytes,1,opt,name=main"` + // Events contains configuration for the events etcd. + // +optional + Events *ETCDConfig `json:"events,omitempty" protobuf:"bytes,2,opt,name=events"` +} + +// ETCDConfig contains etcd configuration. +type ETCDConfig struct { + // Autoscaling contains auto-scaling configuration options for etcd. + // +optional + Autoscaling *ControlPlaneAutoscaling `json:"autoscaling,omitempty" protobuf:"bytes,1,opt,name=autoscaling"` } // ClusterAutoscaler contains the configuration flags for the Kubernetes cluster autoscaler. @@ -658,7 +685,11 @@ type ClusterAutoscaler struct { // NewPodScaleUpDelay specifies how long CA should ignore newly created pods before they have to be considered for scale-up (default: 0s). // +optional NewPodScaleUpDelay *metav1.Duration `json:"newPodScaleUpDelay,omitempty" protobuf:"bytes,11,opt,name=newPodScaleUpDelay"` - // MaxEmptyBulkDelete specifies the maximum number of empty nodes that can be deleted at the same time (default: 10). + // MaxEmptyBulkDelete specifies the maximum number of empty nodes that can be deleted at the same time (default: MaxScaleDownParallelism when that is set). + // + // Deprecated: This field is deprecated. Setting this field will be forbidden starting from Kubernetes 1.33 and will be removed once gardener drops support for kubernetes v1.32. + // This cluster-autoscaler field is deprecated upstream, use --max-scale-down-parallelism instead. + // TODO(Kostov6): Drop this field after support for Kubernetes 1.32 is dropped. // +optional MaxEmptyBulkDelete *int32 `json:"maxEmptyBulkDelete,omitempty" protobuf:"varint,12,opt,name=maxEmptyBulkDelete"` // IgnoreDaemonsetsUtilization allows CA to ignore DaemonSet pods when calculating resource utilization for scaling down (default: false). @@ -675,6 +706,15 @@ type ClusterAutoscaler struct { // Cluster Autoscaler internally treats nodes tainted with status taints as ready, but filtered out during scale up logic. // +optional StatusTaints []string `json:"statusTaints,omitempty" protobuf:"bytes,16,opt,name=statusTaints"` + + // MaxScaleDownParallelism specifies the maximum number of nodes (both empty and needing drain) that can be deleted in parallel. + // Default: 10 or MaxEmptyBulkDelete when that is set + // +optional + MaxScaleDownParallelism *int32 `json:"maxScaleDownParallelism,omitempty" protobuf:"varint,17,opt,name=maxScaleDownParallelism"` + // MaxDrainParallelism specifies the maximum number of nodes needing drain, that can be drained and deleted in parallel. + // Default: 1 + // +optional + MaxDrainParallelism *int32 `json:"maxDrainParallelism,omitempty" protobuf:"varint,18,opt,name=maxDrainParallelism"` } // ExpanderMode is type used for Expander values @@ -771,6 +811,9 @@ type VerticalPodAutoscaler struct { // (default: 8) // +optional MemoryAggregationIntervalCount *int64 `json:"memoryAggregationIntervalCount,omitempty" protobuf:"varint,18,opt,name=memoryAggregationIntervalCount"` + // FeatureGates contains information about enabled feature gates. + // +optional + FeatureGates map[string]bool `json:"featureGates,omitempty" protobuf:"bytes,19,rep,name=featureGates"` } const ( @@ -816,6 +859,8 @@ var ( // KubernetesConfig contains common configuration fields for the control plane components. type KubernetesConfig struct { // FeatureGates contains information about enabled feature gates. + // + // This is a legacy field that should no longer be used. Instead, consider using inline map for feature gates definitions. // +optional FeatureGates map[string]bool `json:"featureGates,omitempty" protobuf:"bytes,1,rep,name=featureGates"` } @@ -823,6 +868,7 @@ type KubernetesConfig struct { // KubeAPIServerConfig contains configuration settings for the kube-apiserver. type KubeAPIServerConfig struct { KubernetesConfig `json:",inline" protobuf:"bytes,1,opt,name=kubernetesConfig"` + // AdmissionPlugins contains the list of user-defined admission plugins (additional to those managed by Gardener), and, if desired, the corresponding // configuration. // +patchMergeKey=name @@ -871,6 +917,11 @@ type KubeAPIServerConfig struct { // EnableAnonymousAuthentication defines whether anonymous requests to the secure port // of the API server should be allowed (flag `--anonymous-auth`). // See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ + // + // Deprecated: This field is deprecated and will be removed in a future release. + // Please use anonymous authentication configuration instead. + // For more information see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#anonymous-authenticator-configuration + // TODO(marc1404): Forbid this field when the feature gate AnonymousAuthConfigurableEndpoints has graduated. // +optional EnableAnonymousAuthentication *bool `json:"enableAnonymousAuthentication,omitempty" protobuf:"varint,11,opt,name=enableAnonymousAuthentication"` // EventTTL controls the amount of time to retain events. @@ -903,6 +954,17 @@ type KubeAPIServerConfig struct { // This field is only available for Kubernetes v1.30 or later. // +optional StructuredAuthorization *StructuredAuthorization `json:"structuredAuthorization,omitempty" protobuf:"bytes,18,opt,name=structuredAuthorization"` + // Autoscaling contains auto-scaling configuration options for the kube-apiserver. + // +optional + Autoscaling *ControlPlaneAutoscaling `json:"autoscaling,omitempty" protobuf:"bytes,19,opt,name=autoscaling"` +} + +// ControlPlaneAutoscaling contains auto-scaling configuration options for control-plane components. +type ControlPlaneAutoscaling struct { + // MinAllowed configures the minimum allowed resource requests for vertical pod autoscaling.. + // Configuration of minAllowed resources is an advanced feature that can help clusters to overcome scale-up delays. + // Default values are not applied to this field. + MinAllowed corev1.ResourceList `json:"minAllowed" protobuf:"bytes,1,rep,name=minAllowed,casttype=k8s.io/api/core/v1.ResourceList,castkey=k8s.io/api/core/v1.ResourceName"` } // APIServerLogging contains configuration for the logs level and http access logs @@ -932,7 +994,6 @@ type APIServerRequests struct { type EncryptionConfig struct { // Resources contains the list of resources that shall be encrypted in addition to secrets. // Each item is a Kubernetes resource name in plural (resource or resource.group) that should be encrypted. - // Note that configuring a custom resource is only supported for versions >= 1.26. // Wildcards are not supported for now. // See https://github.com/gardener/gardener/blob/master/docs/usage/security/etcd_encryption_config.md for more details. Resources []string `json:"resources" protobuf:"bytes,1,rep,name=resources"` @@ -1102,6 +1163,7 @@ type ResourceWatchCacheSize struct { // KubeControllerManagerConfig contains configuration settings for the kube-controller-manager. type KubeControllerManagerConfig struct { KubernetesConfig `json:",inline" protobuf:"bytes,1,opt,name=kubernetesConfig"` + // HorizontalPodAutoscalerConfig contains horizontal pod autoscaler configuration settings for the kube-controller-manager. // +optional HorizontalPodAutoscalerConfig *HorizontalPodAutoscalerConfig `json:"horizontalPodAutoscaler,omitempty" protobuf:"bytes,2,opt,name=horizontalPodAutoscaler"` @@ -1109,14 +1171,16 @@ type KubeControllerManagerConfig struct { // +optional NodeCIDRMaskSize *int32 `json:"nodeCIDRMaskSize,omitempty" protobuf:"varint,3,opt,name=nodeCIDRMaskSize"` // PodEvictionTimeout defines the grace period for deleting pods on failed nodes. Defaults to 2m. + // +optional // // Deprecated: The corresponding kube-controller-manager flag `--pod-eviction-timeout` is deprecated // in favor of the kube-apiserver flags `--default-not-ready-toleration-seconds` and `--default-unreachable-toleration-seconds`. // The `--pod-eviction-timeout` flag does not have effect when the taint based eviction is enabled. The taint // based eviction is beta (enabled by default) since Kubernetes 1.13 and GA since Kubernetes 1.18. Hence, // instead of setting this field, set the `spec.kubernetes.kubeAPIServer.defaultNotReadyTolerationSeconds` and - // `spec.kubernetes.kubeAPIServer.defaultUnreachableTolerationSeconds`. - // +optional + // `spec.kubernetes.kubeAPIServer.defaultUnreachableTolerationSeconds`. Setting this field is forbidden starting + // from Kubernetes 1.33. + // TODO(plkokanov): Drop this field after support for Kubernetes 1.32 is dropped. PodEvictionTimeout *metav1.Duration `json:"podEvictionTimeout,omitempty" protobuf:"bytes,4,opt,name=podEvictionTimeout"` // NodeMonitorGracePeriod defines the grace period before an unresponsive node is marked unhealthy. // +optional @@ -1159,6 +1223,7 @@ const ( // KubeSchedulerConfig contains configuration settings for the kube-scheduler. type KubeSchedulerConfig struct { KubernetesConfig `json:",inline" protobuf:"bytes,1,opt,name=kubernetesConfig"` + // KubeMaxPDVols allows to configure the `KUBE_MAX_PD_VOLS` environment variable for the kube-scheduler. // Please find more information here: https://kubernetes.io/docs/concepts/storage/storage-limits/#custom-limits // Note that using this field is considered alpha-/experimental-level and is on your own risk. You should be aware @@ -1187,6 +1252,7 @@ const ( // KubeProxyConfig contains configuration settings for the kube-proxy. type KubeProxyConfig struct { KubernetesConfig `json:",inline" protobuf:"bytes,1,opt,name=kubernetesConfig"` + // Mode specifies which proxy mode to use. // defaults to IPTables. // +optional @@ -1216,6 +1282,7 @@ const ( // KubeletConfig contains configuration settings for the kubelet. type KubeletConfig struct { KubernetesConfig `json:",inline" protobuf:"bytes,1,opt,name=kubernetesConfig"` + // CPUCFSQuota allows you to disable/enable CPU throttling for Pods. // +optional CPUCFSQuota *bool `json:"cpuCFSQuota,omitempty" protobuf:"varint,2,opt,name=cpuCFSQuota"` @@ -1312,8 +1379,6 @@ type KubeletConfig struct { // +optional RegistryBurst *int32 `json:"registryBurst,omitempty" protobuf:"varint,20,opt,name=registryBurst"` // SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. - // This requires the corresponding SeccompDefault feature gate to be enabled as well. - // This field is only available for Kubernetes v1.25 or later. // +optional SeccompDefault *bool `json:"seccompDefault,omitempty" protobuf:"varint,21,opt,name=seccompDefault"` // A quantity defines the maximum size of the container log file before it is rotated. For example: "5Mi" or "256Ki". @@ -1324,19 +1389,31 @@ type KubeletConfig struct { // +optional ContainerLogMaxFiles *int32 `json:"containerLogMaxFiles,omitempty" protobuf:"bytes,23,opt,name=containerLogMaxFiles"` // ProtectKernelDefaults ensures that the kernel tunables are equal to the kubelet defaults. - // Defaults to true for Kubernetes v1.26 or later. + // Defaults to true. // +optional ProtectKernelDefaults *bool `json:"protectKernelDefaults,omitempty" protobuf:"varint,24,opt,name=protectKernelDefaults"` // StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed. // This field cannot be set lower than "30s" or greater than "4h". - // Default: - // "4h" for Kubernetes < v1.26. - // "5m" for Kubernetes >= v1.26. + // Default: "5m". // +optional StreamingConnectionIdleTimeout *metav1.Duration `json:"streamingConnectionIdleTimeout,omitempty" protobuf:"bytes,25,opt,name=streamingConnectionIdleTimeout"` // MemorySwap configures swap memory available to container workloads. // +optional MemorySwap *MemorySwapConfiguration `json:"memorySwap,omitempty" protobuf:"bytes,26,opt,name=memorySwap"` + // MaxParallelImagePulls describes the maximum number of image pulls in parallel. The value must be a positive number. + // This field cannot be set if SerializeImagePulls (pull one image at a time) is set to true. + // Setting it to nil means no limit. + // Default: nil + // +optional + MaxParallelImagePulls *int32 `json:"maxParallelImagePulls,omitempty" protobuf:"varint,27,opt,name=maxParallelImagePulls"` + // ImageMinimumGCAge is the minimum age of an unused image before it can be garbage collected. + // Default: 2m0s + // +optional + ImageMinimumGCAge *metav1.Duration `json:"imageMinimumGCAge,omitempty" protobuf:"bytes,28,opt,name=imageMinimumGCAge"` + // ImageMaximumGCAge is the maximum age of an unused image before it can be garbage collected. + // Default: 0s + // +optional + ImageMaximumGCAge *metav1.Duration `json:"imageMaximumGCAge,omitempty" protobuf:"bytes,29,opt,name=imageMaximumGCAge"` } // KubeletConfigEviction contains kubelet eviction thresholds supporting either a resource.Quantity or a percentage based value. @@ -1582,10 +1659,14 @@ type Worker struct { Minimum int32 `json:"minimum" protobuf:"varint,9,opt,name=minimum"` // MaxSurge is maximum number of machines that are created during an update. // This value is divided by the number of configured zones for a fair distribution. + // Defaults to 0 in case of an in-place update. + // Defaults to 1 in case of a rolling update. // +optional MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty" protobuf:"bytes,10,opt,name=maxSurge"` // MaxUnavailable is the maximum number of machines that can be unavailable during an update. // This value is divided by the number of configured zones for a fair distribution. + // Defaults to 1 in case of an in-place update. + // Defaults to 0 in case of a rolling update. // +optional MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty" protobuf:"bytes,11,opt,name=maxUnavailable"` // ProviderConfig is the provider-specific configuration for this worker pool. @@ -1622,8 +1703,38 @@ type Worker struct { // Priority (or weight) is the importance by which this worker group will be scaled by cluster autoscaling. // +optional Priority *int32 `json:"priority,omitempty" protobuf:"varint,22,opt,name=priority"` + // UpdateStrategy specifies the machine update strategy for the worker pool. + // +optional + UpdateStrategy *MachineUpdateStrategy `json:"updateStrategy,omitempty" protobuf:"bytes,23,opt,name=updateStrategy,casttype=MachineUpdateStrategy"` + // ControlPlane specifies that the shoot cluster control plane components should be running in this worker pool. + // This is only relevant for autonomous shoot clusters. + // +optional + ControlPlane *WorkerControlPlane `json:"controlPlane,omitempty" protobuf:"bytes,24,opt,name=controlPlane"` } +// WorkerControlPlane specifies that the shoot cluster control plane components should be running in this worker pool. +type WorkerControlPlane struct { + // Backup holds the object store configuration for the backups of shoot (currently only etcd). + // If it is not specified, then there won't be any backups taken. + // +optional + Backup *Backup `json:"backup,omitempty" protobuf:"bytes,1,opt,name=backup"` +} + +// MachineUpdateStrategy specifies the machine update strategy for the worker pool. +type MachineUpdateStrategy string + +const ( + // AutoRollingUpdate represents a machine update strategy where nodes are replaced during the update process. + // This approach involves draining the existing node, deleting it, and creating a new node to replace it. + AutoRollingUpdate MachineUpdateStrategy = "AutoRollingUpdate" + // AutoInPlaceUpdate represents a machine update strategy where updates are applied directly to the existing nodes without replacing them. + // In this approach, nodes are selected automatically by the machine-controller-manager. + AutoInPlaceUpdate MachineUpdateStrategy = "AutoInPlaceUpdate" + // ManualInPlaceUpdate represents a machine update strategy where updates are applied directly to the existing nodes without replacing them. + // In this approach, nodes are selected manually by the user. + ManualInPlaceUpdate MachineUpdateStrategy = "ManualInPlaceUpdate" +) + // ClusterAutoscalerOptions contains the cluster autoscaler configurations for a worker pool. type ClusterAutoscalerOptions struct { // ScaleDownUtilizationThreshold defines the threshold in fraction (0.0 - 1.0) under which a node is being removed. @@ -1660,6 +1771,13 @@ type MachineControllerManagerSettings struct { // NodeConditions are the set of conditions if set to true for the period of MachineHealthTimeout, machine will be declared failed. // +optional NodeConditions []string `json:"nodeConditions,omitempty" protobuf:"bytes,5,name=nodeConditions"` + // MachineInPlaceUpdateTimeout is the timeout after which in-place update is declared failed. + // +optional + MachineInPlaceUpdateTimeout *metav1.Duration `json:"inPlaceUpdateTimeout,omitempty" protobuf:"bytes,6,opt,name=inPlaceUpdateTimeout"` + // DisableHealthTimeout if set to true, health timeout will be ignored. Leading to machine never being declared failed. + // This is intended to be used only for in-place updates. + // +optional + DisableHealthTimeout *bool `json:"disableHealthTimeout,omitempty" protobuf:"varint,7,opt,name=disableHealthTimeout"` } // WorkerSystemComponents contains configuration for system components related to this worker pool @@ -1782,8 +1900,12 @@ type SSHAccess struct { var ( // DefaultWorkerMaxSurge is the default value for Worker MaxSurge. DefaultWorkerMaxSurge = intstr.FromInt32(1) + // DefaultInPlaceWorkerMaxSurge is the default value for In-Place Worker MaxSurge. + DefaultInPlaceWorkerMaxSurge = intstr.FromInt32(0) // DefaultWorkerMaxUnavailable is the default value for Worker MaxUnavailable. DefaultWorkerMaxUnavailable = intstr.FromInt32(0) + // DefaultInPlaceWorkerMaxUnavailable is the default value for In-Place Worker MaxUnavailable. + DefaultInPlaceWorkerMaxUnavailable = intstr.FromInt32(1) // DefaultWorkerSystemComponentsAllow is the default value for Worker AllowSystemComponents DefaultWorkerSystemComponentsAllow = true ) @@ -1889,8 +2011,13 @@ const ( // ShootCRDsWithProblematicConversionWebhooks is a constant for a condition type indicating that the Shoot cluster has // CRDs with conversion webhooks and multiple stored versions which can break the reconciliation flow of the cluster. ShootCRDsWithProblematicConversionWebhooks ConditionType = "CRDsWithProblematicConversionWebhooks" + // ShootManualInPlaceWorkersUpdated is a constant for a condition type indicating that the Shoot cluster does not have + // any worker pools with update strategy "ManualInPlaceUpdate" and pending update. + ShootManualInPlaceWorkersUpdated ConditionType = "ManualInPlaceWorkersUpdated" // ShootReadyForMigration is a constant for a condition type indicating whether the Shoot can be migrated. ShootReadyForMigration ConditionType = "ReadyForMigration" + // ShootDualStackNodesMigrationReady is a constant for a condition type indicating whether all nodes are migrated to dual-stack . + ShootDualStackNodesMigrationReady ConditionType = "DualStackNodesMigrationReady" ) // ShootPurpose is a type alias for string. diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_shootstate.go b/api/external/gardener/pkg/apis/core/v1beta1/types_shootstate.go index f5c1152..47c6d09 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_shootstate.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_shootstate.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -19,6 +19,7 @@ type ShootState struct { // Standard object metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Specification of the ShootState. // +optional Spec ShootStateSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` @@ -32,6 +33,7 @@ type ShootStateList struct { // Standard list object metadata. // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // Items is the list of ShootStates. Items []ShootState `json:"items" protobuf:"bytes,2,rep,name=items"` } @@ -86,6 +88,7 @@ type ExtensionResourceState struct { // ResourceData holds the data of a resource referred to by an extension controller state. type ResourceData struct { autoscalingv1.CrossVersionObjectReference `json:",inline" protobuf:"bytes,1,opt,name=ref"` + // Data of the resource Data runtime.RawExtension `json:"data" protobuf:"bytes,2,opt,name=data"` } diff --git a/api/external/gardener/pkg/apis/core/v1beta1/types_utils.go b/api/external/gardener/pkg/apis/core/v1beta1/types_utils.go index fa1b4d3..99f43a5 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/types_utils.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/types_utils.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 diff --git a/api/external/gardener/pkg/apis/core/v1beta1/zz_generated.deepcopy.go b/api/external/gardener/pkg/apis/core/v1beta1/zz_generated.deepcopy.go index c4fd64a..651a722 100644 --- a/api/external/gardener/pkg/apis/core/v1beta1/zz_generated.deepcopy.go +++ b/api/external/gardener/pkg/apis/core/v1beta1/zz_generated.deepcopy.go @@ -288,6 +288,37 @@ func (in *AvailabilityZone) DeepCopy() *AvailabilityZone { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Backup) DeepCopyInto(out *Backup) { + *out = *in + if in.ProviderConfig != nil { + in, out := &in.ProviderConfig, &out.ProviderConfig + *out = new(runtime.RawExtension) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.CredentialsRef != nil { + in, out := &in.CredentialsRef, &out.CredentialsRef + *out = new(v1.ObjectReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backup. +func (in *Backup) DeepCopy() *Backup { + if in == nil { + return nil + } + out := new(Backup) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackupBucket) DeepCopyInto(out *BackupBucket) { *out = *in @@ -374,12 +405,16 @@ func (in *BackupBucketSpec) DeepCopyInto(out *BackupBucketSpec) { *out = new(runtime.RawExtension) (*in).DeepCopyInto(*out) } - out.SecretRef = in.SecretRef if in.SeedName != nil { in, out := &in.SeedName, &out.SeedName *out = new(string) **out = **in } + if in.CredentialsRef != nil { + in, out := &in.CredentialsRef, &out.CredentialsRef + *out = new(v1.ObjectReference) + **out = **in + } return } @@ -671,6 +706,108 @@ func (in *CRI) DeepCopy() *CRI { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in Capabilities) DeepCopyInto(out *Capabilities) { + { + in := &in + *out = make(Capabilities, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(CapabilityValues, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Capabilities. +func (in Capabilities) DeepCopy() Capabilities { + if in == nil { + return nil + } + out := new(Capabilities) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CapabilityDefinition) DeepCopyInto(out *CapabilityDefinition) { + *out = *in + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make(CapabilityValues, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilityDefinition. +func (in *CapabilityDefinition) DeepCopy() *CapabilityDefinition { + if in == nil { + return nil + } + out := new(CapabilityDefinition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CapabilitySet) DeepCopyInto(out *CapabilitySet) { + *out = *in + if in.Capabilities != nil { + in, out := &in.Capabilities, &out.Capabilities + *out = make(Capabilities, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(CapabilityValues, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilitySet. +func (in *CapabilitySet) DeepCopy() *CapabilitySet { + if in == nil { + return nil + } + out := new(CapabilitySet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in CapabilityValues) DeepCopyInto(out *CapabilityValues) { + { + in := &in + *out = make(CapabilityValues, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilityValues. +func (in CapabilityValues) DeepCopy() CapabilityValues { + if in == nil { + return nil + } + out := new(CapabilityValues) + in.DeepCopyInto(out) + return *out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudProfile) DeepCopyInto(out *CloudProfile) { *out = *in @@ -799,6 +936,18 @@ func (in *CloudProfileSpec) DeepCopyInto(out *CloudProfileSpec) { *out = new(Bastion) (*in).DeepCopyInto(*out) } + if in.Limits != nil { + in, out := &in.Limits, &out.Limits + *out = new(Limits) + (*in).DeepCopyInto(*out) + } + if in.Capabilities != nil { + in, out := &in.Capabilities, &out.Capabilities + *out = make([]CapabilityDefinition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -895,6 +1044,16 @@ func (in *ClusterAutoscaler) DeepCopyInto(out *ClusterAutoscaler) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.MaxScaleDownParallelism != nil { + in, out := &in.MaxScaleDownParallelism, &out.MaxScaleDownParallelism + *out = new(int32) + **out = **in + } + if in.MaxDrainParallelism != nil { + in, out := &in.MaxDrainParallelism, &out.MaxDrainParallelism + *out = new(int32) + **out = **in + } return } @@ -1014,12 +1173,40 @@ func (in *ControlPlane) DeepCopy() *ControlPlane { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControlPlaneAutoscaling) DeepCopyInto(out *ControlPlaneAutoscaling) { + *out = *in + if in.MinAllowed != nil { + in, out := &in.MinAllowed, &out.MinAllowed + *out = make(v1.ResourceList, len(*in)) + for key, val := range *in { + (*out)[key] = val.DeepCopy() + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneAutoscaling. +func (in *ControlPlaneAutoscaling) DeepCopy() *ControlPlaneAutoscaling { + if in == nil { + return nil + } + out := new(ControlPlaneAutoscaling) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ControllerDeployment) DeepCopyInto(out *ControllerDeployment) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.ProviderConfig.DeepCopyInto(&out.ProviderConfig) + if in.InjectGardenKubeconfig != nil { + in, out := &in.InjectGardenKubeconfig, &out.InjectGardenKubeconfig + *out = new(bool) + **out = **in + } return } @@ -1308,11 +1495,6 @@ func (in *ControllerRegistrationSpec) DeepCopy() *ControllerRegistrationSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ControllerResource) DeepCopyInto(out *ControllerResource) { *out = *in - if in.GloballyEnabled != nil { - in, out := &in.GloballyEnabled, &out.GloballyEnabled - *out = new(bool) - **out = **in - } if in.ReconcileTimeout != nil { in, out := &in.ReconcileTimeout, &out.ReconcileTimeout *out = new(metav1.Duration) @@ -1333,6 +1515,16 @@ func (in *ControllerResource) DeepCopyInto(out *ControllerResource) { *out = new(bool) **out = **in } + if in.AutoEnable != nil { + in, out := &in.AutoEnable, &out.AutoEnable + *out = make([]ClusterType, len(*in)) + copy(*out, *in) + } + if in.ClusterCompatibility != nil { + in, out := &in.ClusterCompatibility, &out.ClusterCompatibility + *out = make([]ClusterType, len(*in)) + copy(*out, *in) + } return } @@ -1599,6 +1791,53 @@ func (in *DualApprovalForDeletion) DeepCopy() *DualApprovalForDeletion { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ETCD) DeepCopyInto(out *ETCD) { + *out = *in + if in.Main != nil { + in, out := &in.Main, &out.Main + *out = new(ETCDConfig) + (*in).DeepCopyInto(*out) + } + if in.Events != nil { + in, out := &in.Events, &out.Events + *out = new(ETCDConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ETCD. +func (in *ETCD) DeepCopy() *ETCD { + if in == nil { + return nil + } + out := new(ETCD) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ETCDConfig) DeepCopyInto(out *ETCDConfig) { + *out = *in + if in.Autoscaling != nil { + in, out := &in.Autoscaling, &out.Autoscaling + *out = new(ControlPlaneAutoscaling) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ETCDConfig. +func (in *ETCDConfig) DeepCopy() *ETCDConfig { + if in == nil { + return nil + } + out := new(ETCDConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ETCDEncryptionKeyRotation) DeepCopyInto(out *ETCDEncryptionKeyRotation) { *out = *in @@ -2035,6 +2274,48 @@ func (in *HorizontalPodAutoscalerConfig) DeepCopy() *HorizontalPodAutoscalerConf return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InPlaceUpdates) DeepCopyInto(out *InPlaceUpdates) { + *out = *in + if in.MinVersionForUpdate != nil { + in, out := &in.MinVersionForUpdate, &out.MinVersionForUpdate + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InPlaceUpdates. +func (in *InPlaceUpdates) DeepCopy() *InPlaceUpdates { + if in == nil { + return nil + } + out := new(InPlaceUpdates) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InPlaceUpdatesStatus) DeepCopyInto(out *InPlaceUpdatesStatus) { + *out = *in + if in.PendingWorkerUpdates != nil { + in, out := &in.PendingWorkerUpdates, &out.PendingWorkerUpdates + *out = new(PendingWorkerUpdates) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InPlaceUpdatesStatus. +func (in *InPlaceUpdatesStatus) DeepCopy() *InPlaceUpdatesStatus { + if in == nil { + return nil + } + out := new(InPlaceUpdatesStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Ingress) DeepCopyInto(out *Ingress) { *out = *in @@ -2247,6 +2528,11 @@ func (in *KubeAPIServerConfig) DeepCopyInto(out *KubeAPIServerConfig) { *out = new(StructuredAuthorization) (*in).DeepCopyInto(*out) } + if in.Autoscaling != nil { + in, out := &in.Autoscaling, &out.Autoscaling + *out = new(ControlPlaneAutoscaling) + (*in).DeepCopyInto(*out) + } return } @@ -2475,6 +2761,21 @@ func (in *KubeletConfig) DeepCopyInto(out *KubeletConfig) { *out = new(MemorySwapConfiguration) (*in).DeepCopyInto(*out) } + if in.MaxParallelImagePulls != nil { + in, out := &in.MaxParallelImagePulls, &out.MaxParallelImagePulls + *out = new(int32) + **out = **in + } + if in.ImageMinimumGCAge != nil { + in, out := &in.ImageMinimumGCAge, &out.ImageMinimumGCAge + *out = new(metav1.Duration) + **out = **in + } + if in.ImageMaximumGCAge != nil { + in, out := &in.ImageMaximumGCAge, &out.ImageMaximumGCAge + *out = new(metav1.Duration) + **out = **in + } return } @@ -2685,10 +2986,10 @@ func (in *Kubernetes) DeepCopyInto(out *Kubernetes) { *out = new(VerticalPodAutoscaler) (*in).DeepCopyInto(*out) } - if in.EnableStaticTokenKubeconfig != nil { - in, out := &in.EnableStaticTokenKubeconfig, &out.EnableStaticTokenKubeconfig - *out = new(bool) - **out = **in + if in.ETCD != nil { + in, out := &in.ETCD, &out.ETCD + *out = new(ETCD) + (*in).DeepCopyInto(*out) } return } @@ -2840,6 +3141,27 @@ func (in *LastOperation) DeepCopy() *LastOperation { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Limits) DeepCopyInto(out *Limits) { + *out = *in + if in.MaxNodesTotal != nil { + in, out := &in.MaxNodesTotal, &out.MaxNodesTotal + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limits. +func (in *Limits) DeepCopy() *Limits { + if in == nil { + return nil + } + out := new(Limits) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LoadBalancerServicesProxyProtocol) DeepCopyInto(out *LoadBalancerServicesProxyProtocol) { *out = *in @@ -2910,6 +3232,16 @@ func (in *MachineControllerManagerSettings) DeepCopyInto(out *MachineControllerM *out = make([]string, len(*in)) copy(*out, *in) } + if in.MachineInPlaceUpdateTimeout != nil { + in, out := &in.MachineInPlaceUpdateTimeout, &out.MachineInPlaceUpdateTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.DisableHealthTimeout != nil { + in, out := &in.DisableHealthTimeout, &out.DisableHealthTimeout + *out = new(bool) + **out = **in + } return } @@ -2972,6 +3304,18 @@ func (in *MachineImageVersion) DeepCopyInto(out *MachineImageVersion) { *out = new(string) **out = **in } + if in.InPlaceUpdates != nil { + in, out := &in.InPlaceUpdates, &out.InPlaceUpdates + *out = new(InPlaceUpdates) + (*in).DeepCopyInto(*out) + } + if in.CapabilitySets != nil { + in, out := &in.CapabilitySets, &out.CapabilitySets + *out = make([]CapabilitySet, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -3006,6 +3350,21 @@ func (in *MachineType) DeepCopyInto(out *MachineType) { *out = new(string) **out = **in } + if in.Capabilities != nil { + in, out := &in.Capabilities, &out.Capabilities + *out = make(Capabilities, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(CapabilityValues, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } return } @@ -3273,6 +3632,11 @@ func (in *NamespacedCloudProfileSpec) DeepCopyInto(out *NamespacedCloudProfileSp *out = new(runtime.RawExtension) (*in).DeepCopyInto(*out) } + if in.Limits != nil { + in, out := &in.Limits, &out.Limits + *out = new(Limits) + (*in).DeepCopyInto(*out) + } return } @@ -3473,6 +3837,11 @@ func (in *OCIRepository) DeepCopyInto(out *OCIRepository) { *out = new(string) **out = **in } + if in.PullSecretRef != nil { + in, out := &in.PullSecretRef, &out.PullSecretRef + *out = new(v1.LocalObjectReference) + **out = **in + } return } @@ -3606,6 +3975,32 @@ func (in *OpenIDConnectClientAuthentication) DeepCopy() *OpenIDConnectClientAuth return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PendingWorkerUpdates) DeepCopyInto(out *PendingWorkerUpdates) { + *out = *in + if in.AutoInPlaceUpdate != nil { + in, out := &in.AutoInPlaceUpdate, &out.AutoInPlaceUpdate + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ManualInPlaceUpdate != nil { + in, out := &in.ManualInPlaceUpdate, &out.ManualInPlaceUpdate + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PendingWorkerUpdates. +func (in *PendingWorkerUpdates) DeepCopy() *PendingWorkerUpdates { + if in == nil { + return nil + } + out := new(PendingWorkerUpdates) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PendingWorkersRollout) DeepCopyInto(out *PendingWorkersRollout) { *out = *in @@ -4158,33 +4553,6 @@ func (in *Seed) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SeedBackup) DeepCopyInto(out *SeedBackup) { - *out = *in - if in.ProviderConfig != nil { - in, out := &in.ProviderConfig, &out.ProviderConfig - *out = new(runtime.RawExtension) - (*in).DeepCopyInto(*out) - } - if in.Region != nil { - in, out := &in.Region, &out.Region - *out = new(string) - **out = **in - } - out.SecretRef = in.SecretRef - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SeedBackup. -func (in *SeedBackup) DeepCopy() *SeedBackup { - if in == nil { - return nil - } - out := new(SeedBackup) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SeedDNS) DeepCopyInto(out *SeedDNS) { *out = *in @@ -4571,6 +4939,13 @@ func (in *SeedSettingTopologyAwareRouting) DeepCopy() *SeedSettingTopologyAwareR // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SeedSettingVerticalPodAutoscaler) DeepCopyInto(out *SeedSettingVerticalPodAutoscaler) { *out = *in + if in.FeatureGates != nil { + in, out := &in.FeatureGates, &out.FeatureGates + *out = make(map[string]bool, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } return } @@ -4605,7 +4980,7 @@ func (in *SeedSettings) DeepCopyInto(out *SeedSettings) { if in.VerticalPodAutoscaler != nil { in, out := &in.VerticalPodAutoscaler, &out.VerticalPodAutoscaler *out = new(SeedSettingVerticalPodAutoscaler) - **out = **in + (*in).DeepCopyInto(*out) } if in.DependencyWatchdog != nil { in, out := &in.DependencyWatchdog, &out.DependencyWatchdog @@ -4635,7 +5010,7 @@ func (in *SeedSpec) DeepCopyInto(out *SeedSpec) { *out = *in if in.Backup != nil { in, out := &in.Backup, &out.Backup - *out = new(SeedBackup) + *out = new(Backup) (*in).DeepCopyInto(*out) } in.DNS.DeepCopyInto(&out.DNS) @@ -4668,6 +5043,18 @@ func (in *SeedSpec) DeepCopyInto(out *SeedSpec) { *out = make([]AccessRestriction, len(*in)) copy(*out, *in) } + if in.Extensions != nil { + in, out := &in.Extensions, &out.Extensions + *out = make([]Extension, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]NamedResourceReference, len(*in)) + copy(*out, *in) + } return } @@ -5445,6 +5832,11 @@ func (in *ShootStatus) DeepCopyInto(out *ShootStatus) { *out = new(NetworkingStatus) (*in).DeepCopyInto(*out) } + if in.InPlaceUpdates != nil { + in, out := &in.InPlaceUpdates, &out.InPlaceUpdates + *out = new(InPlaceUpdatesStatus) + (*in).DeepCopyInto(*out) + } return } @@ -5648,6 +6040,13 @@ func (in *VerticalPodAutoscaler) DeepCopyInto(out *VerticalPodAutoscaler) { *out = new(int64) **out = **in } + if in.FeatureGates != nil { + in, out := &in.FeatureGates, &out.FeatureGates + *out = make(map[string]bool, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } return } @@ -5850,6 +6249,16 @@ func (in *Worker) DeepCopyInto(out *Worker) { *out = new(int32) **out = **in } + if in.UpdateStrategy != nil { + in, out := &in.UpdateStrategy, &out.UpdateStrategy + *out = new(MachineUpdateStrategy) + **out = **in + } + if in.ControlPlane != nil { + in, out := &in.ControlPlane, &out.ControlPlane + *out = new(WorkerControlPlane) + (*in).DeepCopyInto(*out) + } return } @@ -5863,6 +6272,27 @@ func (in *Worker) DeepCopy() *Worker { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WorkerControlPlane) DeepCopyInto(out *WorkerControlPlane) { + *out = *in + if in.Backup != nil { + in, out := &in.Backup, &out.Backup + *out = new(Backup) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkerControlPlane. +func (in *WorkerControlPlane) DeepCopy() *WorkerControlPlane { + if in == nil { + return nil + } + out := new(WorkerControlPlane) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkerKubernetes) DeepCopyInto(out *WorkerKubernetes) { *out = *in diff --git a/api/external/gardener/pkg/apis/extensions/register.go b/api/external/gardener/pkg/apis/extensions/register.go index 6d0ee5c..91044da 100644 --- a/api/external/gardener/pkg/apis/extensions/register.go +++ b/api/external/gardener/pkg/apis/extensions/register.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/register.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/register.go index b24f76f..49dc421 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/register.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/register.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types.go index eefbfca..980f3d2 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -7,10 +7,26 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/sets" gardencorev1beta1 "github.com/openmcp-project/mcp-operator/api/external/gardener/pkg/apis/core/v1beta1" ) +// AllExtensionKinds contains all supported extension kinds. +var AllExtensionKinds = sets.New( + BackupBucketResource, + BackupEntryResource, + BastionResource, + ContainerRuntimeResource, + ControlPlaneResource, + DNSRecordResource, + ExtensionResource, + InfrastructureResource, + NetworkResource, + OperatingSystemConfigResource, + WorkerResource, +) + // Status is the status of an Object. type Status interface { // GetProviderStatus retrieves the provider status. diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_backupbucket.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_backupbucket.go index 3595fa7..112f6ac 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_backupbucket.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_backupbucket.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -29,6 +29,7 @@ type BackupBucket struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the BackupBucket. // If the object's deletion timestamp is set, this field is immutable. Spec BackupBucketSpec `json:"spec"` @@ -62,6 +63,7 @@ type BackupBucketList struct { type BackupBucketSpec struct { // DefaultSpec is a structure containing common fields used by all extension resources. DefaultSpec `json:",inline"` + // Region is the region of this bucket. This field is immutable. Region string `json:"region"` // SecretRef is a reference to a secret that contains the credentials to access object store. @@ -72,6 +74,7 @@ type BackupBucketSpec struct { type BackupBucketStatus struct { // DefaultStatus is a structure containing common fields used by all extension resources. DefaultStatus `json:",inline"` + // GeneratedSecretRef is reference to the secret generated by backup bucket, which // will have object store specific credentials. // +optional diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_backupentry.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_backupentry.go index bed09ff..e9bf231 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_backupentry.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_backupentry.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -31,6 +31,7 @@ type BackupEntry struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the BackupEntry. // If the object's deletion timestamp is set, this field is immutable. Spec BackupEntrySpec `json:"spec"` @@ -64,6 +65,7 @@ type BackupEntryList struct { type BackupEntrySpec struct { // DefaultSpec is a structure containing common fields used by all extension resources. DefaultSpec `json:",inline"` + // BackupBucketProviderStatus contains the provider status that has // been generated by the controller responsible for the `BackupBucket` resource. // +kubebuilder:validation:XPreserveUnknownFields diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_bastion.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_bastion.go index ed0c32d..239a718 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_bastion.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_bastion.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -29,6 +29,7 @@ type Bastion struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty"` + // Spec is the specification of this Bastion. // If the object's deletion timestamp is set, this field is immutable. Spec BastionSpec `json:"spec"` @@ -51,6 +52,7 @@ func (b *Bastion) GetExtensionStatus() Status { type BastionSpec struct { // DefaultSpec is a structure containing common fields used by all extension resources. DefaultSpec `json:",inline"` + // UserData is the base64-encoded user data for the bastion instance. This should // contain code to provision the SSH key on the bastion instance. // This field is immutable. @@ -69,6 +71,7 @@ type BastionIngressPolicy struct { type BastionStatus struct { // DefaultStatus is a structure containing common fields used by all extension resources. DefaultStatus `json:",inline"` + // Ingress is the external IP and/or hostname of the bastion host. // +optional Ingress *corev1.LoadBalancerIngress `json:"ingress,omitempty"` @@ -81,6 +84,7 @@ type BastionList struct { metav1.TypeMeta // Standard list object metadata. metav1.ListMeta + // Items is the list of Bastions. Items []Bastion } diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_cluster.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_cluster.go index 639a439..c00c122 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_cluster.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_cluster.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_containerruntime.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_containerruntime.go index 840c59b..dcd394f 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_containerruntime.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_containerruntime.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -32,6 +32,7 @@ type ContainerRuntime struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the ContainerRuntime. // If the object's deletion timestamp is set, this field is immutable. Spec ContainerRuntimeSpec `json:"spec"` @@ -62,13 +63,14 @@ type ContainerRuntimeList struct { // ContainerRuntimeSpec is the spec for a ContainerRuntime resource. type ContainerRuntimeSpec struct { + // DefaultSpec is a structure containing common fields used by all extension resources. + DefaultSpec `json:",inline"` + // BinaryPath is the Worker's machine path where container runtime extensions should copy the binaries to. BinaryPath string `json:"binaryPath"` // WorkerPool identifies the worker pool of the Shoot. // For each worker pool and type, Gardener deploys a ContainerRuntime CRD. WorkerPool ContainerRuntimeWorkerPool `json:"workerPool"` - // DefaultSpec is a structure containing common fields used by all extension resources. - DefaultSpec `json:",inline"` } // ContainerRuntimeWorkerPool identifies a Shoot worker pool by its name and selector. diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_controlplane.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_controlplane.go index b94be4c..02f2d95 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_controlplane.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_controlplane.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -20,7 +20,6 @@ const ControlPlaneResource = "ControlPlane" // +kubebuilder:resource:scope=Namespaced,path=controlplanes,shortName=cp,singular=controlplane // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name=Type,JSONPath=".spec.type",type=string,description="The control plane type." -// +kubebuilder:printcolumn:name=Purpose,JSONPath=".spec.purpose",type=string,description="Purpose of control plane resource." // +kubebuilder:printcolumn:name=Status,JSONPath=".status.lastOperation.state",type=string,description="Status of control plane resource." // +kubebuilder:printcolumn:name=Age,JSONPath=".metadata.creationTimestamp",type=date,description="creation timestamp" @@ -28,6 +27,7 @@ const ControlPlaneResource = "ControlPlane" type ControlPlane struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the ControlPlane. // If the object's deletion timestamp is set, this field is immutable. Spec ControlPlaneSpec `json:"spec"` @@ -45,11 +45,6 @@ func (i *ControlPlane) GetExtensionStatus() Status { return &i.Status } -// GetExtensionPurpose implements Object. -func (i *ControlPlaneSpec) GetExtensionPurpose() *string { - return (*string)(i.Purpose) -} - // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ControlPlaneList is a list of ControlPlane resources. @@ -65,10 +60,7 @@ type ControlPlaneList struct { type ControlPlaneSpec struct { // DefaultSpec is a structure containing common fields used by all extension resources. DefaultSpec `json:",inline"` - // Purpose contains the data if a cloud provider needs additional components in order to expose the control plane. - // This field is immutable. - // +optional - Purpose *Purpose `json:"purpose,omitempty"` + // InfrastructureProviderStatus contains the provider status that has // been generated by the controller responsible for the `Infrastructure` resource. // +kubebuilder:validation:XPreserveUnknownFields @@ -86,13 +78,3 @@ type ControlPlaneStatus struct { // DefaultStatus is a structure containing common fields used by all extension resources. DefaultStatus `json:",inline"` } - -// Purpose is a string alias. -type Purpose string - -const ( - // Normal triggers the ControlPlane controllers for the shoot provider. - Normal Purpose = "normal" - // Exposure triggers the ControlPlane controllers for the exposure settings. - Exposure Purpose = "exposure" -) diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_defaults.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_defaults.go index 23288a3..54859f2 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_defaults.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_defaults.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -29,10 +29,13 @@ type DefaultSpec struct { type ExtensionClass string const ( - // ExtensionClassShoot is the extension class responsible for shoot clusters. - ExtensionClassShoot ExtensionClass = "shoot" // ExtensionClassGarden is the extension class responsible for the garden cluster. ExtensionClassGarden ExtensionClass = "garden" + // ExtensionClassSeed is the extension class responsible for seed clusters. + ExtensionClassSeed ExtensionClass = "seed" + // ExtensionClassShoot is the extension class responsible for shoot clusters. + // For backwards compatibility, this class must be treated as the default value if non is provided. + ExtensionClassShoot ExtensionClass = "shoot" ) // GetExtensionType implements Spec. diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_dnsrecord.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_dnsrecord.go index 7266aee..1e870b1 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_dnsrecord.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_dnsrecord.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -28,6 +28,7 @@ const DNSRecordResource = "DNSRecord" type DNSRecord struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the DNSRecord. // If the object's deletion timestamp is set, this field is immutable. Spec DNSRecordSpec `json:"spec"` @@ -60,6 +61,7 @@ type DNSRecordList struct { type DNSRecordSpec struct { // DefaultSpec is a structure containing common fields used by all extension resources. DefaultSpec `json:",inline"` + // SecretRef is a reference to a secret that contains the cloud provider specific credentials. SecretRef corev1.SecretReference `json:"secretRef"` // Region is the region of this DNS record. If not specified, the region specified in SecretRef will be used. @@ -85,6 +87,7 @@ type DNSRecordSpec struct { type DNSRecordStatus struct { // DefaultStatus is a structure containing common fields used by all extension resources. DefaultStatus `json:",inline"` + // Zone is the DNS hosted zone of this DNS record. // +optional Zone *string `json:"zone,omitempty"` diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_extension.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_extension.go index a8c5364..1d503f2 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_extension.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_extension.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -26,6 +26,7 @@ type Extension struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the Extension. // If the object's deletion timestamp is set, this field is immutable. Spec ExtensionSpec `json:"spec"` diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_infrastructure.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_infrastructure.go index c515d71..b7e3448 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_infrastructure.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_infrastructure.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -28,6 +28,7 @@ type Infrastructure struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the Infrastructure. // If the object's deletion timestamp is set, this field is immutable. Spec InfrastructureSpec `json:"spec"` @@ -61,6 +62,7 @@ type InfrastructureList struct { type InfrastructureSpec struct { // DefaultSpec is a structure containing common fields used by all extension resources. DefaultSpec `json:",inline"` + // Region is the region of this infrastructure. This field is immutable. Region string `json:"region"` // SecretRef is a reference to a secret that contains the cloud provider credentials. @@ -74,6 +76,7 @@ type InfrastructureSpec struct { type InfrastructureStatus struct { // DefaultStatus is a structure containing common fields used by all extension resources. DefaultStatus `json:",inline"` + // NodesCIDR is the CIDR of the node network that was optionally created by the acting extension controller. // This might be needed in environments in which the CIDR for the network for the shoot worker node cannot // be statically defined in the Shoot resource but must be computed dynamically. diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_network.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_network.go index e162dcb..5e23647 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_network.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_network.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -28,6 +28,7 @@ type Network struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the Network. // If the object's deletion timestamp is set, this field is immutable. Spec NetworkSpec `json:"spec"` @@ -61,11 +62,12 @@ type NetworkList struct { type NetworkSpec struct { // DefaultSpec is a structure containing common fields used by all extension resources. DefaultSpec `json:",inline"` + // PodCIDR defines the CIDR that will be used for pods. This field is immutable. PodCIDR string `json:"podCIDR"` // ServiceCIDR defines the CIDR that will be used for services. This field is immutable. ServiceCIDR string `json:"serviceCIDR"` - // IPFamilies specifies the IP protocol versions to use for shoot networking. This field is immutable. + // IPFamilies specifies the IP protocol versions to use for shoot networking. // See https://github.com/gardener/gardener/blob/master/docs/development/ipv6.md // +optional IPFamilies []IPFamily `json:"ipFamilies,omitempty"` @@ -75,6 +77,11 @@ type NetworkSpec struct { type NetworkStatus struct { // DefaultStatus is a structure containing common fields used by all extension resources. DefaultStatus `json:",inline"` + + // IPFamilies specifies the IP protocol versions that actually are used for shoot networking. + // During dual-stack migration, this field may differ from the spec. + // +optional + IPFamilies []IPFamily `json:"ipFamilies,omitempty"` } // GetExtensionType returns the type of this Network resource. diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go index fd0ceca..f983e8b 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_operatingsystemconfig.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -29,6 +29,7 @@ type OperatingSystemConfig struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the OperatingSystemConfig. // If the object's deletion timestamp is set, this field is immutable. Spec OperatingSystemConfigSpec `json:"spec"` @@ -65,11 +66,12 @@ type OperatingSystemConfigList struct { // OperatingSystemConfigSpec is the spec for a OperatingSystemConfig resource. type OperatingSystemConfigSpec struct { + // DefaultSpec is a structure containing common fields used by all extension resources. + DefaultSpec `json:",inline"` + // CRI config is a structure contains configurations of the CRI library // +optional CRIConfig *CRIConfig `json:"criConfig,omitempty"` - // DefaultSpec is a structure containing common fields used by all extension resources. - DefaultSpec `json:",inline"` // Purpose describes how the result of this OperatingSystemConfig is used by Gardener. Either it // gets sent to the `Worker` extension controller to bootstrap a VM, or it is downloaded by the // gardener-node-agent already running on a bootstrapped VM. @@ -85,6 +87,9 @@ type OperatingSystemConfigSpec struct { // +patchStrategy=merge // +optional Files []File `json:"files,omitempty" patchStrategy:"merge" patchMergeKey:"path"` + // InPlaceUpdates contains the configuration for in-place updates. + // +optional + InPlaceUpdates *InPlaceUpdates `json:"inPlaceUpdates,omitempty"` } // Unit is a unit for the operating system configuration (usually, a systemd unit). @@ -188,6 +193,7 @@ type FileContentImageRef struct { type OperatingSystemConfigStatus struct { // DefaultStatus is a structure containing common fields used by all extension resources. DefaultStatus `json:",inline"` + // ExtensionUnits is a list of additional systemd units provided by the extension. // +patchMergeKey=name // +patchStrategy=merge @@ -203,6 +209,9 @@ type OperatingSystemConfigStatus struct { // After Gardener v1.112, this will be only set for OperatingSystemConfigs with purpose 'provision'. // +optional CloudConfig *CloudConfig `json:"cloudConfig,omitempty"` + // InPlaceUpdates contains the configuration for in-place updates. + // +optional + InPlaceUpdates *InPlaceUpdatesStatus `json:"inPlaceUpdates,omitempty"` } // CloudConfig contains the generated output for the given operating system @@ -350,3 +359,54 @@ const ( // B64FileCodecID is the base64 file codec id. B64FileCodecID FileCodecID = "b64" ) + +// InPlaceUpdates is a structure containing configuration for in-place updates. +type InPlaceUpdates struct { + // OperatingSystemVersion is the version of the operating system. + OperatingSystemVersion string `json:"operatingSystemVersion"` + // KubeletVersion is the version of the kubelet. + KubeletVersion string `json:"kubelet"` + // CredentialsRotation is a structure containing information about the last initiation time of the certificate authority and service account key rotation. + // +optional + CredentialsRotation *CredentialsRotation `json:"credentialsRotation,omitempty"` +} + +// InPlaceUpdatesStatus is a structure containing configuration for in-place updates. +type InPlaceUpdatesStatus struct { + // OSUpdate defines the configuration for the operating system update. + // +optional + OSUpdate *OSUpdate `json:"osUpdate,omitempty"` +} + +// OSUpdate contains the configuration for the operating system update. +type OSUpdate struct { + // Command defines the command responsible for performing machine image updates. + Command string `json:"command"` + // Args provides a mechanism to pass additional arguments or flags to the Command. + // +optional + Args []string `json:"args,omitempty"` +} + +// CredentialsRotation is a structure containing information about the last initiation time of the certificate authority and service account key rotation. +type CredentialsRotation struct { + // CertificateAuthorities contains information about the certificate authority credential rotation. + // +optional + CertificateAuthorities *CARotation `json:"certificateAuthorities,omitempty"` + // ServiceAccountKey contains information about the service account key credential rotation. + // +optional + ServiceAccountKey *ServiceAccountKeyRotation `json:"serviceAccountKey,omitempty"` +} + +// CARotation contains information about the certificate authority credential rotation. +type CARotation struct { + // LastInitiationTime is the most recent time when the certificate authority credential rotation was initiated. + // +optional + LastInitiationTime *metav1.Time `json:"lastInitiationTime,omitempty"` +} + +// ServiceAccountKeyRotation contains information about the service account key credential rotation. +type ServiceAccountKeyRotation struct { + // LastInitiationTime is the most recent time when the service account key credential rotation was initiated. + // +optional + LastInitiationTime *metav1.Time `json:"lastInitiationTime,omitempty"` +} diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_worker.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_worker.go index 891bd32..a55dd44 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/types_worker.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/types_worker.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors // // SPDX-License-Identifier: Apache-2.0 @@ -45,6 +45,7 @@ type Worker struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the Worker. // If the object's deletion timestamp is set, this field is immutable. Spec WorkerSpec `json:"spec"` @@ -155,7 +156,10 @@ type WorkerPool struct { // KubernetesVersion is the kubernetes version in this worker pool // +optional KubernetesVersion *string `json:"kubernetesVersion,omitempty"` - // NodeTemplate contains resource information of the machine which is used by Cluster Autoscaler to generate nodeTemplate during scaling a nodeGroup from zero + // KubeletConfig contains the kubelet configuration for the worker pool. + // +optional + KubeletConfig *gardencorev1beta1.KubeletConfig `json:"kubeletConfig,omitempty"` + // NodeTemplate contains resource information of the machine which is used by Cluster Autoscaler to generate nodeTemplate during scaling a nodeGroup // +optional NodeTemplate *NodeTemplate `json:"nodeTemplate,omitempty"` // Architecture is the CPU architecture of the worker pool machines and machine image. @@ -167,6 +171,9 @@ type WorkerPool struct { // Priority (or weight) is the importance by which this worker pool will be scaled by cluster autoscaling. // +optional Priority *int32 `json:"priority,omitempty"` + // UpdateStrategy specifies the machine update strategy for the worker pool. + // +optional + UpdateStrategy *gardencorev1beta1.MachineUpdateStrategy `json:"updateStrategy,omitempty"` } // ClusterAutoscalerOptions contains the cluster autoscaler configurations for a worker pool. @@ -192,6 +199,9 @@ type ClusterAutoscalerOptions struct { type NodeTemplate struct { // Capacity represents the expected Node capacity. Capacity corev1.ResourceList `json:"capacity"` + // VirtualCapacity represents the expected Node 'virtual' capacity ie comprising virtual extended resources. + // +optional + VirtualCapacity corev1.ResourceList `json:"virtualCapacity,omitempty"` } // MachineImage contains logical information about the name and the version of the machie image that @@ -237,6 +247,7 @@ type DataVolume struct { type WorkerStatus struct { // DefaultStatus is a structure containing common fields used by all extension resources. DefaultStatus `json:",inline"` + // MachineDeployments is a list of created machine deployments. It will be used to e.g. configure // the cluster-autoscaler properly. // +patchMergeKey=name @@ -245,6 +256,16 @@ type WorkerStatus struct { // MachineDeploymentsLastUpdateTime is the timestamp when the status.MachineDeployments slice was last updated. // +optional MachineDeploymentsLastUpdateTime *metav1.Time `json:"machineDeploymentsLastUpdateTime,omitempty"` + // InPlaceUpdates contains the status for in-place updates. + // +optional + InPlaceUpdates *InPlaceUpdatesWorkerStatus `json:"inPlaceUpdates,omitempty"` +} + +// InPlaceUpdatesWorkerStatus contains the configuration for in-place updates. +type InPlaceUpdatesWorkerStatus struct { + // WorkerPoolToHashMap is a map of worker pool names to their corresponding hash. + // +optional + WorkerPoolToHashMap map[string]string `json:"workerPoolToHashMap,omitempty"` } // MachineDeployment is a created machine deployment. diff --git a/api/external/gardener/pkg/apis/extensions/v1alpha1/zz_generated.deepcopy.go b/api/external/gardener/pkg/apis/extensions/v1alpha1/zz_generated.deepcopy.go index b8f0e35..54967ae 100644 --- a/api/external/gardener/pkg/apis/extensions/v1alpha1/zz_generated.deepcopy.go +++ b/api/external/gardener/pkg/apis/extensions/v1alpha1/zz_generated.deepcopy.go @@ -348,6 +348,26 @@ func (in *BastionStatus) DeepCopy() *BastionStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CARotation) DeepCopyInto(out *CARotation) { + *out = *in + if in.LastInitiationTime != nil { + in, out := &in.LastInitiationTime, &out.LastInitiationTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CARotation. +func (in *CARotation) DeepCopy() *CARotation { + if in == nil { + return nil + } + out := new(CARotation) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CRIConfig) DeepCopyInto(out *CRIConfig) { *out = *in @@ -575,8 +595,8 @@ func (in *ContainerRuntimeList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ContainerRuntimeSpec) DeepCopyInto(out *ContainerRuntimeSpec) { *out = *in - in.WorkerPool.DeepCopyInto(&out.WorkerPool) in.DefaultSpec.DeepCopyInto(&out.DefaultSpec) + in.WorkerPool.DeepCopyInto(&out.WorkerPool) return } @@ -719,11 +739,6 @@ func (in *ControlPlaneList) DeepCopyObject() runtime.Object { func (in *ControlPlaneSpec) DeepCopyInto(out *ControlPlaneSpec) { *out = *in in.DefaultSpec.DeepCopyInto(&out.DefaultSpec) - if in.Purpose != nil { - in, out := &in.Purpose, &out.Purpose - *out = new(Purpose) - **out = **in - } if in.InfrastructureProviderStatus != nil { in, out := &in.InfrastructureProviderStatus, &out.InfrastructureProviderStatus *out = new(runtime.RawExtension) @@ -760,6 +775,32 @@ func (in *ControlPlaneStatus) DeepCopy() *ControlPlaneStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialsRotation) DeepCopyInto(out *CredentialsRotation) { + *out = *in + if in.CertificateAuthorities != nil { + in, out := &in.CertificateAuthorities, &out.CertificateAuthorities + *out = new(CARotation) + (*in).DeepCopyInto(*out) + } + if in.ServiceAccountKey != nil { + in, out := &in.ServiceAccountKey, &out.ServiceAccountKey + *out = new(ServiceAccountKeyRotation) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsRotation. +func (in *CredentialsRotation) DeepCopy() *CredentialsRotation { + if in == nil { + return nil + } + out := new(CredentialsRotation) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNSRecord) DeepCopyInto(out *DNSRecord) { *out = *in @@ -1198,6 +1239,71 @@ func (in *FileContentSecretRef) DeepCopy() *FileContentSecretRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InPlaceUpdates) DeepCopyInto(out *InPlaceUpdates) { + *out = *in + if in.CredentialsRotation != nil { + in, out := &in.CredentialsRotation, &out.CredentialsRotation + *out = new(CredentialsRotation) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InPlaceUpdates. +func (in *InPlaceUpdates) DeepCopy() *InPlaceUpdates { + if in == nil { + return nil + } + out := new(InPlaceUpdates) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InPlaceUpdatesStatus) DeepCopyInto(out *InPlaceUpdatesStatus) { + *out = *in + if in.OSUpdate != nil { + in, out := &in.OSUpdate, &out.OSUpdate + *out = new(OSUpdate) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InPlaceUpdatesStatus. +func (in *InPlaceUpdatesStatus) DeepCopy() *InPlaceUpdatesStatus { + if in == nil { + return nil + } + out := new(InPlaceUpdatesStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InPlaceUpdatesWorkerStatus) DeepCopyInto(out *InPlaceUpdatesWorkerStatus) { + *out = *in + if in.WorkerPoolToHashMap != nil { + in, out := &in.WorkerPoolToHashMap, &out.WorkerPoolToHashMap + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InPlaceUpdatesWorkerStatus. +func (in *InPlaceUpdatesWorkerStatus) DeepCopy() *InPlaceUpdatesWorkerStatus { + if in == nil { + return nil + } + out := new(InPlaceUpdatesWorkerStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Infrastructure) DeepCopyInto(out *Infrastructure) { *out = *in @@ -1469,6 +1575,11 @@ func (in *NetworkSpec) DeepCopy() *NetworkSpec { func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { *out = *in in.DefaultStatus.DeepCopyInto(&out.DefaultStatus) + if in.IPFamilies != nil { + in, out := &in.IPFamilies, &out.IPFamilies + *out = make([]IPFamily, len(*in)) + copy(*out, *in) + } return } @@ -1492,6 +1603,13 @@ func (in *NodeTemplate) DeepCopyInto(out *NodeTemplate) { (*out)[key] = val.DeepCopy() } } + if in.VirtualCapacity != nil { + in, out := &in.VirtualCapacity, &out.VirtualCapacity + *out = make(v1.ResourceList, len(*in)) + for key, val := range *in { + (*out)[key] = val.DeepCopy() + } + } return } @@ -1505,6 +1623,27 @@ func (in *NodeTemplate) DeepCopy() *NodeTemplate { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OSUpdate) DeepCopyInto(out *OSUpdate) { + *out = *in + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSUpdate. +func (in *OSUpdate) DeepCopy() *OSUpdate { + if in == nil { + return nil + } + out := new(OSUpdate) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OperatingSystemConfig) DeepCopyInto(out *OperatingSystemConfig) { *out = *in @@ -1569,12 +1708,12 @@ func (in *OperatingSystemConfigList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OperatingSystemConfigSpec) DeepCopyInto(out *OperatingSystemConfigSpec) { *out = *in + in.DefaultSpec.DeepCopyInto(&out.DefaultSpec) if in.CRIConfig != nil { in, out := &in.CRIConfig, &out.CRIConfig *out = new(CRIConfig) (*in).DeepCopyInto(*out) } - in.DefaultSpec.DeepCopyInto(&out.DefaultSpec) if in.Units != nil { in, out := &in.Units, &out.Units *out = make([]Unit, len(*in)) @@ -1589,6 +1728,11 @@ func (in *OperatingSystemConfigSpec) DeepCopyInto(out *OperatingSystemConfigSpec (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.InPlaceUpdates != nil { + in, out := &in.InPlaceUpdates, &out.InPlaceUpdates + *out = new(InPlaceUpdates) + (*in).DeepCopyInto(*out) + } return } @@ -1625,6 +1769,11 @@ func (in *OperatingSystemConfigStatus) DeepCopyInto(out *OperatingSystemConfigSt *out = new(CloudConfig) **out = **in } + if in.InPlaceUpdates != nil { + in, out := &in.InPlaceUpdates, &out.InPlaceUpdates + *out = new(InPlaceUpdatesStatus) + (*in).DeepCopyInto(*out) + } return } @@ -1728,6 +1877,26 @@ func (in *RegistryHost) DeepCopy() *RegistryHost { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAccountKeyRotation) DeepCopyInto(out *ServiceAccountKeyRotation) { + *out = *in + if in.LastInitiationTime != nil { + in, out := &in.LastInitiationTime, &out.LastInitiationTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountKeyRotation. +func (in *ServiceAccountKeyRotation) DeepCopy() *ServiceAccountKeyRotation { + if in == nil { + return nil + } + out := new(ServiceAccountKeyRotation) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Unit) DeepCopyInto(out *Unit) { *out = *in @@ -1931,6 +2100,11 @@ func (in *WorkerPool) DeepCopyInto(out *WorkerPool) { *out = new(string) **out = **in } + if in.KubeletConfig != nil { + in, out := &in.KubeletConfig, &out.KubeletConfig + *out = new(v1beta1.KubeletConfig) + (*in).DeepCopyInto(*out) + } if in.NodeTemplate != nil { in, out := &in.NodeTemplate, &out.NodeTemplate *out = new(NodeTemplate) @@ -1951,6 +2125,11 @@ func (in *WorkerPool) DeepCopyInto(out *WorkerPool) { *out = new(int32) **out = **in } + if in.UpdateStrategy != nil { + in, out := &in.UpdateStrategy, &out.UpdateStrategy + *out = new(v1beta1.MachineUpdateStrategy) + **out = **in + } return } @@ -2014,6 +2193,11 @@ func (in *WorkerStatus) DeepCopyInto(out *WorkerStatus) { in, out := &in.MachineDeploymentsLastUpdateTime, &out.MachineDeploymentsLastUpdateTime *out = (*in).DeepCopy() } + if in.InPlaceUpdates != nil { + in, out := &in.InPlaceUpdates, &out.InPlaceUpdates + *out = new(InPlaceUpdatesWorkerStatus) + (*in).DeepCopyInto(*out) + } return } diff --git a/hack/external-apis/apis.yaml b/hack/external-apis/apis.yaml index 1526f8f..943df08 100644 --- a/hack/external-apis/apis.yaml +++ b/hack/external-apis/apis.yaml @@ -83,4 +83,5 @@ apis: - name: pkg/apis/aws/v1alpha1/types_infrastructure.go - name: pkg/apis/aws/v1alpha1/types_worker.go - name: pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go - \ No newline at end of file + - name: pkg/apis/aws/v1alpha1/types_backupbucket.go + - name: pkg/apis/aws/v1alpha1/types_workloadidentity.go \ No newline at end of file