make update

Author: bertinatto

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml

@@ -158,69 +158,6 @@ spec:
                 description: encryption allows the configuration of encryption of
                   resources at the datastore layer.
                 properties:
-                  kms:
-                    description: |-
-                      kms defines the configuration for the external KMS instance that manages the encryption keys,
-                      when KMS encryption is enabled sensitive resources will be encrypted using keys managed by an
-                      externally configured KMS instance.
-
-                      The Key Management Service (KMS) instance provides symmetric encryption and is responsible for
-                      managing the lifecyle of the encryption keys outside of the control plane.
-                      This allows integration with an external provider to manage the data encryption keys securely.
-                    properties:
-                      aws:
-                        description: |-
-                          aws defines the key config for using an AWS KMS instance
-                          for the encryption. The AWS KMS instance is managed
-                          by the user outside the purview of the control plane.
-                        properties:
-                          keyARN:
-                            description: |-
-                              keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption.
-                              The value must adhere to the format `arn:aws:kms:<region>:<account_id>:key/<key_id>`, where:
-                              - `<region>` is the AWS region consisting of lowercase letters and hyphens followed by a number.
-                              - `<account_id>` is a 12-digit numeric identifier for the AWS account.
-                              - `<key_id>` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.
-                            maxLength: 128
-                            minLength: 1
-                            type: string
-                            x-kubernetes-validations:
-                            - message: keyARN must follow the format `arn:aws:kms:<region>:<account_id>:key/<key_id>`.
-                                The account ID must be a 12 digit number and the region
-                                and key ID should consist only of lowercase hexadecimal
-                                characters and hyphens (-).
-                              rule: self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$')
-                          region:
-                            description: |-
-                              region specifies the AWS region where the KMS instance exists, and follows the format
-                              `<region-prefix>-<region-name>-<number>`, e.g.: `us-east-1`.
-                              Only lowercase letters and hyphens followed by numbers are allowed.
-                            maxLength: 64
-                            minLength: 1
-                            type: string
-                            x-kubernetes-validations:
-                            - message: region must be a valid AWS region, consisting
-                                of lowercase characters, digits and hyphens (-) only.
-                              rule: self.matches('^[a-z0-9]+(-[a-z0-9]+)*$')
-                        required:
-                        - keyARN
-                        - region
-                        type: object
-                      type:
-                        description: |-
-                          type defines the kind of platform for the KMS provider.
-                          Available provider types are AWS only.
-                        enum:
-                        - AWS
-                        type: string
-                    required:
-                    - type
-                    type: object
-                    x-kubernetes-validations:
-                    - message: aws config is required when kms provider type is AWS,
-                        and forbidden otherwise
-                      rule: 'has(self.type) && self.type == ''AWS'' ?  has(self.aws)
-                        : !has(self.aws)'
                   type:
                     description: |-
                       type defines what encryption type should be used to encrypt resources at the datastore layer.
@@ -241,14 +178,8 @@ spec:
                     - identity
                     - aescbc
                     - aesgcm
-                    - KMS
                     type: string
                 type: object
-                x-kubernetes-validations:
-                - message: kms config is required when encryption type is KMS, and
-                    forbidden otherwise
-                  rule: 'has(self.type) && self.type == ''KMS'' ?  has(self.kms) :
-                    !has(self.kms)'
               servingCerts:
                 description: |-
                   servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates

features.md

@@ -10,6 +10,7 @@
 | ClusterAPIMachineManagementVSphere| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | |  |
 | Example2| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | |  |
 | ExternalSnapshotMetadata| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | |  |
+| KMSEncryptionProvider| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | |  |
 | NewOLMCatalogdAPIV1Metas| | | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span>  |
 | NewOLMOwnSingleNamespace| | | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span>  |
 | NewOLMPreflightPermissionChecks| | | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span>  |
@@ -52,7 +53,7 @@
 | InsightsConfig| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | InsightsOnDemandDataGather| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | IrreconcilableMachineConfig| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
-| KMSEncryptionProvider| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
+| KMSEncryption| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | MachineAPIMigration| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | ManagedBootImagesCPMS| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | MaxUnavailableStatefulSet| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |

openapi/openapi.json

@@ -9881,7 +9881,7 @@
           "$ref": "#/definitions/com.github.openshift.api.config.v1.PKI"
         },
         "policyType": {
-          "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.",
+          "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).",
           "type": "string",
           "default": ""
         },

payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml

@@ -158,69 +158,6 @@ spec:
                 description: encryption allows the configuration of encryption of
                   resources at the datastore layer.
                 properties:
-                  kms:
-                    description: |-
-                      kms defines the configuration for the external KMS instance that manages the encryption keys,
-                      when KMS encryption is enabled sensitive resources will be encrypted using keys managed by an
-                      externally configured KMS instance.
-
-                      The Key Management Service (KMS) instance provides symmetric encryption and is responsible for
-                      managing the lifecyle of the encryption keys outside of the control plane.
-                      This allows integration with an external provider to manage the data encryption keys securely.
-                    properties:
-                      aws:
-                        description: |-
-                          aws defines the key config for using an AWS KMS instance
-                          for the encryption. The AWS KMS instance is managed
-                          by the user outside the purview of the control plane.
-                        properties:
-                          keyARN:
-                            description: |-
-                              keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption.
-                              The value must adhere to the format `arn:aws:kms:<region>:<account_id>:key/<key_id>`, where:
-                              - `<region>` is the AWS region consisting of lowercase letters and hyphens followed by a number.
-                              - `<account_id>` is a 12-digit numeric identifier for the AWS account.
-                              - `<key_id>` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.
-                            maxLength: 128
-                            minLength: 1
-                            type: string
-                            x-kubernetes-validations:
-                            - message: keyARN must follow the format `arn:aws:kms:<region>:<account_id>:key/<key_id>`.
-                                The account ID must be a 12 digit number and the region
-                                and key ID should consist only of lowercase hexadecimal
-                                characters and hyphens (-).
-                              rule: self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$')
-                          region:
-                            description: |-
-                              region specifies the AWS region where the KMS instance exists, and follows the format
-                              `<region-prefix>-<region-name>-<number>`, e.g.: `us-east-1`.
-                              Only lowercase letters and hyphens followed by numbers are allowed.
-                            maxLength: 64
-                            minLength: 1
-                            type: string
-                            x-kubernetes-validations:
-                            - message: region must be a valid AWS region, consisting
-                                of lowercase characters, digits and hyphens (-) only.
-                              rule: self.matches('^[a-z0-9]+(-[a-z0-9]+)*$')
-                        required:
-                        - keyARN
-                        - region
-                        type: object
-                      type:
-                        description: |-
-                          type defines the kind of platform for the KMS provider.
-                          Available provider types are AWS only.
-                        enum:
-                        - AWS
-                        type: string
-                    required:
-                    - type
-                    type: object
-                    x-kubernetes-validations:
-                    - message: aws config is required when kms provider type is AWS,
-                        and forbidden otherwise
-                      rule: 'has(self.type) && self.type == ''AWS'' ?  has(self.aws)
-                        : !has(self.aws)'
                   type:
                     description: |-
                       type defines what encryption type should be used to encrypt resources at the datastore layer.
@@ -241,14 +178,8 @@ spec:
                     - identity
                     - aescbc
                     - aesgcm
-                    - KMS
                     type: string
                 type: object
-                x-kubernetes-validations:
-                - message: kms config is required when encryption type is KMS, and
-                    forbidden otherwise
-                  rule: 'has(self.type) && self.type == ''KMS'' ?  has(self.kms) :
-                    !has(self.kms)'
               servingCerts:
                 description: |-
                   servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates

payload-manifests/featuregates/featureGate-Hypershift-Default.yaml

@@ -132,6 +132,9 @@
                     {
                         "name": "IrreconcilableMachineConfig"
                     },
+                    {
+                        "name": "KMSEncryption"
+                    },
                     {
                         "name": "KMSEncryptionProvider"
                     },

payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml

@@ -214,6 +214,9 @@
                     {
                         "name": "IrreconcilableMachineConfig"
                     },
+                    {
+                        "name": "KMSEncryption"
+                    },
                     {
                         "name": "KMSEncryptionProvider"
                     },

payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml

@@ -32,6 +32,9 @@
                     {
                         "name": "ExternalSnapshotMetadata"
                     },
+                    {
+                        "name": "KMSEncryptionProvider"
+                    },
                     {
                         "name": "MachineAPIOperatorDisableMachineHealthCheckController"
                     },
@@ -218,7 +221,7 @@
                         "name": "IrreconcilableMachineConfig"
                     },
                     {
-                        "name": "KMSEncryptionProvider"
+                        "name": "KMSEncryption"
                     },
                     {
                         "name": "KMSv1"

payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml

@@ -135,6 +135,9 @@
                     {
                         "name": "IrreconcilableMachineConfig"
                     },
+                    {
+                        "name": "KMSEncryption"
+                    },
                     {
                         "name": "KMSEncryptionProvider"
                     },

payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml

@@ -196,6 +196,9 @@
                     {
                         "name": "IrreconcilableMachineConfig"
                     },
+                    {
+                        "name": "KMSEncryption"
+                    },
                     {
                         "name": "KMSEncryptionProvider"
                     },

payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml

@@ -35,6 +35,9 @@
                     {
                         "name": "HyperShiftOnlyDynamicResourceAllocation"
                     },
+                    {
+                        "name": "KMSEncryptionProvider"
+                    },
                     {
                         "name": "MachineAPIOperatorDisableMachineHealthCheckController"
                     },
@@ -200,7 +203,7 @@
                         "name": "IrreconcilableMachineConfig"
                     },
                     {
-                        "name": "KMSEncryptionProvider"
+                        "name": "KMSEncryption"
                     },
                     {
                         "name": "KMSv1"