Skip to content

Commit c0f5796

Browse files
committed
make update
1 parent e1c0dd5 commit c0f5796

8 files changed

Lines changed: 22 additions & 72 deletions

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml

Lines changed: 0 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -158,69 +158,6 @@ spec:
158158
description: encryption allows the configuration of encryption of
159159
resources at the datastore layer.
160160
properties:
161-
kms:
162-
description: |-
163-
kms defines the configuration for the external KMS instance that manages the encryption keys,
164-
when KMS encryption is enabled sensitive resources will be encrypted using keys managed by an
165-
externally configured KMS instance.
166-
167-
The Key Management Service (KMS) instance provides symmetric encryption and is responsible for
168-
managing the lifecyle of the encryption keys outside of the control plane.
169-
This allows integration with an external provider to manage the data encryption keys securely.
170-
properties:
171-
aws:
172-
description: |-
173-
aws defines the key config for using an AWS KMS instance
174-
for the encryption. The AWS KMS instance is managed
175-
by the user outside the purview of the control plane.
176-
properties:
177-
keyARN:
178-
description: |-
179-
keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption.
180-
The value must adhere to the format `arn:aws:kms:<region>:<account_id>:key/<key_id>`, where:
181-
- `<region>` is the AWS region consisting of lowercase letters and hyphens followed by a number.
182-
- `<account_id>` is a 12-digit numeric identifier for the AWS account.
183-
- `<key_id>` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.
184-
maxLength: 128
185-
minLength: 1
186-
type: string
187-
x-kubernetes-validations:
188-
- message: keyARN must follow the format `arn:aws:kms:<region>:<account_id>:key/<key_id>`.
189-
The account ID must be a 12 digit number and the region
190-
and key ID should consist only of lowercase hexadecimal
191-
characters and hyphens (-).
192-
rule: self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$')
193-
region:
194-
description: |-
195-
region specifies the AWS region where the KMS instance exists, and follows the format
196-
`<region-prefix>-<region-name>-<number>`, e.g.: `us-east-1`.
197-
Only lowercase letters and hyphens followed by numbers are allowed.
198-
maxLength: 64
199-
minLength: 1
200-
type: string
201-
x-kubernetes-validations:
202-
- message: region must be a valid AWS region, consisting
203-
of lowercase characters, digits and hyphens (-) only.
204-
rule: self.matches('^[a-z0-9]+(-[a-z0-9]+)*$')
205-
required:
206-
- keyARN
207-
- region
208-
type: object
209-
type:
210-
description: |-
211-
type defines the kind of platform for the KMS provider.
212-
Available provider types are AWS only.
213-
enum:
214-
- AWS
215-
type: string
216-
required:
217-
- type
218-
type: object
219-
x-kubernetes-validations:
220-
- message: aws config is required when kms provider type is AWS,
221-
and forbidden otherwise
222-
rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws)
223-
: !has(self.aws)'
224161
type:
225162
description: |-
226163
type defines what encryption type should be used to encrypt resources at the datastore layer.
@@ -241,14 +178,8 @@ spec:
241178
- identity
242179
- aescbc
243180
- aesgcm
244-
- KMS
245181
type: string
246182
type: object
247-
x-kubernetes-validations:
248-
- message: kms config is required when encryption type is KMS, and
249-
forbidden otherwise
250-
rule: 'has(self.type) && self.type == ''KMS'' ? has(self.kms) :
251-
!has(self.kms)'
252183
servingCerts:
253184
description: |-
254185
servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates

features.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
| ClusterAPIMachineManagementVSphere| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | |
1111
| Example2| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | |
1212
| ExternalSnapshotMetadata| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | |
13+
| KMSEncryptionProvider| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | |
1314
| NewOLMCatalogdAPIV1Metas| | | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> |
1415
| NewOLMOwnSingleNamespace| | | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> |
1516
| NewOLMPreflightPermissionChecks| | | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> |
@@ -52,7 +53,7 @@
5253
| InsightsConfig| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
5354
| InsightsOnDemandDataGather| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
5455
| IrreconcilableMachineConfig| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
55-
| KMSEncryptionProvider| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
56+
| KMSEncryption| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
5657
| MachineAPIMigration| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
5758
| ManagedBootImagesCPMS| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
5859
| MaxUnavailableStatefulSet| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |

payload-manifests/featuregates/featureGate-Hypershift-Default.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,9 @@
132132
{
133133
"name": "IrreconcilableMachineConfig"
134134
},
135+
{
136+
"name": "KMSEncryption"
137+
},
135138
{
136139
"name": "KMSEncryptionProvider"
137140
},

payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -214,6 +214,9 @@
214214
{
215215
"name": "IrreconcilableMachineConfig"
216216
},
217+
{
218+
"name": "KMSEncryption"
219+
},
217220
{
218221
"name": "KMSEncryptionProvider"
219222
},

payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,9 @@
3232
{
3333
"name": "ExternalSnapshotMetadata"
3434
},
35+
{
36+
"name": "KMSEncryptionProvider"
37+
},
3538
{
3639
"name": "MachineAPIOperatorDisableMachineHealthCheckController"
3740
},
@@ -218,7 +221,7 @@
218221
"name": "IrreconcilableMachineConfig"
219222
},
220223
{
221-
"name": "KMSEncryptionProvider"
224+
"name": "KMSEncryption"
222225
},
223226
{
224227
"name": "KMSv1"

payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,9 @@
135135
{
136136
"name": "IrreconcilableMachineConfig"
137137
},
138+
{
139+
"name": "KMSEncryption"
140+
},
138141
{
139142
"name": "KMSEncryptionProvider"
140143
},

payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -196,6 +196,9 @@
196196
{
197197
"name": "IrreconcilableMachineConfig"
198198
},
199+
{
200+
"name": "KMSEncryption"
201+
},
199202
{
200203
"name": "KMSEncryptionProvider"
201204
},

payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,9 @@
3535
{
3636
"name": "HyperShiftOnlyDynamicResourceAllocation"
3737
},
38+
{
39+
"name": "KMSEncryptionProvider"
40+
},
3841
{
3942
"name": "MachineAPIOperatorDisableMachineHealthCheckController"
4043
},
@@ -200,7 +203,7 @@
200203
"name": "IrreconcilableMachineConfig"
201204
},
202205
{
203-
"name": "KMSEncryptionProvider"
206+
"name": "KMSEncryption"
204207
},
205208
{
206209
"name": "KMSv1"

0 commit comments

Comments
 (0)