diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
index 7980f7d2120..197bf2706fa 100644
--- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
@@ -1084,6 +1084,12 @@ spec:
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y,
+ y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y,
+ y.server == x.server)) : true'
- message: vcenters must have unique server values
rule: self.all(x, self.exists_one(y, y.server == x.server))
type: object
@@ -1094,9 +1100,9 @@ spec:
rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
type: object
x-kubernetes-validations:
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? (has(self.vsphere.vcenters)
- && size(self.vsphere.vcenters) < 2) : true'
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
type: object
status:
description: status holds observed values from the cluster. They may not
diff --git a/features.md b/features.md
index e3007e75f09..0212bf61c5c 100644
--- a/features.md
+++ b/features.md
@@ -24,7 +24,6 @@
| NoRegistryClusterInstall| | | | Enabled | | | | Enabled |
| OLMLifecycleAndCompatibility| | | | Enabled | | | | Enabled |
| ProvisioningRequestAvailable| | | Enabled | Enabled | | | | |
-| VSphereMultiVCenterDay2| | | Enabled | Enabled | | | | |
| AWSClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled |
@@ -87,6 +86,7 @@
| TLSGroupPreferences| | | Enabled | Enabled | | | Enabled | Enabled |
| VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled |
| VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled |
+| VSphereMultiVCenterDay2| | | Enabled | Enabled | | | Enabled | Enabled |
| VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSServiceLBNetworkSecurityGroup| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled |
| AzureClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
diff --git a/features/features.go b/features/features.go
index a911c56f18c..33fdd7d3a55 100644
--- a/features/features.go
+++ b/features/features.go
@@ -778,7 +778,7 @@ var (
contactPerson("vr4manta").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1961").
- enable(inDevPreviewNoUpgrade()).
+ enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
FeatureGateAWSServiceLBNetworkSecurityGroup = newFeatureGate("AWSServiceLBNetworkSecurityGroup").
diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml
index 71cb770dc5b..0d318c38c1f 100644
--- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml
+++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml
@@ -1373,6 +1373,14 @@ spec:
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
+ - message: Cannot add and remove vCenters at the same
+ time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x,
+ self.exists(y, y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same
+ time
+ rule: 'size(self) < size(oldSelf) ? self.all(x,
+ oldSelf.exists(y, y.server == x.server)) : true'
- message: vcenters must have unique server values
rule: self.all(x, self.exists_one(y, y.server ==
x.server))
@@ -1385,10 +1393,9 @@ spec:
rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
type: object
x-kubernetes-validations:
- - message: vcenters can have at most 1 item when configured
- post-install
- rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? (has(self.vsphere.vcenters)
- && size(self.vsphere.vcenters) < 2) : true'
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
type: object
status:
description: status holds observed values from the cluster. They
diff --git a/openapi/openapi.json b/openapi/openapi.json
index ba172e9fe90..957c7a68c11 100644
--- a/openapi/openapi.json
+++ b/openapi/openapi.json
@@ -17919,6 +17919,15 @@
},
"x-kubernetes-list-type": "atomic"
},
+ "groups": {
+ "description": "groups is an optional, ordered field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. The order of the groups represents a suggested preference, with the most preferred group first. Note that not all platform components honor the ordering: Go-based components use Go's internal preference order and treat this list as a filter of allowed groups rather than an ordered preference. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 7 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1",
+ "type": "array",
+ "items": {
+ "type": "string",
+ "default": ""
+ },
+ "x-kubernetes-list-type": "set"
+ },
"minTLSVersion": {
"description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11",
"type": "string",
@@ -23075,6 +23084,15 @@
},
"x-kubernetes-list-type": "atomic"
},
+ "groups": {
+ "description": "groups is an optional, ordered field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. The order of the groups represents a suggested preference, with the most preferred group first. Note that not all platform components honor the ordering: Go-based components use Go's internal preference order and treat this list as a filter of allowed groups rather than an ordered preference. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 7 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1",
+ "type": "array",
+ "items": {
+ "type": "string",
+ "default": ""
+ },
+ "x-kubernetes-list-type": "set"
+ },
"minTLSVersion": {
"description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11",
"type": "string",
@@ -23087,23 +23105,23 @@
"type": "object",
"properties": {
"custom": {
- "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256",
+ "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe supported groups list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256",
"$ref": "#/definitions/com.github.openshift.api.config.v1.CustomTLSProfile"
},
"intermediate": {
- "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305",
+ "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305",
"$ref": "#/definitions/com.github.openshift.api.config.v1.IntermediateTLSProfile"
},
"modern": {
- "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256",
+ "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256",
"$ref": "#/definitions/com.github.openshift.api.config.v1.ModernTLSProfile"
},
"old": {
- "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA",
+ "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA",
"$ref": "#/definitions/com.github.openshift.api.config.v1.OldTLSProfile"
},
"type": {
- "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.",
+ "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe cipher and groups lists in these profiles are based on version 5.8 of the Mozilla Server Side TLS configuration guidelines. See: https://ssl-config.mozilla.org/guidelines/5.8.json\n\nThe groups are listed in suggested preference order, with the most preferred group first. Note that not all platform components honor the ordering: Go-based components use Go's internal preference order and treat this list as a filter of allowed groups rather than an ordered preference. Note that X25519MLKEM768 is a post-quantum hybrid group that is not FIPS-approved and should be ignored by components running in FIPS mode.\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.",
"type": "string",
"default": ""
}
@@ -24850,7 +24868,7 @@
"type": "object",
"properties": {
"additionalResourceLabels": {
- "description": "additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics in kube-state-metrics, in addition to the default set. Currently, only \"Jobs\" and \"CronJobs\" resources are supported due to cardinality concerns. Each entry specifies a resource name and a list of Kubernetes label names to expose. Use \"*\" in the labels list to expose all labels for a given resource. additionalResourceLabels is optional. When omitted, only the default set of resource labels is exposed. Maximum length for this list is 2. Minimum length for this list is 1. Each resource name must be unique within this list.",
+ "description": "additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics in kube-state-metrics. Currently, only \"Job\" and \"CronJob\" resources are supported due to cardinality concerns. Each entry specifies a resource name and a list of Kubernetes label names to expose. Use \"*\" in the labels list to expose all labels for a given resource. additionalResourceLabels is optional. When omitted, no additional Kubernetes object labels are exposed as metrics by kube-state-metrics beyond its built-in metric labels (e.g. namespace, job_name). Use this field to opt in to exposing specific Kubernetes labels as metric labels for the supported resource types. Minimum length for this list is 1. Maximum length for this list is 2. Each resource name must be unique within this list.",
"type": "array",
"items": {
"default": {},
@@ -24870,7 +24888,7 @@
}
},
"resources": {
- "description": "resources defines the compute resource requests and limits for the kube-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.",
+ "description": "resources defines the compute resource requests and limits for the kube-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.",
"type": "array",
"items": {
"default": {},
@@ -24882,7 +24900,7 @@
"x-kubernetes-list-type": "map"
},
"tolerations": {
- "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries.",
+ "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, no tolerations are applied. This default is subject to change over time. When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries. Each toleration's operator, when specified, must be either \"Exists\" or \"Equal\". Each toleration's effect, when specified, must be one of \"NoSchedule\", \"PreferNoSchedule\", or \"NoExecute\". An empty or unset effect means match all effects.",
"type": "array",
"items": {
"default": {},
@@ -24891,7 +24909,7 @@
"x-kubernetes-list-type": "atomic"
},
"topologySpreadConstraints": {
- "description": "topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Defaults are empty/unset. When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. Entries must have unique topologyKey and whenUnsatisfiable pairs.",
+ "description": "topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nThis field maps directly to the `topologySpreadConstraints` field in the Pod spec. When omitted, no topology spread constraints are applied. This default is subject to change over time. When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. Entries must have unique topologyKey and whenUnsatisfiable pairs. Each entry's whenUnsatisfiable must be either \"DoNotSchedule\" or \"ScheduleAnyway\". Each entry's maxSkew must be at least 1. When minDomains is specified, it must be at least 1 and whenUnsatisfiable must be \"DoNotSchedule\".",
"type": "array",
"items": {
"default": {},
@@ -24914,7 +24932,7 @@
],
"properties": {
"labels": {
- "description": "labels is the list of Kubernetes label names to expose as metrics for this resource. Use \"*\" to expose all labels for the specified resource. This field is required. Each label name must be unique within this list. Minimum length for this list is 1. Maximum length for this list is 50.",
+ "description": "labels is the list of Kubernetes label names to expose as metrics for this resource. Use \"*\" to expose all labels for the specified resource. When \"*\" is specified, it must be the only entry in the list; mixing \"*\" with specific label names is not allowed. This field is required. Each label name must be unique within this list. Minimum length for this list is 1. Maximum length for this list is 50.",
"type": "array",
"items": {
"type": "string",
@@ -24923,7 +24941,7 @@
"x-kubernetes-list-type": "set"
},
"resource": {
- "description": "resource is the Kubernetes resource name whose labels should be exposed as metrics. Currently, only \"Jobs\" and \"CronJobs\" are supported due to cardinality concerns. Valid values are \"Jobs\" and \"CronJobs\". This field is required.",
+ "description": "resource is the Kubernetes resource name whose labels should be exposed as metrics. Currently, only \"Job\" and \"CronJob\" are supported due to cardinality concerns. Valid values are \"Job\" and \"CronJob\". This field is required.",
"type": "string"
}
}
@@ -43950,7 +43968,7 @@
],
"properties": {
"backendQuotaGiB": {
- "description": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 32. When not specified, the default value is 8.",
+ "description": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 16. When not specified, the default value is 8.",
"type": "integer",
"format": "int32",
"default": 8
diff --git a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
index 7980f7d2120..197bf2706fa 100644
--- a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
+++ b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
@@ -1084,6 +1084,12 @@ spec:
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y,
+ y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same time
+ rule: 'size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y,
+ y.server == x.server)) : true'
- message: vcenters must have unique server values
rule: self.all(x, self.exists_one(y, y.server == x.server))
type: object
@@ -1094,9 +1100,9 @@ spec:
rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
type: object
x-kubernetes-validations:
- - message: vcenters can have at most 1 item when configured post-install
- rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? (has(self.vsphere.vcenters)
- && size(self.vsphere.vcenters) < 2) : true'
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
type: object
status:
description: status holds observed values from the cluster. They may not
diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml
index 71cb770dc5b..0d318c38c1f 100644
--- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml
+++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml
@@ -1373,6 +1373,14 @@ spec:
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
+ - message: Cannot add and remove vCenters at the same
+ time
+ rule: 'size(self) >= size(oldSelf) ? oldSelf.all(x,
+ self.exists(y, y.server == x.server)) : true'
+ - message: Cannot add and remove vCenters at the same
+ time
+ rule: 'size(self) < size(oldSelf) ? self.all(x,
+ oldSelf.exists(y, y.server == x.server)) : true'
- message: vcenters must have unique server values
rule: self.all(x, self.exists_one(y, y.server ==
x.server))
@@ -1385,10 +1393,9 @@ spec:
rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)'
type: object
x-kubernetes-validations:
- - message: vcenters can have at most 1 item when configured
- post-install
- rule: '!has(oldSelf.vsphere) && has(self.vsphere) ? (has(self.vsphere.vcenters)
- && size(self.vsphere.vcenters) < 2) : true'
+ - message: vcenters is required once set and cannot be removed
+ rule: 'oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue()
+ : true'
type: object
status:
description: status holds observed values from the cluster. They
diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml
index d4602121176..74aef964a03 100644
--- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml
@@ -93,9 +93,6 @@
},
{
"name": "ShortCertRotation"
- },
- {
- "name": "VSphereMultiVCenterDay2"
}
],
"enabled": [
@@ -366,6 +363,9 @@
{
"name": "VSphereMultiNetworks"
},
+ {
+ "name": "VSphereMultiVCenterDay2"
+ },
{
"name": "VolumeGroupSnapshot"
}
diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml
index 811b4dc25fb..e8dd3dbaee3 100644
--- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml
@@ -69,9 +69,6 @@
},
{
"name": "ShortCertRotation"
- },
- {
- "name": "VSphereMultiVCenterDay2"
}
],
"enabled": [
@@ -366,6 +363,9 @@
{
"name": "VSphereMultiNetworks"
},
+ {
+ "name": "VSphereMultiVCenterDay2"
+ },
{
"name": "VolumeGroupSnapshot"
}