1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.openshift.io: https://github.com/openshift/api/pull/470
6 include.release.openshift.io/ibm-cloud-managed: "true"
7 include.release.openshift.io/self-managed-high-availability: "true"
8 include.release.openshift.io/single-node-developer: "true"
9 name: images.config.openshift.io
10spec:
11 group: config.openshift.io
12 names:
13 kind: Image
14 listKind: ImageList
15 plural: images
16 singular: image
17 scope: Cluster
18 versions:
19 - name: v1
20 schema:
21 openAPIV3Schema:
22 description: "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
23 type: object
24 required:
25 - spec
26 properties:
27 apiVersion:
28 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
29 type: string
30 kind:
31 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
32 type: string
33 metadata:
34 type: object
35 spec:
36 description: spec holds user settable values for configuration
37 type: object
38 properties:
39 additionalTrustedCA:
40 description: additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.
41 type: object
42 required:
43 - name
44 properties:
45 name:
46 description: name is the metadata.name of the referenced config map
47 type: string
48 allowedRegistriesForImport:
49 description: allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.
50 type: array
51 items:
52 description: RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.
53 type: object
54 properties:
55 domainName:
56 description: domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.
57 type: string
58 insecure:
59 description: insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.
60 type: boolean
61 externalRegistryHostnames:
62 description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format.
63 type: array
64 items:
65 type: string
66 registrySources:
67 description: registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.
68 type: object
69 properties:
70 allowedRegistries:
71 description: "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. \n Only one of BlockedRegistries or AllowedRegistries may be set."
72 type: array
73 items:
74 type: string
75 blockedRegistries:
76 description: "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. \n Only one of BlockedRegistries or AllowedRegistries may be set."
77 type: array
78 items:
79 type: string
80 containerRuntimeSearchRegistries:
81 description: 'containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.'
82 type: array
83 format: hostname
84 minItems: 1
85 items:
86 type: string
87 x-kubernetes-list-type: set
88 insecureRegistries:
89 description: insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
90 type: array
91 items:
92 type: string
93 status:
94 description: status holds observed values from the cluster. They may not be overridden.
95 type: object
96 properties:
97 externalRegistryHostnames:
98 description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format.
99 type: array
100 items:
101 type: string
102 internalRegistryHostname:
103 description: internalRegistryHostname sets the hostname for the default internal image registry. The value must be in "hostname[:port]" format. This value is set by the image registry operator which controls the internal registry hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this setting overrides the environment variable.
104 type: string
105 served: true
106 storage: true
107 subresources:
108 status: {}
View as plain text