1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.openshift.io: https://github.com/openshift/api/pull/486
6 include.release.openshift.io/ibm-cloud-managed: "true"
7 include.release.openshift.io/self-managed-high-availability: "true"
8 include.release.openshift.io/single-node-developer: "true"
9 name: consoles.operator.openshift.io
10spec:
11 group: operator.openshift.io
12 names:
13 kind: Console
14 listKind: ConsoleList
15 plural: consoles
16 singular: console
17 scope: Cluster
18 versions:
19 - name: v1
20 schema:
21 openAPIV3Schema:
22 description: "Console provides a means to configure an operator to manage the console. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
23 type: object
24 required:
25 - spec
26 properties:
27 apiVersion:
28 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
29 type: string
30 kind:
31 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
32 type: string
33 metadata:
34 type: object
35 spec:
36 description: ConsoleSpec is the specification of the desired behavior of the Console.
37 type: object
38 properties:
39 customization:
40 description: customization is used to optionally provide a small set of customization options to the web console.
41 type: object
42 properties:
43 addPage:
44 description: addPage allows customizing actions on the Add page in developer perspective.
45 type: object
46 properties:
47 disabledActions:
48 description: disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.
49 type: array
50 minItems: 1
51 items:
52 type: string
53 brand:
54 description: brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.
55 type: string
56 pattern: ^$|^(ocp|origin|okd|dedicated|online|azure)$
57 customLogoFile:
58 description: 'customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like ''oc create configmap custom-logo --from-file=/path/to/file -n openshift-config''. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred'
59 type: object
60 properties:
61 key:
62 description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.
63 type: string
64 name:
65 type: string
66 customProductName:
67 description: customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.
68 type: string
69 developerCatalog:
70 description: developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).
71 type: object
72 properties:
73 categories:
74 description: categories which are shown in the developer catalog.
75 type: array
76 items:
77 description: DeveloperConsoleCatalogCategory for the developer console catalog.
78 type: object
79 required:
80 - id
81 - label
82 properties:
83 id:
84 description: ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.
85 type: string
86 maxLength: 32
87 minLength: 1
88 pattern: ^[A-Za-z0-9-_]+$
89 label:
90 description: label defines a category display label. It is required and must have 1-64 characters.
91 type: string
92 maxLength: 64
93 minLength: 1
94 subcategories:
95 description: subcategories defines a list of child categories.
96 type: array
97 items:
98 description: DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.
99 type: object
100 required:
101 - id
102 - label
103 properties:
104 id:
105 description: ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.
106 type: string
107 maxLength: 32
108 minLength: 1
109 pattern: ^[A-Za-z0-9-_]+$
110 label:
111 description: label defines a category display label. It is required and must have 1-64 characters.
112 type: string
113 maxLength: 64
114 minLength: 1
115 tags:
116 description: tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.
117 type: array
118 items:
119 type: string
120 tags:
121 description: tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.
122 type: array
123 items:
124 type: string
125 types:
126 description: types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.
127 type: object
128 required:
129 - state
130 properties:
131 disabled:
132 description: 'disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.'
133 type: array
134 items:
135 type: string
136 x-kubernetes-list-type: set
137 enabled:
138 description: 'enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: "Devfile", "HelmChart", "BuilderImage" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown.'
139 type: array
140 items:
141 type: string
142 x-kubernetes-list-type: set
143 state:
144 description: state defines if a list of catalog types should be enabled or disabled.
145 type: string
146 default: Enabled
147 enum:
148 - Enabled
149 - Disabled
150 x-kubernetes-validations:
151 - rule: 'self.state == ''Enabled'' ? true : !has(self.enabled)'
152 message: enabled is forbidden when state is not Enabled
153 - rule: 'self.state == ''Disabled'' ? true : !has(self.disabled)'
154 message: disabled is forbidden when state is not Disabled
155 documentationBaseURL:
156 description: documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.
157 type: string
158 pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$
159 perspectives:
160 description: perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.
161 type: array
162 items:
163 description: Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown
164 type: object
165 required:
166 - id
167 - visibility
168 properties:
169 id:
170 description: 'id defines the id of the perspective. Example: "dev", "admin". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.'
171 type: string
172 pinnedResources:
173 description: pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.
174 type: array
175 maxItems: 100
176 items:
177 description: PinnedResourceReference includes the group, version and type of resource
178 type: object
179 required:
180 - group
181 - resource
182 - version
183 properties:
184 group:
185 description: 'group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: "", "apps", "build.openshift.io", etc.'
186 type: string
187 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
188 resource:
189 description: 'resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: "deployments", "deploymentconfigs", "pods", etc.'
190 type: string
191 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
192 version:
193 description: 'version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: "v1", "v1beta1", etc.'
194 type: string
195 pattern: ^[a-z0-9]+$
196 visibility:
197 description: visibility defines the state of perspective along with access review checks if needed for that perspective.
198 type: object
199 required:
200 - state
201 properties:
202 accessReview:
203 description: accessReview defines required and missing access review checks.
204 type: object
205 minProperties: 1
206 properties:
207 missing:
208 description: missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.
209 type: array
210 items:
211 description: ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
212 type: object
213 properties:
214 group:
215 description: Group is the API Group of the Resource. "*" means all.
216 type: string
217 name:
218 description: Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
219 type: string
220 namespace:
221 description: Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
222 type: string
223 resource:
224 description: Resource is one of the existing resource types. "*" means all.
225 type: string
226 subresource:
227 description: Subresource is one of the existing resource types. "" means none.
228 type: string
229 verb:
230 description: 'Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.'
231 type: string
232 version:
233 description: Version is the API Version of the Resource. "*" means all.
234 type: string
235 required:
236 description: required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.
237 type: array
238 items:
239 description: ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
240 type: object
241 properties:
242 group:
243 description: Group is the API Group of the Resource. "*" means all.
244 type: string
245 name:
246 description: Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
247 type: string
248 namespace:
249 description: Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
250 type: string
251 resource:
252 description: Resource is one of the existing resource types. "*" means all.
253 type: string
254 subresource:
255 description: Subresource is one of the existing resource types. "" means none.
256 type: string
257 verb:
258 description: 'Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.'
259 type: string
260 version:
261 description: Version is the API Version of the Resource. "*" means all.
262 type: string
263 state:
264 description: state defines the perspective is enabled or disabled or access review check is required.
265 type: string
266 enum:
267 - Enabled
268 - Disabled
269 - AccessReview
270 x-kubernetes-validations:
271 - rule: 'self.state == ''AccessReview'' ? has(self.accessReview) : !has(self.accessReview)'
272 message: accessReview configuration is required when state is AccessReview, and forbidden otherwise
273 x-kubernetes-validations:
274 - rule: 'has(self.id) && self.id != ''dev''? !has(self.pinnedResources) : true'
275 message: pinnedResources is allowed only for dev and forbidden for other perspectives
276 x-kubernetes-list-map-keys:
277 - id
278 x-kubernetes-list-type: map
279 projectAccess:
280 description: projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.
281 type: object
282 properties:
283 availableClusterRoles:
284 description: availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab.
285 type: array
286 items:
287 type: string
288 quickStarts:
289 description: quickStarts allows customization of available ConsoleQuickStart resources in console.
290 type: object
291 properties:
292 disabled:
293 description: disabled is a list of ConsoleQuickStart resource names that are not shown to users.
294 type: array
295 items:
296 type: string
297 logLevel:
298 description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"."
299 type: string
300 default: Normal
301 enum:
302 - ""
303 - Normal
304 - Debug
305 - Trace
306 - TraceAll
307 managementState:
308 description: managementState indicates whether and how the operator should manage the component
309 type: string
310 pattern: ^(Managed|Unmanaged|Force|Removed)$
311 observedConfig:
312 description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator
313 type: object
314 nullable: true
315 x-kubernetes-preserve-unknown-fields: true
316 operatorLogLevel:
317 description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"."
318 type: string
319 default: Normal
320 enum:
321 - ""
322 - Normal
323 - Debug
324 - Trace
325 - TraceAll
326 plugins:
327 description: plugins defines a list of enabled console plugin names.
328 type: array
329 items:
330 type: string
331 providers:
332 description: providers contains configuration for using specific service providers.
333 type: object
334 properties:
335 statuspage:
336 description: statuspage contains ID for statuspage.io page that provides status info about.
337 type: object
338 properties:
339 pageID:
340 description: pageID is the unique ID assigned by Statuspage for your page. This must be a public page.
341 type: string
342 route:
343 description: route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED
344 type: object
345 properties:
346 hostname:
347 description: hostname is the desired custom domain under which console will be available.
348 type: string
349 secret:
350 description: 'secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - "tls.crt" - to specifies custom certificate - "tls.key" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.'
351 type: object
352 required:
353 - name
354 properties:
355 name:
356 description: name is the metadata.name of the referenced secret
357 type: string
358 unsupportedConfigOverrides:
359 description: unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
360 type: object
361 nullable: true
362 x-kubernetes-preserve-unknown-fields: true
363 status:
364 description: ConsoleStatus defines the observed status of the Console.
365 type: object
366 properties:
367 conditions:
368 description: conditions is a list of conditions and their status
369 type: array
370 items:
371 description: OperatorCondition is just the standard condition fields.
372 type: object
373 properties:
374 lastTransitionTime:
375 type: string
376 format: date-time
377 message:
378 type: string
379 reason:
380 type: string
381 status:
382 type: string
383 type:
384 type: string
385 generations:
386 description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
387 type: array
388 items:
389 description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
390 type: object
391 properties:
392 group:
393 description: group is the group of the thing you're tracking
394 type: string
395 hash:
396 description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps
397 type: string
398 lastGeneration:
399 description: lastGeneration is the last generation of the workload controller involved
400 type: integer
401 format: int64
402 name:
403 description: name is the name of the thing you're tracking
404 type: string
405 namespace:
406 description: namespace is where the thing you're tracking is
407 type: string
408 resource:
409 description: resource is the resource type of the thing you're tracking
410 type: string
411 observedGeneration:
412 description: observedGeneration is the last generation change you've dealt with
413 type: integer
414 format: int64
415 readyReplicas:
416 description: readyReplicas indicates how many replicas are ready and at the desired state
417 type: integer
418 format: int32
419 version:
420 description: version is the level this availability applies to
421 type: string
422 served: true
423 storage: true
424 subresources:
425 status: {}
View as plain text