diff --git a/config/v1/tests/infrastructures.config.openshift.io/AAA_ungated.yaml b/config/v1/tests/infrastructures.config.openshift.io/AAA_ungated.yaml
index 71e9f9133c6..d55dae4cc6d 100644
--- a/config/v1/tests/infrastructures.config.openshift.io/AAA_ungated.yaml
+++ b/config/v1/tests/infrastructures.config.openshift.io/AAA_ungated.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if w
name: "Infrastructure"
crdName: infrastructures.config.openshift.io
featureGates:
-- -AWSClusterHostedDNSInstall
+- -AzureClusterHostedDNSInstall
tests:
onCreate:
- name: Should be able to create a minimal Infrastructure
@@ -1732,6 +1732,8 @@ tests:
platform: AWS
platformStatus:
aws:
+ cloudLoadBalancerConfig:
+ dnsType: PlatformDefault
region: us-east-1
resourceTags:
- key: key with space
@@ -1778,6 +1780,8 @@ tests:
platform: AWS
platformStatus:
aws:
+ cloudLoadBalancerConfig:
+ dnsType: PlatformDefault
region: us-east-1
resourceTags:
- key: key:_./=+-@
diff --git a/config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNS.yaml b/config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNS.yaml
index 9f82848ab43..26a8583cf9e 100644
--- a/config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNS.yaml
+++ b/config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNS.yaml
@@ -3,6 +3,7 @@ name: "Infrastructure"
crdName: infrastructures.config.openshift.io
featureGates:
- AWSClusterHostedDNSInstall
+- AWSDualStackInstall
tests:
onCreate:
- name: Should be able to create a minimal Infrastructure
diff --git a/config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNSInstall.yaml b/config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNSInstall.yaml
index 9f82848ab43..485c4c66eac 100644
--- a/config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNSInstall.yaml
+++ b/config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNSInstall.yaml
@@ -3,6 +3,7 @@ name: "Infrastructure"
crdName: infrastructures.config.openshift.io
featureGates:
- AWSClusterHostedDNSInstall
+- -AWSDualStackInstall
tests:
onCreate:
- name: Should be able to create a minimal Infrastructure
@@ -60,7 +61,6 @@ tests:
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
- ipFamily: IPv4
type: AWS
- name: should be able to set dnsType to non-default value of `ClusterHosted`
initial: |
@@ -102,7 +102,6 @@ tests:
aws:
cloudLoadBalancerConfig:
dnsType: ClusterHosted
- ipFamily: IPv4
type: AWS
- name: Should not allow changing the immutable dnsType field
initial: |
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
index cc7fe5e2a2e..36d7949bb68 100644
--- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
@@ -1185,6 +1185,110 @@ spec:
description: aws contains settings specific to the Amazon Web
Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for new AWS
resources created by the cluster.
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
index 5a105a3c9b0..9814b48eca8 100644
--- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
@@ -1185,6 +1185,110 @@ spec:
description: aws contains settings specific to the Amazon Web
Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for new AWS
resources created by the cluster.
diff --git a/features.md b/features.md
index 27fe51f4d32..7e55889cb1a 100644
--- a/features.md
+++ b/features.md
@@ -25,7 +25,6 @@
| ProvisioningRequestAvailable| | | Enabled | Enabled | | | | |
| VSphereMultiVCenterDay2| | | Enabled | Enabled | | | | |
| AWSClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled |
-| AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSEuropeanSovereignCloudInstall| | | Enabled | Enabled | | | Enabled | Enabled |
@@ -91,6 +90,7 @@
| VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled |
| VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled |
| AWSServiceLBNetworkSecurityGroup| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled |
+| AWSClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| AzureClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| BootImageSkewEnforcement| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
diff --git a/features/features.go b/features/features.go
index 8df01c197c5..a9d4757fb1e 100644
--- a/features/features.go
+++ b/features/features.go
@@ -830,7 +830,7 @@ var (
contactPerson("barbacbd").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1468").
- enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
+ enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()).
mustRegister()
FeatureGateGCPCustomAPIEndpointsInstall = newFeatureGate("GCPCustomAPIEndpointsInstall").
diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml
index d6ebfd67ce5..84a17b3b51f 100644
--- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml
+++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml
@@ -1477,6 +1477,110 @@ spec:
description: aws contains settings specific to the Amazon
Web Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType
+ is ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for
new AWS resources created by the cluster.
diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml
index 512510c2092..4886fb167ef 100644
--- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml
+++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml
@@ -1477,6 +1477,110 @@ spec:
description: aws contains settings specific to the Amazon
Web Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType
+ is ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for
new AWS resources created by the cluster.
diff --git a/openapi/openapi.json b/openapi/openapi.json
index f3254cd59a4..5e9a25be49e 100644
--- a/openapi/openapi.json
+++ b/openapi/openapi.json
@@ -27087,6 +27087,250 @@
}
}
},
+ "com.github.openshift.api.etcd.v1.PacemakerCluster": {
+ "description": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
+ "type": "object",
+ "required": [
+ "metadata"
+ ],
+ "properties": {
+ "apiVersion": {
+ "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
+ "type": "string"
+ },
+ "kind": {
+ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+ "type": "string"
+ },
+ "metadata": {
+ "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
+ "default": {},
+ "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io"
+ },
+ "status": {
+ "description": "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.",
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.etcd.v1.PacemakerClusterStatus"
+ }
+ }
+ },
+ "com.github.openshift.api.etcd.v1.PacemakerClusterFencingAgentStatus": {
+ "description": "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.",
+ "type": "object",
+ "required": [
+ "conditions",
+ "name",
+ "method"
+ ],
+ "properties": {
+ "conditions": {
+ "description": "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io"
+ },
+ "x-kubernetes-list-map-keys": [
+ "type"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "method": {
+ "description": "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.\n\nPossible enum values:\n - `\"IPMI\"` uses IPMI (Intelligent Platform Management Interface), a hardware management interface.\n - `\"Redfish\"` uses Redfish, a standard RESTful API for server management.",
+ "type": "string",
+ "enum": [
+ "IPMI",
+ "Redfish"
+ ]
+ },
+ "name": {
+ "description": "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).",
+ "type": "string"
+ }
+ }
+ },
+ "com.github.openshift.api.etcd.v1.PacemakerClusterList": {
+ "description": "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
+ "type": "object",
+ "required": [
+ "items"
+ ],
+ "properties": {
+ "apiVersion": {
+ "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
+ "type": "string"
+ },
+ "items": {
+ "description": "items is a list of PacemakerCluster objects.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.etcd.v1.PacemakerCluster"
+ }
+ },
+ "kind": {
+ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+ "type": "string"
+ },
+ "metadata": {
+ "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
+ "default": {},
+ "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io"
+ }
+ }
+ },
+ "com.github.openshift.api.etcd.v1.PacemakerClusterNodeStatus": {
+ "description": "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.",
+ "type": "object",
+ "required": [
+ "conditions",
+ "nodeName",
+ "addresses",
+ "resources",
+ "fencingAgents"
+ ],
+ "properties": {
+ "addresses": {
+ "description": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.etcd.v1.PacemakerNodeAddress"
+ },
+ "x-kubernetes-list-type": "atomic"
+ },
+ "conditions": {
+ "description": "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io"
+ },
+ "x-kubernetes-list-map-keys": [
+ "type"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "fencingAgents": {
+ "description": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. A healthy node is expected to have at least 1 fencing agent, but the list may be empty when fencing agent discovery fails. Names must be unique within this array.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.etcd.v1.PacemakerClusterFencingAgentStatus"
+ },
+ "x-kubernetes-list-map-keys": [
+ "name"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "nodeName": {
+ "description": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.",
+ "type": "string"
+ },
+ "resources": {
+ "description": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.etcd.v1.PacemakerClusterResourceStatus"
+ },
+ "x-kubernetes-list-map-keys": [
+ "name"
+ ],
+ "x-kubernetes-list-type": "map"
+ }
+ }
+ },
+ "com.github.openshift.api.etcd.v1.PacemakerClusterResourceStatus": {
+ "description": "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.",
+ "type": "object",
+ "required": [
+ "conditions",
+ "name"
+ ],
+ "properties": {
+ "conditions": {
+ "description": "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io"
+ },
+ "x-kubernetes-list-map-keys": [
+ "type"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "name": {
+ "description": "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.\n\nPossible enum values:\n - `\"Etcd\"` is the etcd pacemaker resource. The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations.\n - `\"Kubelet\"` is the kubelet pacemaker resource. The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments.",
+ "type": "string",
+ "enum": [
+ "Etcd",
+ "Kubelet"
+ ]
+ }
+ }
+ },
+ "com.github.openshift.api.etcd.v1.PacemakerClusterStatus": {
+ "description": "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.",
+ "type": "object",
+ "required": [
+ "conditions",
+ "lastUpdated",
+ "nodes"
+ ],
+ "properties": {
+ "conditions": {
+ "description": "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io"
+ },
+ "x-kubernetes-list-map-keys": [
+ "type"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "lastUpdated": {
+ "description": "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.",
+ "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io"
+ },
+ "nodes": {
+ "description": "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.",
+ "type": "array",
+ "items": {
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.etcd.v1.PacemakerClusterNodeStatus"
+ },
+ "x-kubernetes-list-map-keys": [
+ "nodeName"
+ ],
+ "x-kubernetes-list-type": "map"
+ }
+ }
+ },
+ "com.github.openshift.api.etcd.v1.PacemakerNodeAddress": {
+ "description": "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.",
+ "type": "object",
+ "required": [
+ "type",
+ "address"
+ ],
+ "properties": {
+ "address": {
+ "description": "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.",
+ "type": "string"
+ },
+ "type": {
+ "description": "type is the type of node address. Currently only \"InternalIP\" is supported.\n\nPossible enum values:\n - `\"InternalIP\"` is an internal IP address assigned to the node. This is typically the IP address used for intra-cluster communication.",
+ "type": "string",
+ "enum": [
+ "InternalIP"
+ ]
+ }
+ }
+ },
"com.github.openshift.api.etcd.v1alpha1.PacemakerCluster": {
"description": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
"type": "object",
@@ -27212,7 +27456,7 @@
"x-kubernetes-list-type": "map"
},
"fencingAgents": {
- "description": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.",
+ "description": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. A healthy node is expected to have at least 1 fencing agent, but the list may be empty when fencing agent discovery fails. Names must be unique within this array.",
"type": "array",
"items": {
"default": {},
diff --git a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml
index cc7fe5e2a2e..36d7949bb68 100644
--- a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml
+++ b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml
@@ -1185,6 +1185,110 @@ spec:
description: aws contains settings specific to the Amazon Web
Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for new AWS
resources created by the cluster.
diff --git a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
index 5a105a3c9b0..9814b48eca8 100644
--- a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
+++ b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
@@ -1185,6 +1185,110 @@ spec:
description: aws contains settings specific to the Amazon Web
Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example, "10.0.0.0"
+ or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType is
+ ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for new AWS
resources created by the cluster.
diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml
index d6ebfd67ce5..84a17b3b51f 100644
--- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml
+++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml
@@ -1477,6 +1477,110 @@ spec:
description: aws contains settings specific to the Amazon
Web Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType
+ is ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for
new AWS resources created by the cluster.
diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml
index 512510c2092..4886fb167ef 100644
--- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml
+++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml
@@ -1477,6 +1477,110 @@ spec:
description: aws contains settings specific to the Amazon
Web Services infrastructure provider.
properties:
+ cloudLoadBalancerConfig:
+ default:
+ dnsType: PlatformDefault
+ description: |-
+ cloudLoadBalancerConfig holds configuration related to DNS and cloud
+ load balancers. It allows configuration of in-cluster DNS as an alternative
+ to the platform default DNS implementation.
+ When using the ClusterHosted DNS type, Load Balancer IP addresses
+ must be provided for the API and internal API load balancers as well as the
+ ingress load balancer.
+ nullable: true
+ properties:
+ clusterHosted:
+ description: |-
+ clusterHosted holds the IP addresses of API, API-Int and Ingress Load
+ Balancers on Cloud Platforms. The DNS solution hosted within the cluster
+ use these IP addresses to provide resolution for API, API-Int and Ingress
+ services.
+ properties:
+ apiIntLoadBalancerIPs:
+ description: |-
+ apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the apiIntLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ apiLoadBalancerIPs:
+ description: |-
+ apiLoadBalancerIPs holds Load Balancer IPs for the API service.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Could be empty for private clusters.
+ Entries in the apiLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ ingressLoadBalancerIPs:
+ description: |-
+ ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
+ These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
+ Entries in the ingressLoadBalancerIPs must be unique.
+ A maximum of 16 IP addresses are permitted.
+ format: ip
+ items:
+ description: IP is an IP address (for example,
+ "10.0.0.0" or "fd00::").
+ maxLength: 39
+ minLength: 1
+ type: string
+ x-kubernetes-validations:
+ - message: value must be a valid IP address
+ rule: isIP(self)
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsType:
+ default: PlatformDefault
+ description: |-
+ dnsType indicates the type of DNS solution in use within the cluster. Its default value of
+ `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
+ It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
+ the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
+ The cluster's use of the cloud's Load Balancers is unaffected by this setting.
+ The value is immutable after it has been set at install time.
+ Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
+ Enabling this functionality allows the user to start their own DNS solution outside the cluster after
+ installation is complete. The customer would be responsible for configuring this custom DNS solution,
+ and it can be run in addition to the in-cluster DNS solution.
+ enum:
+ - ClusterHosted
+ - PlatformDefault
+ type: string
+ x-kubernetes-validations:
+ - message: dnsType is immutable
+ rule: oldSelf == '' || self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: clusterHosted is permitted only when dnsType
+ is ClusterHosted
+ rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
+ ? !has(self.clusterHosted) : true'
region:
description: region holds the default AWS region for
new AWS resources created by the cluster.
diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml
index bbee08a3391..c578ff9bacb 100644
--- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml
@@ -17,9 +17,6 @@
{
"name": "AWSClusterHostedDNS"
},
- {
- "name": "AWSClusterHostedDNSInstall"
- },
{
"name": "AWSDedicatedHosts"
},
@@ -286,6 +283,9 @@
}
],
"enabled": [
+ {
+ "name": "AWSClusterHostedDNSInstall"
+ },
{
"name": "AzureClusterHostedDNSInstall"
},
diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml
index d0f9a075948..c620c08a628 100644
--- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml
+++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml
@@ -19,9 +19,6 @@
{
"name": "AWSClusterHostedDNS"
},
- {
- "name": "AWSClusterHostedDNSInstall"
- },
{
"name": "AWSDedicatedHosts"
},
@@ -288,6 +285,9 @@
}
],
"enabled": [
+ {
+ "name": "AWSClusterHostedDNSInstall"
+ },
{
"name": "AzureClusterHostedDNSInstall"
},
diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml
index 20d8b200706..b249557116f 100644
--- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml
@@ -17,9 +17,6 @@
{
"name": "AWSClusterHostedDNS"
},
- {
- "name": "AWSClusterHostedDNSInstall"
- },
{
"name": "AWSDedicatedHosts"
},
@@ -280,6 +277,9 @@
}
],
"enabled": [
+ {
+ "name": "AWSClusterHostedDNSInstall"
+ },
{
"name": "AWSServiceLBNetworkSecurityGroup"
},
diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml
index 44a56c426b0..782a2805961 100644
--- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml
+++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml
@@ -19,9 +19,6 @@
{
"name": "AWSClusterHostedDNS"
},
- {
- "name": "AWSClusterHostedDNSInstall"
- },
{
"name": "AWSDedicatedHosts"
},
@@ -282,6 +279,9 @@
}
],
"enabled": [
+ {
+ "name": "AWSClusterHostedDNSInstall"
+ },
{
"name": "AWSServiceLBNetworkSecurityGroup"
},