diff --git a/data/data/cluster-api/ibmcloud-infrastructure-components.yaml b/data/data/cluster-api/ibmcloud-infrastructure-components.yaml index 4725f0b8425..bd44a6a9ce1 100644 --- a/data/data/cluster-api/ibmcloud-infrastructure-components.yaml +++ b/data/data/cluster-api/ibmcloud-infrastructure-components.yaml @@ -11,7 +11,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-ibmcloud-system/capi-ibmcloud-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 @@ -298,12 +298,30 @@ spec: AdditionalListenerSpec defines the desired state of an additional listener on an VPC load balancer. properties: + defaultPoolName: + description: defaultPoolName defines the name of a VPC + Load Balancer Backend Pool to use for the VPC Load Balancer + Listener. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string port: description: Port sets the port for the additional listener. format: int64 maximum: 65535 minimum: 1 type: integer + protocol: + description: |- + protocol defines the protocol to use for the VPC Load Balancer Listener. + Will default to TCP protocol if not specified. + enum: + - http + - https + - tcp + - udp + type: string required: - port type: object @@ -311,6 +329,93 @@ spec: x-kubernetes-list-map-keys: - port x-kubernetes-list-type: map + backendPools: + description: backendPools defines the load balancer's backend + pools. + items: + description: VPCLoadBalancerBackendPoolSpec defines the desired + configuration of a VPC Load Balancer Backend Pool. + properties: + algorithm: + description: algorithm defines the load balancing algorithm + to use. + enum: + - least_connections + - round_robin + - weighted_round_robin + type: string + healthMonitor: + description: healthMonitor defines the backend pool's + health monitor. + properties: + delay: + description: delay defines the seconds to wait between + health checks. + format: int64 + maximum: 60 + minimum: 2 + type: integer + port: + description: port defines the port to perform health + monitoring on. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + retries: + description: retries defines the max retries for health + check. + format: int64 + maximum: 10 + minimum: 1 + type: integer + timeout: + description: timeout defines the seconds to wait for + a health check response. + format: int64 + maximum: 59 + minimum: 1 + type: integer + type: + description: type defines the protocol used for health + checks. + enum: + - http + - https + - tcp + type: string + urlPath: + description: urlPath defines the URL to use for health + monitoring. + pattern: ^\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\/?]|%[a-fA-F0-9]{2})*)?$ + type: string + required: + - delay + - retries + - timeout + - type + type: object + name: + description: name defines the name of the Backend Pool. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + protocol: + description: protocol defines the protocol to use for + the Backend Pool. + enum: + - http + - https + - tcp + - udp + type: string + required: + - algorithm + - healthMonitor + - protocol + type: object + type: array id: description: id of the loadbalancer maxLength: 64 @@ -328,6 +433,46 @@ spec: description: public indicates that load balancer is public or private type: boolean + securityGroups: + description: |- + securityGroups defines the Security Groups to attach to the load balancer. + Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array + subnets: + description: |- + subnets defines the VPC Subnets to attach to the load balancer. + Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array type: object type: array network: @@ -389,6 +534,7 @@ spec: when omitted system will dynamically create the service instance with name CLUSTER_NAME-serviceInstance. when ServiceInstance.ID is set, its expected that there exist a service instance in PowerVS workspace with id or else system will give error. when ServiceInstance.Name is set, system will first check for service instance with Name in PowerVS workspace, if not exist system will create new instance. + if there are more than one service instance exist with the ServiceInstance.Name in given Zone, installation fails with an error. Use ServiceInstance.ID in those situations to use the specific service instance. ServiceInstance.Regex is not yet supported not yet supported and system will ignore the value. properties: id: @@ -975,6 +1121,32 @@ spec: id: description: id represents the id of the resource. type: string + powerVSConnection: + description: powerVSConnection defines the powervs connection + status in transit gateway. + properties: + controllerCreated: + default: false + description: controllerCreated indicates whether the resource + is created by the controller. + type: boolean + id: + description: id represents the id of the resource. + type: string + type: object + vpcConnection: + description: vpcConnection defines the vpc connection status in + transit gateway. + properties: + controllerCreated: + default: false + description: controllerCreated indicates whether the resource + is created by the controller. + type: boolean + id: + description: id represents the id of the resource. + type: string + type: object type: object vpc: description: vpc is reference to IBM Cloud VPC resources. @@ -1039,7 +1211,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 @@ -1344,6 +1516,14 @@ spec: AdditionalListenerSpec defines the desired state of an additional listener on an VPC load balancer. properties: + defaultPoolName: + description: defaultPoolName defines the name + of a VPC Load Balancer Backend Pool to use for + the VPC Load Balancer Listener. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string port: description: Port sets the port for the additional listener. @@ -1351,6 +1531,16 @@ spec: maximum: 65535 minimum: 1 type: integer + protocol: + description: |- + protocol defines the protocol to use for the VPC Load Balancer Listener. + Will default to TCP protocol if not specified. + enum: + - http + - https + - tcp + - udp + type: string required: - port type: object @@ -1358,6 +1548,95 @@ spec: x-kubernetes-list-map-keys: - port x-kubernetes-list-type: map + backendPools: + description: backendPools defines the load balancer's + backend pools. + items: + description: VPCLoadBalancerBackendPoolSpec defines + the desired configuration of a VPC Load Balancer + Backend Pool. + properties: + algorithm: + description: algorithm defines the load balancing + algorithm to use. + enum: + - least_connections + - round_robin + - weighted_round_robin + type: string + healthMonitor: + description: healthMonitor defines the backend + pool's health monitor. + properties: + delay: + description: delay defines the seconds to + wait between health checks. + format: int64 + maximum: 60 + minimum: 2 + type: integer + port: + description: port defines the port to perform + health monitoring on. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + retries: + description: retries defines the max retries + for health check. + format: int64 + maximum: 10 + minimum: 1 + type: integer + timeout: + description: timeout defines the seconds to + wait for a health check response. + format: int64 + maximum: 59 + minimum: 1 + type: integer + type: + description: type defines the protocol used + for health checks. + enum: + - http + - https + - tcp + type: string + urlPath: + description: urlPath defines the URL to use + for health monitoring. + pattern: ^\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\/?]|%[a-fA-F0-9]{2})*)?$ + type: string + required: + - delay + - retries + - timeout + - type + type: object + name: + description: name defines the name of the Backend + Pool. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + protocol: + description: protocol defines the protocol to + use for the Backend Pool. + enum: + - http + - https + - tcp + - udp + type: string + required: + - algorithm + - healthMonitor + - protocol + type: object + type: array id: description: id of the loadbalancer maxLength: 64 @@ -1375,6 +1654,46 @@ spec: description: public indicates that load balancer is public or private type: boolean + securityGroups: + description: |- + securityGroups defines the Security Groups to attach to the load balancer. + Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array + subnets: + description: |- + subnets defines the VPC Subnets to attach to the load balancer. + Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array type: object type: array network: @@ -1436,6 +1755,7 @@ spec: when omitted system will dynamically create the service instance with name CLUSTER_NAME-serviceInstance. when ServiceInstance.ID is set, its expected that there exist a service instance in PowerVS workspace with id or else system will give error. when ServiceInstance.Name is set, system will first check for service instance with Name in PowerVS workspace, if not exist system will create new instance. + if there are more than one service instance exist with the ServiceInstance.Name in given Zone, installation fails with an error. Use ServiceInstance.ID in those situations to use the specific service instance. ServiceInstance.Regex is not yet supported not yet supported and system will ignore the value. properties: id: @@ -1898,7 +2218,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-ibmcloud-system/capi-ibmcloud-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 @@ -2238,7 +2558,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-ibmcloud-system/capi-ibmcloud-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 @@ -2350,10 +2670,15 @@ spec: the details for provisioning the Image for a Cluster. properties: name: + default: "" description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -2627,10 +2952,15 @@ spec: the details for provisioning the Image for a Cluster. properties: name: + default: "" description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -2897,7 +3227,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-ibmcloud-system/capi-ibmcloud-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 @@ -2983,10 +3313,15 @@ spec: the details for provisioning the Image for a Cluster. properties: name: + default: "" description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -3129,10 +3464,15 @@ spec: the details for provisioning the Image for a Cluster. properties: name: + default: "" description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -3294,7 +3634,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-ibmcloud-system/capi-ibmcloud-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 @@ -3554,8 +3894,9 @@ spec: - port type: object controlPlaneLoadBalancer: - description: ControlPlaneLoadBalancer is optional configuration for - customizing control plane behavior. + description: |- + ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior. + Use this for legacy support, use Network.LoadBalancers for the extended VPC support. properties: additionalListeners: description: AdditionalListeners sets the additional listeners @@ -3565,12 +3906,30 @@ spec: AdditionalListenerSpec defines the desired state of an additional listener on an VPC load balancer. properties: + defaultPoolName: + description: defaultPoolName defines the name of a VPC Load + Balancer Backend Pool to use for the VPC Load Balancer + Listener. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string port: description: Port sets the port for the additional listener. format: int64 maximum: 65535 minimum: 1 type: integer + protocol: + description: |- + protocol defines the protocol to use for the VPC Load Balancer Listener. + Will default to TCP protocol if not specified. + enum: + - http + - https + - tcp + - udp + type: string required: - port type: object @@ -3578,6 +3937,93 @@ spec: x-kubernetes-list-map-keys: - port x-kubernetes-list-type: map + backendPools: + description: backendPools defines the load balancer's backend + pools. + items: + description: VPCLoadBalancerBackendPoolSpec defines the desired + configuration of a VPC Load Balancer Backend Pool. + properties: + algorithm: + description: algorithm defines the load balancing algorithm + to use. + enum: + - least_connections + - round_robin + - weighted_round_robin + type: string + healthMonitor: + description: healthMonitor defines the backend pool's health + monitor. + properties: + delay: + description: delay defines the seconds to wait between + health checks. + format: int64 + maximum: 60 + minimum: 2 + type: integer + port: + description: port defines the port to perform health + monitoring on. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + retries: + description: retries defines the max retries for health + check. + format: int64 + maximum: 10 + minimum: 1 + type: integer + timeout: + description: timeout defines the seconds to wait for + a health check response. + format: int64 + maximum: 59 + minimum: 1 + type: integer + type: + description: type defines the protocol used for health + checks. + enum: + - http + - https + - tcp + type: string + urlPath: + description: urlPath defines the URL to use for health + monitoring. + pattern: ^\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\/?]|%[a-fA-F0-9]{2})*)?$ + type: string + required: + - delay + - retries + - timeout + - type + type: object + name: + description: name defines the name of the Backend Pool. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + protocol: + description: protocol defines the protocol to use for the + Backend Pool. + enum: + - http + - https + - tcp + - udp + type: string + required: + - algorithm + - healthMonitor + - protocol + type: object + type: array id: description: id of the loadbalancer maxLength: 64 @@ -3595,111 +4041,1009 @@ spec: description: public indicates that load balancer is public or private type: boolean + securityGroups: + description: |- + securityGroups defines the Security Groups to attach to the load balancer. + Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array + subnets: + description: |- + subnets defines the VPC Subnets to attach to the load balancer. + Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array type: object - region: - description: The IBM Cloud Region the cluster lives in. - type: string - resourceGroup: - description: The VPC resources should be created under the resource - group. - type: string - vpc: - description: The Name of VPC. - type: string - zone: - description: The Name of availability zone. - type: string - required: - - region - - resourceGroup - type: object - status: - description: IBMVPCClusterStatus defines the observed state of IBMVPCCluster. - properties: - conditions: - description: Conditions defines current service state of the load - balancer. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - controlPlaneLoadBalancerState: - description: ControlPlaneLoadBalancerState is the status of the load - balancer. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - subnet: - description: Subnet describes a subnet. + image: + description: image represents the Image details used for the cluster. properties: - cidr: + cosBucket: + description: cosBucket is the name of the IBM Cloud COS Bucket + containing the source of the image, if necessary. type: string - id: - maxLength: 64 - minLength: 1 - pattern: ^[-0-9a-z_]+$ + cosBucketRegion: + description: cosBucketRegion is the COS region the bucket is in. + type: string + cosInstance: + description: cosInstance is the name of the IBM Cloud COS Instance + containing the source of the image, if necessary. + type: string + cosObject: + description: cosObject is the name of a IBM Cloud COS Object used + as the source of the image, if necessary. + type: string + crn: + description: crn is the IBM Cloud CRN of the existing VPC Custom + Image. type: string name: + description: name is the name of the desired VPC Custom Image. maxLength: 63 minLength: 1 - pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + pattern: '''/^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$/''' type: string - zone: + operatingSystem: + description: operatingSystem is the Custom Image's Operating System + name. type: string + resourceGroup: + description: resourceGroup is the Resource Group to create the + Custom Image in. + properties: + id: + description: id defines the IBM Cloud Resource ID. + type: string + name: + description: name defines the IBM Cloud Resource Name. + type: string + required: + - id + type: object type: object - vpc: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file + x-kubernetes-validations: + - message: if any of cosInstance, cosBucket, or cosObject are specified, + all must be specified + rule: (!has(self.cosInstance) && !has(self.cosBucket) && !has(self.cosObject)) + || (has(self.cosInstance) && has(self.cosBucket) && has(self.cosObject)) + - message: an existing image name or crn must be provided, or to create + a new image the cos resources must be provided, with or without + a name + rule: has(self.name) || has(self.crn) || (has(self.cosInstance) + && has(self.cosBucket) && has(self.cosObject)) + network: + description: network represents the VPC network to use for the cluster. properties: - id: - type: string - name: - type: string - required: - - id - - name - type: object + controlPlaneSubnets: + description: controlPlaneSubnets is a set of Subnet's which define + the Control Plane subnets. + items: + description: Subnet describes a subnet. + properties: + cidr: + type: string + id: + maxLength: 64 + minLength: 1 + pattern: ^[-0-9a-z_]+$ + type: string + name: + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + zone: + type: string + type: object + type: array + loadBalancers: + description: loadBalancers is a set of VPC Load Balancer definitions + to use for the cluster. + items: + description: VPCLoadBalancerSpec defines the desired state of + an VPC load balancer. + properties: + additionalListeners: + description: AdditionalListeners sets the additional listeners + for the control plane load balancer. + items: + description: |- + AdditionalListenerSpec defines the desired state of an + additional listener on an VPC load balancer. + properties: + defaultPoolName: + description: defaultPoolName defines the name of a + VPC Load Balancer Backend Pool to use for the VPC + Load Balancer Listener. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + port: + description: Port sets the port for the additional + listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: |- + protocol defines the protocol to use for the VPC Load Balancer Listener. + Will default to TCP protocol if not specified. + enum: + - http + - https + - tcp + - udp + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + backendPools: + description: backendPools defines the load balancer's backend + pools. + items: + description: VPCLoadBalancerBackendPoolSpec defines the + desired configuration of a VPC Load Balancer Backend + Pool. + properties: + algorithm: + description: algorithm defines the load balancing + algorithm to use. + enum: + - least_connections + - round_robin + - weighted_round_robin + type: string + healthMonitor: + description: healthMonitor defines the backend pool's + health monitor. + properties: + delay: + description: delay defines the seconds to wait + between health checks. + format: int64 + maximum: 60 + minimum: 2 + type: integer + port: + description: port defines the port to perform + health monitoring on. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + retries: + description: retries defines the max retries for + health check. + format: int64 + maximum: 10 + minimum: 1 + type: integer + timeout: + description: timeout defines the seconds to wait + for a health check response. + format: int64 + maximum: 59 + minimum: 1 + type: integer + type: + description: type defines the protocol used for + health checks. + enum: + - http + - https + - tcp + type: string + urlPath: + description: urlPath defines the URL to use for + health monitoring. + pattern: ^\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\/?]|%[a-fA-F0-9]{2})*)?$ + type: string + required: + - delay + - retries + - timeout + - type + type: object + name: + description: name defines the name of the Backend + Pool. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + protocol: + description: protocol defines the protocol to use + for the Backend Pool. + enum: + - http + - https + - tcp + - udp + type: string + required: + - algorithm + - healthMonitor + - protocol + type: object + type: array + id: + description: id of the loadbalancer + maxLength: 64 + minLength: 1 + pattern: ^[-0-9a-z_]+$ + type: string + name: + description: Name sets the name of the VPC load balancer. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + public: + default: true + description: public indicates that load balancer is public + or private + type: boolean + securityGroups: + description: |- + securityGroups defines the Security Groups to attach to the load balancer. + Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array + subnets: + description: |- + subnets defines the VPC Subnets to attach to the load balancer. + Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array + type: object + type: array + resourceGroup: + description: |- + resourceGroup is the Resource Group containing all of the newtork resources. + This can be different than the Resource Group containing the remaining cluster resources. + properties: + id: + description: id defines the IBM Cloud Resource ID. + type: string + name: + description: name defines the IBM Cloud Resource Name. + type: string + required: + - id + type: object + securityGroups: + description: securityGroups is a set of VPCSecurityGroup's which + define the VPC Security Groups that manage traffic within and + out of the VPC. + items: + description: VPCSecurityGroup defines a VPC Security Group that + should exist or be created within the specified VPC, with + the specified Security Group Rules. + properties: + id: + description: id of the Security Group. + type: string + name: + description: name of the Security Group. + type: string + rules: + description: rules are the Security Group Rules for the + Security Group. + items: + description: VPCSecurityGroupRule defines a VPC Security + Group Rule for a specified Security Group. + properties: + action: + description: action defines whether to allow or deny + traffic defined by the Security Group Rule. + enum: + - allow + - deny + type: string + destination: + description: |- + destination is a VPCSecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule. + Only used when direction is VPCSecurityGroupRuleDirectionOutbound. + properties: + icmpCode: + description: |- + icmpCode is the ICMP code for the Rule. + Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + format: int64 + type: integer + icmpType: + description: |- + icmpType is the ICMP type for the Rule. + Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + format: int64 + type: integer + portRange: + description: portRange is a range of ports allowed + for the Rule's remote. + properties: + maximumPort: + description: maximumPort is the inclusive + upper range of ports. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + minimumPort: + description: minimumPort is the inclusive + lower range of ports. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + type: object + x-kubernetes-validations: + - message: maximum port must be greater than or + equal to minimum port + rule: self.maximumPort >= self.minimumPort + protocol: + description: protocol defines the traffic protocol + used for the Security Group Rule. + enum: + - all + - icmp + - tcp + - udp + type: string + remotes: + description: |- + remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote. + Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc. + This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc. + items: + description: |- + VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. + The type of remote defines the additional remote details where are used for defining the remote. + properties: + address: + description: |2- + address is the address to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress. + type: string + cidrSubnetName: + description: |- + cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR. + type: string + remoteType: + description: remoteType defines the type + of filter to define for the remote's destination/source. + enum: + - any + - cidr + - address + - sg + type: string + securityGroupName: + description: |- + securityGroupName is the name of the VPC Security Group to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeSG + type: string + required: + - remoteType + type: object + x-kubernetes-validations: + - message: cidrSubnetName, addresss, and securityGroupName + are not valid for VPCSecurityGroupRuleRemoteTypeAny + remoteType + rule: 'self.remoteType == ''any'' ? (!has(self.cidrSubnetName) + && !has(self.address) && !has(self.securityGroupName)) + : true' + - message: only cidrSubnetName is valid for + VPCSecurityGroupRuleRemoteTypeCIDR remoteType + rule: 'self.remoteType == ''cidr'' ? (has(self.cidrSubnetName) + && !has(self.address) && !has(self.securityGroupName)) + : true' + - message: only address is valid for VPCSecurityGroupRuleRemoteTypeIP + remoteType + rule: 'self.remoteType == ''address'' ? (has(self.address) + && !has(self.cidrSubnetName) && !has(self.securityGroupName)) + : true' + - message: only securityGroupName is valid for + VPCSecurityGroupRuleRemoteTypeSG remoteType + rule: 'self.remoteType == ''sg'' ? (has(self.securityGroupName) + && !has(self.cidrSubnetName) && !has(self.address)) + : true' + type: array + required: + - protocol + - remotes + type: object + x-kubernetes-validations: + - message: icmpCode and icmpType are only supported + for VPCSecurityGroupRuleProtocolIcmp protocol + rule: 'self.protocol != ''icmp'' ? (!has(self.icmpCode) + && !has(self.icmpType)) : true' + - message: portRange is not valid for VPCSecurityGroupRuleProtocolAll + protocol + rule: 'self.protocol == ''all'' ? !has(self.portRange) + : true' + - message: portRange is not valid for VPCSecurityGroupRuleProtocolIcmp + protocol + rule: 'self.protocol == ''icmp'' ? !has(self.portRange) + : true' + direction: + description: direction defines whether the traffic + is inbound or outbound for the Security Group Rule. + enum: + - inbound + - outbound + type: string + securityGroupID: + description: securityGroupID is the ID of the Security + Group for the Security Group Rule. + type: string + source: + description: |- + source is a VPCSecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule. + Only used when direction is VPCSecurityGroupRuleDirectionInbound. + properties: + icmpCode: + description: |- + icmpCode is the ICMP code for the Rule. + Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + format: int64 + type: integer + icmpType: + description: |- + icmpType is the ICMP type for the Rule. + Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + format: int64 + type: integer + portRange: + description: portRange is a range of ports allowed + for the Rule's remote. + properties: + maximumPort: + description: maximumPort is the inclusive + upper range of ports. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + minimumPort: + description: minimumPort is the inclusive + lower range of ports. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + type: object + x-kubernetes-validations: + - message: maximum port must be greater than or + equal to minimum port + rule: self.maximumPort >= self.minimumPort + protocol: + description: protocol defines the traffic protocol + used for the Security Group Rule. + enum: + - all + - icmp + - tcp + - udp + type: string + remotes: + description: |- + remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote. + Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc. + This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc. + items: + description: |- + VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. + The type of remote defines the additional remote details where are used for defining the remote. + properties: + address: + description: |2- + address is the address to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress. + type: string + cidrSubnetName: + description: |- + cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR. + type: string + remoteType: + description: remoteType defines the type + of filter to define for the remote's destination/source. + enum: + - any + - cidr + - address + - sg + type: string + securityGroupName: + description: |- + securityGroupName is the name of the VPC Security Group to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeSG + type: string + required: + - remoteType + type: object + x-kubernetes-validations: + - message: cidrSubnetName, addresss, and securityGroupName + are not valid for VPCSecurityGroupRuleRemoteTypeAny + remoteType + rule: 'self.remoteType == ''any'' ? (!has(self.cidrSubnetName) + && !has(self.address) && !has(self.securityGroupName)) + : true' + - message: only cidrSubnetName is valid for + VPCSecurityGroupRuleRemoteTypeCIDR remoteType + rule: 'self.remoteType == ''cidr'' ? (has(self.cidrSubnetName) + && !has(self.address) && !has(self.securityGroupName)) + : true' + - message: only address is valid for VPCSecurityGroupRuleRemoteTypeIP + remoteType + rule: 'self.remoteType == ''address'' ? (has(self.address) + && !has(self.cidrSubnetName) && !has(self.securityGroupName)) + : true' + - message: only securityGroupName is valid for + VPCSecurityGroupRuleRemoteTypeSG remoteType + rule: 'self.remoteType == ''sg'' ? (has(self.securityGroupName) + && !has(self.cidrSubnetName) && !has(self.address)) + : true' + type: array + required: + - protocol + - remotes + type: object + x-kubernetes-validations: + - message: icmpCode and icmpType are only supported + for VPCSecurityGroupRuleProtocolIcmp protocol + rule: 'self.protocol != ''icmp'' ? (!has(self.icmpCode) + && !has(self.icmpType)) : true' + - message: portRange is not valid for VPCSecurityGroupRuleProtocolAll + protocol + rule: 'self.protocol == ''all'' ? !has(self.portRange) + : true' + - message: portRange is not valid for VPCSecurityGroupRuleProtocolIcmp + protocol + rule: 'self.protocol == ''icmp'' ? !has(self.portRange) + : true' + required: + - action + - direction + type: object + x-kubernetes-validations: + - message: both destination and source cannot be provided + rule: (has(self.destination) && !has(self.source)) || + (!has(self.destination) && has(self.source)) + - message: source must be set for VPCSecurityGroupRuleDirectionInbound + direction + rule: 'self.direction == ''inbound'' ? has(self.source) + : true' + - message: destination is not valid for VPCSecurityGroupRuleDirectionInbound + direction + rule: 'self.direction == ''inbound'' ? !has(self.destination) + : true' + - message: destination must be set for VPCSecurityGroupRuleDirectionOutbound + direction + rule: 'self.direction == ''outbound'' ? has(self.destination) + : true' + - message: source is not valid for VPCSecurityGroupRuleDirectionOutbound + direction + rule: 'self.direction == ''outbound'' ? !has(self.source) + : true' + type: array + tags: + description: tags are tags to add to the Security Group. + items: + type: string + type: array + type: object + x-kubernetes-validations: + - message: either an id or name must be specified + rule: has(self.id) || has(self.name) + type: array + vpc: + description: vpc defines the IBM Cloud VPC for extended VPC Infrastructure + support. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + workerSubnets: + description: workerSubnets is a set of Subnet's which define the + Worker subnets. + items: + description: Subnet describes a subnet. + properties: + cidr: + type: string + id: + maxLength: 64 + minLength: 1 + pattern: ^[-0-9a-z_]+$ + type: string + name: + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + zone: + type: string + type: object + type: array + type: object + region: + description: The IBM Cloud Region the cluster lives in. + type: string + resourceGroup: + description: The VPC resources should be created under the resource + group. + type: string + vpc: + description: The Name of VPC. + type: string + zone: + description: The Name of availability zone. + type: string + required: + - region + - resourceGroup + type: object + status: + description: IBMVPCClusterStatus defines the observed state of IBMVPCCluster. + properties: + conditions: + description: Conditions defines current service state of the load + balancer. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + controlPlaneLoadBalancerState: + description: ControlPlaneLoadBalancerState is the status of the load + balancer. + type: string + image: + description: image is the status of the VPC Custom Image. + properties: + id: + description: id defines the Id of the IBM Cloud resource status. + type: string + name: + description: name defines the name of the IBM Cloud resource status. + type: string + ready: + description: ready defines whether the IBM Cloud resource is ready. + type: boolean + required: + - id + - ready + type: object + network: + description: network is the status of the VPC network resources for + extended VPC Infrastructure support. + properties: + controlPlaneSubnets: + additionalProperties: + description: ResourceStatus identifies a resource by id (and + name) and whether it is ready. + properties: + id: + description: id defines the Id of the IBM Cloud resource + status. + type: string + name: + description: name defines the name of the IBM Cloud resource + status. + type: string + ready: + description: ready defines whether the IBM Cloud resource + is ready. + type: boolean + required: + - id + - ready + type: object + description: |- + controlPlaneSubnets references the VPC Subnets for the cluster's Control Plane. + The map simplifies lookups. + type: object + loadBalancers: + additionalProperties: + description: VPCLoadBalancerStatus defines the status VPC load + balancer. + properties: + controllerCreated: + default: false + description: controllerCreated indicates whether the resource + is created by the controller. + type: boolean + hostname: + description: hostname is the hostname of load balancer. + type: string + id: + description: id of VPC load balancer. + type: string + state: + description: State is the status of the load balancer. + type: string + type: object + description: |- + loadBalancers references the VPC Load Balancer's for the cluster. + The map simplifies lookups. + type: object + publicGateways: + additionalProperties: + description: ResourceStatus identifies a resource by id (and + name) and whether it is ready. + properties: + id: + description: id defines the Id of the IBM Cloud resource + status. + type: string + name: + description: name defines the name of the IBM Cloud resource + status. + type: string + ready: + description: ready defines whether the IBM Cloud resource + is ready. + type: boolean + required: + - id + - ready + type: object + description: |- + publicGateways references the VPC Public Gateways for the cluster. + The map simplifies lookups. + type: object + resourceGroup: + description: |- + resourceGroup references the Resource Group for Network resources for the cluster. + This can be the same or unique from the cluster's Resource Group. + properties: + id: + description: id defines the Id of the IBM Cloud resource status. + type: string + name: + description: name defines the name of the IBM Cloud resource + status. + type: string + ready: + description: ready defines whether the IBM Cloud resource + is ready. + type: boolean + required: + - id + - ready + type: object + securityGroups: + additionalProperties: + description: ResourceStatus identifies a resource by id (and + name) and whether it is ready. + properties: + id: + description: id defines the Id of the IBM Cloud resource + status. + type: string + name: + description: name defines the name of the IBM Cloud resource + status. + type: string + ready: + description: ready defines whether the IBM Cloud resource + is ready. + type: boolean + required: + - id + - ready + type: object + description: |- + securityGroups references the VPC Security Groups for the cluster. + The map simplifies lookups. + type: object + vpc: + description: vpc references the status of the IBM Cloud VPC as + part of the extended VPC Infrastructure support. + properties: + id: + description: id defines the Id of the IBM Cloud resource status. + type: string + name: + description: name defines the name of the IBM Cloud resource + status. + type: string + ready: + description: ready defines whether the IBM Cloud resource + is ready. + type: boolean + required: + - id + - ready + type: object + workerSubnets: + additionalProperties: + description: ResourceStatus identifies a resource by id (and + name) and whether it is ready. + properties: + id: + description: id defines the Id of the IBM Cloud resource + status. + type: string + name: + description: name defines the name of the IBM Cloud resource + status. + type: string + ready: + description: ready defines whether the IBM Cloud resource + is ready. + type: boolean + required: + - id + - ready + type: object + description: |- + workerSubnets references the VPC Subnets for the cluster's Data Plane. + The map simplifies lookups. + type: object + type: object + ready: + default: false + description: Ready is true when the provider resource is ready. + type: boolean + resourceGroup: + description: resourceGroup is the status of the cluster's Resource + Group for extended VPC Infrastructure support. + properties: + id: + description: id defines the Id of the IBM Cloud resource status. + type: string + name: + description: name defines the name of the IBM Cloud resource status. + type: string + ready: + description: ready defines whether the IBM Cloud resource is ready. + type: boolean + required: + - id + - ready + type: object + subnet: + description: Subnet describes a subnet. + properties: + cidr: + type: string + id: + maxLength: 64 + minLength: 1 + pattern: ^[-0-9a-z_]+$ + type: string + name: + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + zone: + type: string + type: object + vpc: + description: |- + Important: Run "make" to regenerate code after modifying this file + dep: rely on Network instead. + properties: + id: + type: string + name: + type: string + required: + - id + - name + type: object vpcEndpoint: description: VPCEndpoint describes a VPCEndpoint. properties: @@ -3725,7 +5069,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 @@ -3821,8 +5165,9 @@ spec: - port type: object controlPlaneLoadBalancer: - description: ControlPlaneLoadBalancer is optional configuration - for customizing control plane behavior. + description: |- + ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior. + Use this for legacy support, use Network.LoadBalancers for the extended VPC support. properties: additionalListeners: description: AdditionalListeners sets the additional listeners @@ -3832,6 +5177,14 @@ spec: AdditionalListenerSpec defines the desired state of an additional listener on an VPC load balancer. properties: + defaultPoolName: + description: defaultPoolName defines the name of + a VPC Load Balancer Backend Pool to use for the + VPC Load Balancer Listener. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string port: description: Port sets the port for the additional listener. @@ -3839,6 +5192,16 @@ spec: maximum: 65535 minimum: 1 type: integer + protocol: + description: |- + protocol defines the protocol to use for the VPC Load Balancer Listener. + Will default to TCP protocol if not specified. + enum: + - http + - https + - tcp + - udp + type: string required: - port type: object @@ -3846,6 +5209,95 @@ spec: x-kubernetes-list-map-keys: - port x-kubernetes-list-type: map + backendPools: + description: backendPools defines the load balancer's + backend pools. + items: + description: VPCLoadBalancerBackendPoolSpec defines + the desired configuration of a VPC Load Balancer Backend + Pool. + properties: + algorithm: + description: algorithm defines the load balancing + algorithm to use. + enum: + - least_connections + - round_robin + - weighted_round_robin + type: string + healthMonitor: + description: healthMonitor defines the backend pool's + health monitor. + properties: + delay: + description: delay defines the seconds to wait + between health checks. + format: int64 + maximum: 60 + minimum: 2 + type: integer + port: + description: port defines the port to perform + health monitoring on. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + retries: + description: retries defines the max retries + for health check. + format: int64 + maximum: 10 + minimum: 1 + type: integer + timeout: + description: timeout defines the seconds to + wait for a health check response. + format: int64 + maximum: 59 + minimum: 1 + type: integer + type: + description: type defines the protocol used + for health checks. + enum: + - http + - https + - tcp + type: string + urlPath: + description: urlPath defines the URL to use + for health monitoring. + pattern: ^\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\/?]|%[a-fA-F0-9]{2})*)?$ + type: string + required: + - delay + - retries + - timeout + - type + type: object + name: + description: name defines the name of the Backend + Pool. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + protocol: + description: protocol defines the protocol to use + for the Backend Pool. + enum: + - http + - https + - tcp + - udp + type: string + required: + - algorithm + - healthMonitor + - protocol + type: object + type: array id: description: id of the loadbalancer maxLength: 64 @@ -3863,6 +5315,737 @@ spec: description: public indicates that load balancer is public or private type: boolean + securityGroups: + description: |- + securityGroups defines the Security Groups to attach to the load balancer. + Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array + subnets: + description: |- + subnets defines the VPC Subnets to attach to the load balancer. + Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array + type: object + image: + description: image represents the Image details used for the + cluster. + properties: + cosBucket: + description: cosBucket is the name of the IBM Cloud COS + Bucket containing the source of the image, if necessary. + type: string + cosBucketRegion: + description: cosBucketRegion is the COS region the bucket + is in. + type: string + cosInstance: + description: cosInstance is the name of the IBM Cloud + COS Instance containing the source of the image, if + necessary. + type: string + cosObject: + description: cosObject is the name of a IBM Cloud COS + Object used as the source of the image, if necessary. + type: string + crn: + description: crn is the IBM Cloud CRN of the existing + VPC Custom Image. + type: string + name: + description: name is the name of the desired VPC Custom + Image. + maxLength: 63 + minLength: 1 + pattern: '''/^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$/''' + type: string + operatingSystem: + description: operatingSystem is the Custom Image's Operating + System name. + type: string + resourceGroup: + description: resourceGroup is the Resource Group to create + the Custom Image in. + properties: + id: + description: id defines the IBM Cloud Resource ID. + type: string + name: + description: name defines the IBM Cloud Resource Name. + type: string + required: + - id + type: object + type: object + x-kubernetes-validations: + - message: if any of cosInstance, cosBucket, or cosObject + are specified, all must be specified + rule: (!has(self.cosInstance) && !has(self.cosBucket) && + !has(self.cosObject)) || (has(self.cosInstance) && has(self.cosBucket) + && has(self.cosObject)) + - message: an existing image name or crn must be provided, + or to create a new image the cos resources must be provided, + with or without a name + rule: has(self.name) || has(self.crn) || (has(self.cosInstance) + && has(self.cosBucket) && has(self.cosObject)) + network: + description: network represents the VPC network to use for + the cluster. + properties: + controlPlaneSubnets: + description: controlPlaneSubnets is a set of Subnet's + which define the Control Plane subnets. + items: + description: Subnet describes a subnet. + properties: + cidr: + type: string + id: + maxLength: 64 + minLength: 1 + pattern: ^[-0-9a-z_]+$ + type: string + name: + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + zone: + type: string + type: object + type: array + loadBalancers: + description: loadBalancers is a set of VPC Load Balancer + definitions to use for the cluster. + items: + description: VPCLoadBalancerSpec defines the desired + state of an VPC load balancer. + properties: + additionalListeners: + description: AdditionalListeners sets the additional + listeners for the control plane load balancer. + items: + description: |- + AdditionalListenerSpec defines the desired state of an + additional listener on an VPC load balancer. + properties: + defaultPoolName: + description: defaultPoolName defines the name + of a VPC Load Balancer Backend Pool to use + for the VPC Load Balancer Listener. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + port: + description: Port sets the port for the additional + listener. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: |- + protocol defines the protocol to use for the VPC Load Balancer Listener. + Will default to TCP protocol if not specified. + enum: + - http + - https + - tcp + - udp + type: string + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + x-kubernetes-list-type: map + backendPools: + description: backendPools defines the load balancer's + backend pools. + items: + description: VPCLoadBalancerBackendPoolSpec defines + the desired configuration of a VPC Load Balancer + Backend Pool. + properties: + algorithm: + description: algorithm defines the load balancing + algorithm to use. + enum: + - least_connections + - round_robin + - weighted_round_robin + type: string + healthMonitor: + description: healthMonitor defines the backend + pool's health monitor. + properties: + delay: + description: delay defines the seconds + to wait between health checks. + format: int64 + maximum: 60 + minimum: 2 + type: integer + port: + description: port defines the port to + perform health monitoring on. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + retries: + description: retries defines the max retries + for health check. + format: int64 + maximum: 10 + minimum: 1 + type: integer + timeout: + description: timeout defines the seconds + to wait for a health check response. + format: int64 + maximum: 59 + minimum: 1 + type: integer + type: + description: type defines the protocol + used for health checks. + enum: + - http + - https + - tcp + type: string + urlPath: + description: urlPath defines the URL to + use for health monitoring. + pattern: ^\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\/?]|%[a-fA-F0-9]{2})*)?$ + type: string + required: + - delay + - retries + - timeout + - type + type: object + name: + description: name defines the name of the + Backend Pool. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + protocol: + description: protocol defines the protocol + to use for the Backend Pool. + enum: + - http + - https + - tcp + - udp + type: string + required: + - algorithm + - healthMonitor + - protocol + type: object + type: array + id: + description: id of the loadbalancer + maxLength: 64 + minLength: 1 + pattern: ^[-0-9a-z_]+$ + type: string + name: + description: Name sets the name of the VPC load + balancer. + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + public: + default: true + description: public indicates that load balancer + is public or private + type: boolean + securityGroups: + description: |- + securityGroups defines the Security Groups to attach to the load balancer. + Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array + subnets: + description: |- + subnets defines the VPC Subnets to attach to the load balancer. + Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). + items: + description: VPCResource represents a VPC resource. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + type: array + type: object + type: array + resourceGroup: + description: |- + resourceGroup is the Resource Group containing all of the newtork resources. + This can be different than the Resource Group containing the remaining cluster resources. + properties: + id: + description: id defines the IBM Cloud Resource ID. + type: string + name: + description: name defines the IBM Cloud Resource Name. + type: string + required: + - id + type: object + securityGroups: + description: securityGroups is a set of VPCSecurityGroup's + which define the VPC Security Groups that manage traffic + within and out of the VPC. + items: + description: VPCSecurityGroup defines a VPC Security + Group that should exist or be created within the specified + VPC, with the specified Security Group Rules. + properties: + id: + description: id of the Security Group. + type: string + name: + description: name of the Security Group. + type: string + rules: + description: rules are the Security Group Rules + for the Security Group. + items: + description: VPCSecurityGroupRule defines a VPC + Security Group Rule for a specified Security + Group. + properties: + action: + description: action defines whether to allow + or deny traffic defined by the Security + Group Rule. + enum: + - allow + - deny + type: string + destination: + description: |- + destination is a VPCSecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule. + Only used when direction is VPCSecurityGroupRuleDirectionOutbound. + properties: + icmpCode: + description: |- + icmpCode is the ICMP code for the Rule. + Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + format: int64 + type: integer + icmpType: + description: |- + icmpType is the ICMP type for the Rule. + Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + format: int64 + type: integer + portRange: + description: portRange is a range of ports + allowed for the Rule's remote. + properties: + maximumPort: + description: maximumPort is the inclusive + upper range of ports. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + minimumPort: + description: minimumPort is the inclusive + lower range of ports. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + type: object + x-kubernetes-validations: + - message: maximum port must be greater + than or equal to minimum port + rule: self.maximumPort >= self.minimumPort + protocol: + description: protocol defines the traffic + protocol used for the Security Group + Rule. + enum: + - all + - icmp + - tcp + - udp + type: string + remotes: + description: |- + remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote. + Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc. + This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc. + items: + description: |- + VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. + The type of remote defines the additional remote details where are used for defining the remote. + properties: + address: + description: |2- + address is the address to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress. + type: string + cidrSubnetName: + description: |- + cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR. + type: string + remoteType: + description: remoteType defines + the type of filter to define for + the remote's destination/source. + enum: + - any + - cidr + - address + - sg + type: string + securityGroupName: + description: |- + securityGroupName is the name of the VPC Security Group to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeSG + type: string + required: + - remoteType + type: object + x-kubernetes-validations: + - message: cidrSubnetName, addresss, + and securityGroupName are not valid + for VPCSecurityGroupRuleRemoteTypeAny + remoteType + rule: 'self.remoteType == ''any'' + ? (!has(self.cidrSubnetName) && + !has(self.address) && !has(self.securityGroupName)) + : true' + - message: only cidrSubnetName is valid + for VPCSecurityGroupRuleRemoteTypeCIDR + remoteType + rule: 'self.remoteType == ''cidr'' + ? (has(self.cidrSubnetName) && !has(self.address) + && !has(self.securityGroupName)) + : true' + - message: only address is valid for + VPCSecurityGroupRuleRemoteTypeIP + remoteType + rule: 'self.remoteType == ''address'' + ? (has(self.address) && !has(self.cidrSubnetName) + && !has(self.securityGroupName)) + : true' + - message: only securityGroupName is + valid for VPCSecurityGroupRuleRemoteTypeSG + remoteType + rule: 'self.remoteType == ''sg'' ? + (has(self.securityGroupName) && + !has(self.cidrSubnetName) && !has(self.address)) + : true' + type: array + required: + - protocol + - remotes + type: object + x-kubernetes-validations: + - message: icmpCode and icmpType are only + supported for VPCSecurityGroupRuleProtocolIcmp + protocol + rule: 'self.protocol != ''icmp'' ? (!has(self.icmpCode) + && !has(self.icmpType)) : true' + - message: portRange is not valid for VPCSecurityGroupRuleProtocolAll + protocol + rule: 'self.protocol == ''all'' ? !has(self.portRange) + : true' + - message: portRange is not valid for VPCSecurityGroupRuleProtocolIcmp + protocol + rule: 'self.protocol == ''icmp'' ? !has(self.portRange) + : true' + direction: + description: direction defines whether the + traffic is inbound or outbound for the Security + Group Rule. + enum: + - inbound + - outbound + type: string + securityGroupID: + description: securityGroupID is the ID of + the Security Group for the Security Group + Rule. + type: string + source: + description: |- + source is a VPCSecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule. + Only used when direction is VPCSecurityGroupRuleDirectionInbound. + properties: + icmpCode: + description: |- + icmpCode is the ICMP code for the Rule. + Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + format: int64 + type: integer + icmpType: + description: |- + icmpType is the ICMP type for the Rule. + Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp. + format: int64 + type: integer + portRange: + description: portRange is a range of ports + allowed for the Rule's remote. + properties: + maximumPort: + description: maximumPort is the inclusive + upper range of ports. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + minimumPort: + description: minimumPort is the inclusive + lower range of ports. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + type: object + x-kubernetes-validations: + - message: maximum port must be greater + than or equal to minimum port + rule: self.maximumPort >= self.minimumPort + protocol: + description: protocol defines the traffic + protocol used for the Security Group + Rule. + enum: + - all + - icmp + - tcp + - udp + type: string + remotes: + description: |- + remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote. + Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc. + This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc. + items: + description: |- + VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. + The type of remote defines the additional remote details where are used for defining the remote. + properties: + address: + description: |2- + address is the address to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress. + type: string + cidrSubnetName: + description: |- + cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR. + type: string + remoteType: + description: remoteType defines + the type of filter to define for + the remote's destination/source. + enum: + - any + - cidr + - address + - sg + type: string + securityGroupName: + description: |- + securityGroupName is the name of the VPC Security Group to use for the remote's destination/source. + Only used when remoteType is VPCSecurityGroupRuleRemoteTypeSG + type: string + required: + - remoteType + type: object + x-kubernetes-validations: + - message: cidrSubnetName, addresss, + and securityGroupName are not valid + for VPCSecurityGroupRuleRemoteTypeAny + remoteType + rule: 'self.remoteType == ''any'' + ? (!has(self.cidrSubnetName) && + !has(self.address) && !has(self.securityGroupName)) + : true' + - message: only cidrSubnetName is valid + for VPCSecurityGroupRuleRemoteTypeCIDR + remoteType + rule: 'self.remoteType == ''cidr'' + ? (has(self.cidrSubnetName) && !has(self.address) + && !has(self.securityGroupName)) + : true' + - message: only address is valid for + VPCSecurityGroupRuleRemoteTypeIP + remoteType + rule: 'self.remoteType == ''address'' + ? (has(self.address) && !has(self.cidrSubnetName) + && !has(self.securityGroupName)) + : true' + - message: only securityGroupName is + valid for VPCSecurityGroupRuleRemoteTypeSG + remoteType + rule: 'self.remoteType == ''sg'' ? + (has(self.securityGroupName) && + !has(self.cidrSubnetName) && !has(self.address)) + : true' + type: array + required: + - protocol + - remotes + type: object + x-kubernetes-validations: + - message: icmpCode and icmpType are only + supported for VPCSecurityGroupRuleProtocolIcmp + protocol + rule: 'self.protocol != ''icmp'' ? (!has(self.icmpCode) + && !has(self.icmpType)) : true' + - message: portRange is not valid for VPCSecurityGroupRuleProtocolAll + protocol + rule: 'self.protocol == ''all'' ? !has(self.portRange) + : true' + - message: portRange is not valid for VPCSecurityGroupRuleProtocolIcmp + protocol + rule: 'self.protocol == ''icmp'' ? !has(self.portRange) + : true' + required: + - action + - direction + type: object + x-kubernetes-validations: + - message: both destination and source cannot + be provided + rule: (has(self.destination) && !has(self.source)) + || (!has(self.destination) && has(self.source)) + - message: source must be set for VPCSecurityGroupRuleDirectionInbound + direction + rule: 'self.direction == ''inbound'' ? has(self.source) + : true' + - message: destination is not valid for VPCSecurityGroupRuleDirectionInbound + direction + rule: 'self.direction == ''inbound'' ? !has(self.destination) + : true' + - message: destination must be set for VPCSecurityGroupRuleDirectionOutbound + direction + rule: 'self.direction == ''outbound'' ? has(self.destination) + : true' + - message: source is not valid for VPCSecurityGroupRuleDirectionOutbound + direction + rule: 'self.direction == ''outbound'' ? !has(self.source) + : true' + type: array + tags: + description: tags are tags to add to the Security + Group. + items: + type: string + type: array + type: object + x-kubernetes-validations: + - message: either an id or name must be specified + rule: has(self.id) || has(self.name) + type: array + vpc: + description: vpc defines the IBM Cloud VPC for extended + VPC Infrastructure support. + properties: + id: + description: id of the resource. + minLength: 1 + type: string + name: + description: name of the resource. + minLength: 1 + type: string + type: object + x-kubernetes-validations: + - message: an id or name must be provided + rule: has(self.id) || has(self.name) + workerSubnets: + description: workerSubnets is a set of Subnet's which + define the Worker subnets. + items: + description: Subnet describes a subnet. + properties: + cidr: + type: string + id: + maxLength: 64 + minLength: 1 + pattern: ^[-0-9a-z_]+$ + type: string + name: + maxLength: 63 + minLength: 1 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + zone: + type: string + type: object + type: array type: object region: description: The IBM Cloud Region the cluster lives in. @@ -3895,7 +6078,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-ibmcloud-system/capi-ibmcloud-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 @@ -4265,7 +6448,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capi-ibmcloud-system/capi-ibmcloud-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud cluster.x-k8s.io/v1beta1: v1beta1_v1beta2 @@ -4858,38 +7041,6 @@ rules: - update --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-ibmcloud - name: capi-ibmcloud-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-ibmcloud - name: capi-ibmcloud-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: @@ -4920,21 +7071,6 @@ subjects: name: capi-ibmcloud-manager namespace: capi-ibmcloud-system --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-ibmcloud - name: capi-ibmcloud-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capi-ibmcloud-proxy-role -subjects: -- kind: ServiceAccount - name: default - namespace: capi-ibmcloud-system ---- apiVersion: v1 kind: Secret metadata: @@ -4951,27 +7087,6 @@ type: Opaque --- apiVersion: v1 kind: Service -metadata: - annotations: - prometheus.io/port: "8443" - prometheus.io/scheme: https - prometheus.io/scrape: "true" - labels: - cluster.x-k8s.io/provider: infrastructure-ibmcloud - control-plane: controller-manager - name: capi-ibmcloud-controller-manager-metrics-svc - namespace: capi-ibmcloud-system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - cluster.x-k8s.io/provider: infrastructure-ibmcloud - control-plane: controller-manager ---- -apiVersion: v1 -kind: Service metadata: labels: cluster.x-k8s.io/provider: infrastructure-ibmcloud @@ -5008,8 +7123,9 @@ spec: containers: - args: - --leader-elect - - --provider-id-fmt=${PROVIDER_ID_FORMAT:=v1} - - --metrics-bind-addr=127.0.0.1:8080 + - --provider-id-fmt=${PROVIDER_ID_FORMAT:=v2} + - --diagnostics-address=${CAPIBM_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPIBM_INSECURE_DIAGNOSTICS:=false} - --service-endpoint=${SERVICE_ENDPOINT:=none} - --v=${LOGLEVEL:=0} command: @@ -5017,7 +7133,7 @@ spec: env: - name: IBM_CREDENTIALS_FILE value: /home/.ibmcloud/ibm-credentials.env - image: registry.k8s.io/capi-ibmcloud/cluster-api-ibmcloud-controller:v0.8.0 + image: gcr.io/k8s-staging-capi-ibmcloud/cluster-api-ibmcloud-controller:v0.8.0 imagePullPolicy: Always livenessProbe: httpGet: @@ -5031,6 +7147,9 @@ spec: - containerPort: 9440 name: healthz protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP readinessProbe: httpGet: path: /readyz @@ -5042,22 +7161,13 @@ spec: requests: cpu: 100m memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - mountPath: /home/.ibmcloud name: credentials - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https serviceAccountName: capi-ibmcloud-manager terminationGracePeriodSeconds: 10 volumes: