nodes config: add minimumKubeletVersion to status

Signed-off-by: Peter Hunt <[email protected]>

Author: haircommander

config/v1/types_node.go

@@ -72,6 +72,28 @@ type NodeStatus struct {
 	// +listMapKey=type
 	// +optional
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
+
+	// minimumKubeletVersion is the lowest version of a kubelet that can join the cluster.
+	// Specifically, the apiserver will deny most authorization requests of kubelets that are older
+	// than the specified version, only allowing the kubelet to get and update its node object, and perform
+	// subjectaccessreviews.
+	// This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads,
+	// and will eventually be marked as not ready.
+	// Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99".
+	// Since the kubelet reports the version of the kubernetes release, not Openshift, this field references
+	// the underlying kubernetes version this version of Openshift is based off of.
+	// In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then
+	// they should set the minimumKubeletVersion to 1.30.0.
+	// When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version.
+	// Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier.
+	// This status field is used to reflect the actualized minimum kubelet version, which can be interpreted from the
+	// FeatureGateStatus.RenderedMinimumComponentVersion when Component == Kubelet, after that FeatureGateStatus finishes rolling out to
+	// all kubelets.
+	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]*.[0-9]*.[0-9]*$')",message="minmumKubeletVersion must be in a semver compatible format of x.y.z, or empty"
+	// +kubebuilder:validation:MaxLength:=8
+	// +openshift:enable:FeatureGate=MinimumKubeletVersion
+	// +optional
+	MinimumKubeletVersion string `json:"minimumKubeletVersion,omitempty"`
 }
 
 // +kubebuilder:validation:Enum=v1;v2;""

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_nodes-CustomNoUpgrade.crd.yaml

@@ -148,6 +148,30 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
+              minimumKubeletVersion:
+                description: |-
+                  minimumKubeletVersion is the lowest version of a kubelet that can join the cluster.
+                  Specifically, the apiserver will deny most authorization requests of kubelets that are older
+                  than the specified version, only allowing the kubelet to get and update its node object, and perform
+                  subjectaccessreviews.
+                  This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads,
+                  and will eventually be marked as not ready.
+                  Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99".
+                  Since the kubelet reports the version of the kubernetes release, not Openshift, this field references
+                  the underlying kubernetes version this version of Openshift is based off of.
+                  In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then
+                  they should set the minimumKubeletVersion to 1.30.0.
+                  When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version.
+                  Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier.
+                  This status field is used to reflect the actualized minimum kubelet version, which can be interpreted from the
+                  FeatureGateStatus.RenderedMinimumComponentVersion when Component == Kubelet, after that FeatureGateStatus finishes rolling out to
+                  all kubelets.
+                maxLength: 8
+                type: string
+                x-kubernetes-validations:
+                - message: minmumKubeletVersion must be in a semver compatible format
+                    of x.y.z, or empty
+                  rule: self.matches('^[0-9]*.[0-9]*.[0-9]*$')
             type: object
         required:
         - spec

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_nodes-DevPreviewNoUpgrade.crd.yaml

@@ -148,6 +148,30 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
+              minimumKubeletVersion:
+                description: |-
+                  minimumKubeletVersion is the lowest version of a kubelet that can join the cluster.
+                  Specifically, the apiserver will deny most authorization requests of kubelets that are older
+                  than the specified version, only allowing the kubelet to get and update its node object, and perform
+                  subjectaccessreviews.
+                  This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads,
+                  and will eventually be marked as not ready.
+                  Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99".
+                  Since the kubelet reports the version of the kubernetes release, not Openshift, this field references
+                  the underlying kubernetes version this version of Openshift is based off of.
+                  In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then
+                  they should set the minimumKubeletVersion to 1.30.0.
+                  When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version.
+                  Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier.
+                  This status field is used to reflect the actualized minimum kubelet version, which can be interpreted from the
+                  FeatureGateStatus.RenderedMinimumComponentVersion when Component == Kubelet, after that FeatureGateStatus finishes rolling out to
+                  all kubelets.
+                maxLength: 8
+                type: string
+                x-kubernetes-validations:
+                - message: minmumKubeletVersion must be in a semver compatible format
+                    of x.y.z, or empty
+                  rule: self.matches('^[0-9]*.[0-9]*.[0-9]*$')
             type: object
         required:
         - spec

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_nodes-TechPreviewNoUpgrade.crd.yaml

@@ -148,6 +148,30 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
+              minimumKubeletVersion:
+                description: |-
+                  minimumKubeletVersion is the lowest version of a kubelet that can join the cluster.
+                  Specifically, the apiserver will deny most authorization requests of kubelets that are older
+                  than the specified version, only allowing the kubelet to get and update its node object, and perform
+                  subjectaccessreviews.
+                  This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads,
+                  and will eventually be marked as not ready.
+                  Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99".
+                  Since the kubelet reports the version of the kubernetes release, not Openshift, this field references
+                  the underlying kubernetes version this version of Openshift is based off of.
+                  In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then
+                  they should set the minimumKubeletVersion to 1.30.0.
+                  When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version.
+                  Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier.
+                  This status field is used to reflect the actualized minimum kubelet version, which can be interpreted from the
+                  FeatureGateStatus.RenderedMinimumComponentVersion when Component == Kubelet, after that FeatureGateStatus finishes rolling out to
+                  all kubelets.
+                maxLength: 8
+                type: string
+                x-kubernetes-validations:
+                - message: minmumKubeletVersion must be in a semver compatible format
+                    of x.y.z, or empty
+                  rule: self.matches('^[0-9]*.[0-9]*.[0-9]*$')
             type: object
         required:
         - spec

config/v1/zz_generated.featuregated-crd-manifests/nodes.config.openshift.io/MinimumKubeletVersion.yaml

@@ -148,6 +148,30 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
+              minimumKubeletVersion:
+                description: |-
+                  minimumKubeletVersion is the lowest version of a kubelet that can join the cluster.
+                  Specifically, the apiserver will deny most authorization requests of kubelets that are older
+                  than the specified version, only allowing the kubelet to get and update its node object, and perform
+                  subjectaccessreviews.
+                  This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads,
+                  and will eventually be marked as not ready.
+                  Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99".
+                  Since the kubelet reports the version of the kubernetes release, not Openshift, this field references
+                  the underlying kubernetes version this version of Openshift is based off of.
+                  In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then
+                  they should set the minimumKubeletVersion to 1.30.0.
+                  When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version.
+                  Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier.
+                  This status field is used to reflect the actualized minimum kubelet version, which can be interpreted from the
+                  FeatureGateStatus.RenderedMinimumComponentVersion when Component == Kubelet, after that FeatureGateStatus finishes rolling out to
+                  all kubelets.
+                maxLength: 8
+                type: string
+                x-kubernetes-validations:
+                - message: minmumKubeletVersion must be in a semver compatible format
+                    of x.y.z, or empty
+                  rule: self.matches('^[0-9]*.[0-9]*.[0-9]*$')
             type: object
         required:
         - spec

config/v1/zz_generated.swagger_doc_generated.go

@@ -8395,6 +8395,10 @@
             "type"
           ],
           "x-kubernetes-list-type": "map"
+        },
+        "minimumKubeletVersion": {
+          "description": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier. This status field is used to reflect the actualized minimum kubelet version, which can be interpreted from the FeatureGateStatus.RenderedMinimumComponentVersion when Component == Kubelet, after that FeatureGateStatus finishes rolling out to all kubelets.",
+          "type": "string"
         }
       }
     },

openapi/generated_openapi/zz_generated.openapi.go

@@ -148,6 +148,30 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
+              minimumKubeletVersion:
+                description: |-
+                  minimumKubeletVersion is the lowest version of a kubelet that can join the cluster.
+                  Specifically, the apiserver will deny most authorization requests of kubelets that are older
+                  than the specified version, only allowing the kubelet to get and update its node object, and perform
+                  subjectaccessreviews.
+                  This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads,
+                  and will eventually be marked as not ready.
+                  Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99".
+                  Since the kubelet reports the version of the kubernetes release, not Openshift, this field references
+                  the underlying kubernetes version this version of Openshift is based off of.
+                  In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then
+                  they should set the minimumKubeletVersion to 1.30.0.
+                  When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version.
+                  Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier.
+                  This status field is used to reflect the actualized minimum kubelet version, which can be interpreted from the
+                  FeatureGateStatus.RenderedMinimumComponentVersion when Component == Kubelet, after that FeatureGateStatus finishes rolling out to
+                  all kubelets.
+                maxLength: 8
+                type: string
+                x-kubernetes-validations:
+                - message: minmumKubeletVersion must be in a semver compatible format
+                    of x.y.z, or empty
+                  rule: self.matches('^[0-9]*.[0-9]*.[0-9]*$')
             type: object
         required:
         - spec

openapi/openapi.json

@@ -148,6 +148,30 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
+              minimumKubeletVersion:
+                description: |-
+                  minimumKubeletVersion is the lowest version of a kubelet that can join the cluster.
+                  Specifically, the apiserver will deny most authorization requests of kubelets that are older
+                  than the specified version, only allowing the kubelet to get and update its node object, and perform
+                  subjectaccessreviews.
+                  This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads,
+                  and will eventually be marked as not ready.
+                  Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99".
+                  Since the kubelet reports the version of the kubernetes release, not Openshift, this field references
+                  the underlying kubernetes version this version of Openshift is based off of.
+                  In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then
+                  they should set the minimumKubeletVersion to 1.30.0.
+                  When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version.
+                  Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier.
+                  This status field is used to reflect the actualized minimum kubelet version, which can be interpreted from the
+                  FeatureGateStatus.RenderedMinimumComponentVersion when Component == Kubelet, after that FeatureGateStatus finishes rolling out to
+                  all kubelets.
+                maxLength: 8
+                type: string
+                x-kubernetes-validations:
+                - message: minmumKubeletVersion must be in a semver compatible format
+                    of x.y.z, or empty
+                  rule: self.matches('^[0-9]*.[0-9]*.[0-9]*$')
             type: object
         required:
         - spec