api: add oldestKubeletVersion

Signed-off-by: Peter Hunt <[email protected]>

api/hypershift/v1beta1/hosted_controlplane.go

@@ -318,6 +318,10 @@ type HostedControlPlaneStatus struct {
 
 	// NodeCount tracks the number of nodes in the HostedControlPlane.
 	NodeCount *int `json:"nodeCount,omitempty"`
+
+	// OldestKubeletVersion tracks the oldest kubelet version in a hosted cluster
+	// +openshift:enable:FeatureGate=MinimumKubeletVersion
+	OldestKubeletVersion *string `json:"oldestKubeletVersion,omitempty"`
 }
 
 type APIEndpoint struct {

api/hypershift/v1beta1/hostedcluster_types.go

@@ -1414,6 +1414,10 @@ type HostedClusterStatus struct {
 	// Platform contains platform-specific status of the HostedCluster
 	// +optional
 	Platform *PlatformStatus `json:"platform,omitempty"`
+
+	// OldestKubeletVersion tracks the oldest kubelet version in a hosted cluster
+	// +openshift:enable:FeatureGate=MinimumKubeletVersion
+	OldestKubeletVersion *string `json:"oldestKubeletVersion,omitempty"`
 }
 
 // PlatformStatus contains platform-specific status

cmd/install/assets/hypershift-operator/zz_generated.crd-manifests/hostedclusters-CustomNoUpgrade.crd.yaml

@@ -1642,6 +1642,27 @@ spec:
                         - v2
                         - ""
                         type: string
+                      minimumKubeletVersion:
+                        description: |-
+                          minimumKubeletVersion is the lowest version of a kubelet that can join the cluster.
+                          Specifically, the apiserver will deny most authorization requests of kubelets that are older
+                          than the specified version, only allowing the kubelet to get and update its node object, and perform
+                          subjectaccessreviews.
+                          This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads,
+                          and will eventually be marked as not ready.
+                          Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99".
+                          Since the kubelet reports the version of the kubernetes release, not Openshift, this field references
+                          the underlying kubernetes version this version of Openshift is based off of.
+                          In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then
+                          they should set the minimumKubeletVersion to 1.30.0.
+                          When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version.
+                          Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier.
+                        maxLength: 8
+                        type: string
+                        x-kubernetes-validations:
+                        - message: minmumKubeletVersion must be in a semver compatible
+                            format of x.y.z, or empty
+                          rule: self == "" || self.matches('^[0-9]*.[0-9]*.[0-9]*$')
                       workerLatencyProfile:
                         description: |-
                           WorkerLatencyProfile determins the how fast the kubelet is updating
@@ -5421,6 +5442,10 @@ spec:
                   with the name of an identity provider defined on the HostedCluster.
                   This is populated after the infrastructure is ready.
                 type: string
+              oldestKubeletVersion:
+                description: OldestKubeletVersion tracks the oldest kubelet version
+                  in a hosted cluster
+                type: string
               payloadArch:
                 description: |-
                   payloadArch represents the CPU architecture type of the HostedCluster.Spec.Release.Image. The valid values are:

cmd/install/assets/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-CustomNoUpgrade.crd.yaml

@@ -1599,6 +1599,27 @@ spec:
                         - v2
                         - ""
                         type: string
+                      minimumKubeletVersion:
+                        description: |-
+                          minimumKubeletVersion is the lowest version of a kubelet that can join the cluster.
+                          Specifically, the apiserver will deny most authorization requests of kubelets that are older
+                          than the specified version, only allowing the kubelet to get and update its node object, and perform
+                          subjectaccessreviews.
+                          This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads,
+                          and will eventually be marked as not ready.
+                          Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99".
+                          Since the kubelet reports the version of the kubernetes release, not Openshift, this field references
+                          the underlying kubernetes version this version of Openshift is based off of.
+                          In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then
+                          they should set the minimumKubeletVersion to 1.30.0.
+                          When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version.
+                          Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier.
+                        maxLength: 8
+                        type: string
+                        x-kubernetes-validations:
+                        - message: minmumKubeletVersion must be in a semver compatible
+                            format of x.y.z, or empty
+                          rule: self == "" || self.matches('^[0-9]*.[0-9]*.[0-9]*$')
                       workerLatencyProfile:
                         description: |-
                           WorkerLatencyProfile determins the how fast the kubelet is updating
@@ -5265,6 +5286,10 @@ spec:
                   with the name of an identity provider defined on the HostedCluster.
                   This is populated after the infrastructure is ready.
                 type: string
+              oldestKubeletVersion:
+                description: OldestKubeletVersion tracks the oldest kubelet version
+                  in a hosted cluster
+                type: string
               platform:
                 description: Platform contains platform-specific status of the HostedCluster
                 properties:

docs/content/reference/api.md

@@ -5479,6 +5479,17 @@ PlatformStatus
 <p>Platform contains platform-specific status of the HostedCluster</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>oldestKubeletVersion</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>OldestKubeletVersion tracks the oldest kubelet version in a hosted cluster</p>
+</td>
+</tr>
 </tbody>
 </table>
 ###HostedControlPlaneSpec { #hypershift.openshift.io/v1beta1.HostedControlPlaneSpec }
@@ -6126,6 +6137,17 @@ int
 <p>NodeCount tracks the number of nodes in the HostedControlPlane.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>oldestKubeletVersion</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>OldestKubeletVersion tracks the oldest kubelet version in a hosted cluster</p>
+</td>
+</tr>
 </tbody>
 </table>
 ###IBMCloudKMSAuthSpec { #hypershift.openshift.io/v1beta1.IBMCloudKMSAuthSpec }