openshift
diff --git a/‎PROJECT‎
Lines changed: 6 additions & 0 deletions b/‎PROJECT‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎api/v1beta2/awsmachine_webhook.go‎
Lines changed: 3 additions & 3 deletions b/‎api/v1beta2/awsmachine_webhook.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎cloudbuild-nightly.yaml‎
Lines changed: 1 addition & 1 deletion b/‎cloudbuild-nightly.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cloudbuild.yaml‎
Lines changed: 1 addition & 1 deletion b/‎cloudbuild.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml‎
Lines changed: 64 additions & 14 deletions b/‎config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml‎
Lines changed: 64 additions & 14 deletions
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_rosamachinepools.yaml‎
Lines changed: 5 additions & 0 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_rosamachinepools.yaml‎
Lines changed: 5 additions & 0 deletions
@@ -58,3 +58,9 @@ resources:
 - group: infrastructure
   version: v1beta2
   kind: AWSManagedCluster
+- group: infrastructure
+  kind: ROSARoleConfig
+  version: v1beta2
+- group: infrastructure
+  kind: ROSANetwork
+  version: v1beta2
@@ -384,13 +384,13 @@ func (r *AWSMachine) validateNetworkElasticIPPool() field.ErrorList {
 func (r *AWSMachine) validateCapacityReservation() field.ErrorList {
 	var allErrs field.ErrorList
 	if r.Spec.CapacityReservationID != nil && r.Spec.CapacityReservationPreference != CapacityReservationPreferenceOnly && r.Spec.CapacityReservationPreference != "" {
-		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when a reservation ID is specified, capacityReservationPreference may only be 'CapacityReservationsOnly' or empty"))
+		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when capacityReservationId is specified, capacityReservationPreference may only be 'CapacityReservationsOnly' or empty"))
 	}
 	if r.Spec.CapacityReservationPreference == CapacityReservationPreferenceOnly && r.Spec.MarketType == MarketTypeSpot {
-		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when MarketType is set to 'Spot', capacityReservationPreference cannot be set to 'CapacityReservationsOnly'"))
+		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when marketType is set to 'Spot', capacityReservationPreference cannot be set to 'CapacityReservationsOnly'"))
 	}
 	if r.Spec.CapacityReservationPreference == CapacityReservationPreferenceOnly && r.Spec.SpotMarketOptions != nil {
-		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when capacityReservationPreference is 'CapacityReservationsOnly', SpotMarketOptions cannot be set (which implies MarketType: 'Spot')"))
+		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when capacityReservationPreference is 'CapacityReservationsOnly', spotMarketOptions cannot be set (which implies marketType: 'Spot')"))
 	}
 	return allErrs
 }
 
@@ -1,5 +1,5 @@
 # See https://cloud.google.com/cloud-build/docs/build-config
-timeout: 3000s
+timeout: 7200s
 options:
   substitution_option: ALLOW_LOOSE
 steps:
 
@@ -1,5 +1,5 @@
 # See https://cloud.google.com/cloud-build/docs/build-config
-timeout: 3000s
+timeout: 7200s
 options:
   substitution_option: ALLOW_LOOSE
 steps:
 
@@ -63,6 +63,25 @@ spec:
                   AuditLogRoleARN defines the role that is used to forward audit logs to AWS CloudWatch.
                   If not set, audit log forwarding is disabled.
                 type: string
+              autoNode:
+                description: autoNode set the autoNode mode and roleARN.
+                properties:
+                  mode:
+                    default: Disabled
+                    description: mode specifies the mode for the AutoNode. Setting
+                      Enable/Disable mode will allows/disallow karpenter AutoNode
+                      scaling.
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                  roleARN:
+                    description: |-
+                      roleARN sets the autoNode role ARN, which includes the IAM policy and cluster-specific role that grant the necessary permissions to the Karpenter controller.
+                      The role must be attached with the same OIDC-ID that is used with the ROSA-HCP cluster.
+                    maxLength: 2048
+                    type: string
+                type: object
               availabilityZones:
                 description: |-
                   AvailabilityZones describe AWS AvailabilityZones of the worker nodes.
@@ -525,8 +544,9 @@ spec:
                 - name
                 type: object
               installerRoleARN:
-                description: InstallerRoleARN is an AWS IAM role that OpenShift Cluster
-                  Manager will assume to create the cluster..
+                description: |-
+                  InstallerRoleARN is an AWS IAM role that OpenShift Cluster Manager will assume to create the cluster.
+                  Required if RosaRoleConfigRef is not specified.
                 type: string
               network:
                 description: Network config for the ROSA HCP cluster.
@@ -560,7 +580,9 @@ spec:
                     type: string
                 type: object
               oidcID:
-                description: The ID of the internal OpenID Connect Provider.
+                description: |-
+                  The ID of the internal OpenID Connect Provider.
+                  Required if RosaRoleConfigRef is not specified.
                 type: string
                 x-kubernetes-validations:
                 - message: oidcID is immutable
@@ -576,8 +598,9 @@ spec:
                 description: The AWS Region the cluster lives in.
                 type: string
               rolesRef:
-                description: AWS IAM roles used to perform credential requests by
-                  the openshift operators.
+                description: |-
+                  AWS IAM roles used to perform credential requests by the openshift operators.
+                  Required if RosaRoleConfigRef is not specified.
                 properties:
                   controlPlaneOperatorARN:
                     description: "ControlPlaneOperatorARN  is an ARN value referencing
@@ -777,6 +800,38 @@ spec:
                 x-kubernetes-validations:
                 - message: rosaClusterName is immutable
                   rule: self == oldSelf
+              rosaNetworkRef:
+                description: |-
+                  ROSANetworkRef references ROSANetwork custom resource that contains the networking infrastructure
+                  for the ROSA HCP cluster.
+                properties:
+                  name:
+                    default: ""
+                    description: |-
+                      Name of the referent.
+                      This field is effectively required, but due to backwards compatibility is
+                      allowed to be empty. Instances of this type with an empty value here are
+                      almost certainly wrong.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              rosaRoleConfigRef:
+                description: |-
+                  RosaRoleConfigRef is a reference to a RosaRoleConfig resource that contains account roles, operator roles and OIDC configuration.
+                  RosaRoleConfigRef and role fields such as installerRoleARN, supportRoleARN, workerRoleARN, rolesRef and oidcID are mutually exclusive.
+                properties:
+                  name:
+                    default: ""
+                    description: |-
+                      Name of the referent.
+                      This field is effectively required, but due to backwards compatibility is
+                      allowed to be empty. Instances of this type with an empty value here are
+                      almost certainly wrong.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
               subnets:
                 description: |-
                   The Subnet IDs to use when installing the cluster.
@@ -788,6 +843,7 @@ spec:
                 description: |-
                   SupportRoleARN is an AWS IAM role used by Red Hat SREs to enable
                   access to the cluster account in order to provide support.
+                  Required if RosaRoleConfigRef is not specified.
                 type: string
               version:
                 description: OpenShift semantic version, for example "4.14.5".
@@ -806,22 +862,16 @@ spec:
                 - AlwaysAcknowledge
                 type: string
               workerRoleARN:
-                description: WorkerRoleARN is an AWS IAM role that will be attached
-                  to worker instances.
+                description: |-
+                  WorkerRoleARN is an AWS IAM role that will be attached to worker instances.
+                  Required if RosaRoleConfigRef is not specified.
                 type: string
             required:
-            - availabilityZones
             - channelGroup
-            - installerRoleARN
-            - oidcID
             - region
-            - rolesRef
             - rosaClusterName
-            - subnets
-            - supportRoleARN
             - version
             - versionGate
-            - workerRoleARN
             type: object
           status:
             description: RosaControlPlaneStatus defines the observed state of ROSAControlPlane.
 
@@ -88,6 +88,11 @@ spec:
                   AvailabilityZone is an optinal field specifying the availability zone where instances of this machine pool should run
                   For Multi-AZ clusters, you can create a machine pool in a Single-AZ of your choice.
                 type: string
+              capacityReservationID:
+                description: |-
+                  CapacityReservationID specifies the ID of an AWS On-Demand Capacity Reservation and Capacity Blocks for ML.
+                  The CapacityReservationID must be pre-created in advance, before creating a NodePool.
+                type: string
               instanceType:
                 description: InstanceType specifies the AWS instance type
                 type: string
Original file line number	Diff line number	Diff line change
`@@ -384,13 +384,13 @@ func (r *AWSMachine) validateNetworkElasticIPPool() field.ErrorList {`
`384`	`384`	`func (r *AWSMachine) validateCapacityReservation() field.ErrorList {`
`385`	`385`	`var allErrs field.ErrorList`
`386`	`386`	`if r.Spec.CapacityReservationID != nil && r.Spec.CapacityReservationPreference != CapacityReservationPreferenceOnly && r.Spec.CapacityReservationPreference != "" {`
`387`		`- allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when a reservation ID is specified, capacityReservationPreference may only be 'CapacityReservationsOnly' or empty"))`
	`387`	`+ allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when capacityReservationId is specified, capacityReservationPreference may only be 'CapacityReservationsOnly' or empty"))`
`388`	`388`	`}`
`389`	`389`	`if r.Spec.CapacityReservationPreference == CapacityReservationPreferenceOnly && r.Spec.MarketType == MarketTypeSpot {`
`390`		`- allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when MarketType is set to 'Spot', capacityReservationPreference cannot be set to 'CapacityReservationsOnly'"))`
	`390`	`+ allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when marketType is set to 'Spot', capacityReservationPreference cannot be set to 'CapacityReservationsOnly'"))`
`391`	`391`	`}`
`392`	`392`	`if r.Spec.CapacityReservationPreference == CapacityReservationPreferenceOnly && r.Spec.SpotMarketOptions != nil {`
`393`		`- allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when capacityReservationPreference is 'CapacityReservationsOnly', SpotMarketOptions cannot be set (which implies MarketType: 'Spot')"))`
	`393`	`+ allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "capacityReservationPreference"), "when capacityReservationPreference is 'CapacityReservationsOnly', spotMarketOptions cannot be set (which implies marketType: 'Spot')"))`
`394`	`394`	`}`
`395`	`395`	`return allErrs`
`396`	`396`	`}`