Merge pull request #6367 from rhatdan/VENDOR

Vendor in latest containers/buildah
2020-05-25 04:40:56 -04:00 · 2020-05-25 04:40:56 -04:00 · c27f8f488a
parent 3ea511566a 935a716418
commit c27f8f488a
61 changed files with 172 additions and 11304 deletions
--- a/go.mod
+++ b/go.mod
@ -10,7 +10,7 @@ require (
 	github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect
 	github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
 	github.com/containernetworking/plugins v0.8.6
-	github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9
+	github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224
 	github.com/containers/common v0.11.4
 	github.com/containers/conmon v2.0.16+incompatible
 	github.com/containers/image/v5 v5.4.4
--- a/go.sum
+++ b/go.sum
@ -8,7 +8,6 @@ github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX
 github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 h1:93nQ7k53GjoMQ07HVP8g6Zj1fQZDDj7Xy2VkNNtvX8o=
@ -20,9 +19,7 @@ github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg3
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@ -69,9 +66,9 @@ github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 h1:eUMd8
 github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/plugins v0.8.6 h1:npZTLiMa4CRn6m5P9+1Dz4O1j0UeFbm8VYN6dlsw568=
 github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9 h1:EGegltin15wEzCI/5jeHcxBKfwwIHYkBUvsYC3XP060=
+github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224 h1:EqwBZRqyUYvU7JOmmSSPviSaAoUP1wN0cefXXDZ9ATo=
-github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9/go.mod h1:+2aNsVcd4pVzmVAbOfWN5X+0Lpz2rtICSGXbTSCzdBU=
+github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224/go.mod h1:5ZkWjOuK90yl55L5R+purJNLfUo0VUr8pstJazNtYck=
-github.com/containers/common v0.10.0/go.mod h1:6A/moCuQITXLqBe5A0WKKTcCfCmEQRbknI05HcPzOL0=
+github.com/containers/common v0.11.2/go.mod h1:2w3QE6VUmhltGYW4wV00h4okq1Crs7hNI1ZD2I0QRUY=
 github.com/containers/common v0.11.4 h1:M7lmjaVY+29g+YiaWH/UP4YeHjT/pZMxvRgmsWsQn74=
 github.com/containers/common v0.11.4/go.mod h1:AOxw4U5TJJrR/J1QPRvWbjHNdwU13wMy79rjK+7+aJE=
 github.com/containers/conmon v2.0.16+incompatible h1:QFOlb9Id4WoJ24BelCFWwDSPTquwKMp3L3g2iGmRTq4=
@ -86,8 +83,8 @@ github.com/containers/ocicrypt v1.0.2/go.mod h1:nsOhbP19flrX6rE7ieGFvBlr7modwmNj
 github.com/containers/psgo v1.5.0 h1:uofUREsrm0Ls5K4tkEIFPqWSHKyg3Bvoqo/Q2eDmj8g=
 github.com/containers/psgo v1.5.0/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU=
 github.com/containers/storage v1.18.2/go.mod h1:WTBMf+a9ZZ/LbmEVeLHH2TX4CikWbO1Bt+/m58ZHVPg=
 github.com/containers/storage v1.19.0/go.mod h1:9Xc4rrTubn5hmtBfL+PSJH1XlfTQwR4VAG1NDUIpCts=
 github.com/containers/storage v1.19.1/go.mod h1:KbXjSwKnx17ejOsjFcCXSf78mCgZkQSLPBNTMRc3XrQ=
 github.com/containers/storage v1.19.2/go.mod h1:gYCp3jzgXkvubO0rI14QAjz5Mxm/qKJgLmHFyqayDnw=
 github.com/containers/storage v1.20.1 h1:2XE4eRIqSa6YjhAZjNwIkIKE6+Miy+5WV8l1KzY2ZKk=
 github.com/containers/storage v1.20.1/go.mod h1:RoKzO8KSDogCT6c06rEbanZTcKYxshorB33JikEGc3A=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@ -111,7 +108,6 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S
 github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
 github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
 github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -142,7 +138,6 @@ github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkg
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
@ -163,16 +158,9 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
 github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
 github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8=
@ -183,7 +171,6 @@ github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14j
 github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
@ -209,7 +196,6 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
@ -254,7 +240,6 @@ github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07/go.mod h1:co9pwD
 github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
 github.com/jamescun/tuntap v0.0.0-20190712092105-cb1fb277045c/go.mod h1:zzwpsgcYhzzIP5WyF8g9ivCv38cY9uAV9Gu0m3lThhE=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@ -266,7 +251,6 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc=
 github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/pgzip v1.2.3 h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw=
@ -280,14 +264,10 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
 github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
@ -302,7 +282,6 @@ github.com/moby/vpnkit v0.3.1-0.20200304131818-6bc1679a048d/go.mod h1:KyjUrL9cb6
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
@ -336,7 +315,7 @@ github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuB
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
+github.com/onsi/gomega v1.10.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@ -364,8 +343,6 @@ github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOl
 github.com/opencontainers/selinux v1.4.0/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/opencontainers/selinux v1.5.1 h1:jskKwSMFYqyTrHEuJgQoUlTcId0av64S6EWObrIfn5Y=
 github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316 h1:enQG2QUGwug4fR1yM6hL0Fjzx6Km/exZY6RbSPwMu3o=
 github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316/go.mod h1:dv+J0b/HWai0QnMVb37/H0v36klkLBi2TNpPeWDxX10=
 github.com/openshift/imagebuilder v1.1.4 h1:LUg8aTjyXMtlDx6IbtvaqofFGZ6aYqe+VIeATE735LM=
 github.com/openshift/imagebuilder v1.1.4/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo=
 github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU=
@ -380,7 +357,6 @@ github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M=
@ -408,15 +384,12 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rootless-containers/rootlesskit v0.9.4 h1:6ogX7l3r3nlS7eTB8ePbLSQ6TZR1aVQzRjTy2SIBOzk=
 github.com/rootless-containers/rootlesskit v0.9.4/go.mod h1:fx5DhInDgnR0Upj+2cOVacKuZJYSNKV5P/bCwGa+quQ=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 h1:2c1EFnZHIPCW8qKWgHMH/fX2PkSabFc5mrVzfUNdg5U=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f h1:OtU/w6sBKmXYaw2KEODxjcYi3oPSyyslhgGFgIJVGAI=
 github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f/go.mod h1:f/98/SnvAzhAEFQJ3u836FePXvcbE8BS0YGMQNn4mhA=
 github.com/seccomp/containers-golang v0.4.1 h1:6hsmsP8Y9T6PWKJELqAkRWkc6Te60+zK64avkjInd44=
 github.com/seccomp/containers-golang v0.4.1/go.mod h1:5fP9lgyYyklJ8fg8Geq193G1QLe0ikf34z+hZKIjmnE=
 github.com/seccomp/libseccomp-golang v0.9.1 h1:NJjM5DNFOs0s3kYE1WUOr6G8V97sdt46rlXTMfXGWBo=
@ -428,7 +401,6 @@ github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjM
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo=
 github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@ -448,8 +420,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@ -509,7 +479,6 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@ -517,13 +486,9 @@ golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU=
 golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -539,9 +504,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@ -573,7 +536,6 @@ golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190921190940-14da1ac737cc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -603,19 +565,12 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
 gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
 gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
@ -670,35 +625,23 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.0.0-20190620084959-7cf5895f2711/go.mod h1:TBhBqb1AWbBQbW3XRusr7n7E4v2+5ZY8r8sAMnyFC5A=
 k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
 k8s.io/api v0.18.3 h1:2AJaUQdgUZLoDZHrun21PW2Nx9+ll6cUzvn3IKhSIn0=
 k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA=
 k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719/go.mod h1:I4A+glKBHiTgiEjQiCCQfCAIcIMFGt291SmsvcrFzJA=
 k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
 k8s.io/apimachinery v0.18.3 h1:pOGcbVAhxADgUYnjS08EFXs9QMl8qaH5U4fr5LGUrSk=
 k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
 k8s.io/client-go v0.0.0-20190620085101-78d2af792bab h1:E8Fecph0qbNsAbijJJQryKu4Oi9QTp5cVpjTE+nqg6g=
 k8s.io/client-go v0.0.0-20190620085101-78d2af792bab/go.mod h1:E95RaSlHr79aHaX0aGSwcPNfygDiPKOVXdmivCIZT0k=
 k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
 k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
 k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/utils v0.0.0-20190221042446-c2654d5206da h1:ElyM7RPonbKnQqOcw7dG2IK5uvQQn3b/WPHqD5mBvP4=
 k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
 modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
 modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e h1:4Z09Hglb792X0kfOBBJUPFEyvVfQWrYT/l8h5EKA6JQ=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
--- a/vendor/github.com/containers/buildah/.cirrus.yml
+++ b/vendor/github.com/containers/buildah/.cirrus.yml
@ -27,11 +27,13 @@ env:
    ####
    # GCE project where images live
    IMAGE_PROJECT: "libpod-218412"
-    # TODO: Setting up from base-images is very inefficient, use libpod's cache-images instead?
+    # See https://github.com/containers/libpod/blob/master/contrib/cirrus/README.md#test_build_cache_images_task-task
-    FEDORA_CACHE_IMAGE_NAME: "fedora-cloud-base-30-1-2-1565360543"
+    _BUILT_IMAGE_SUFFIX: "libpod-6224667180531712"
-    PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-cloud-base-29-1-2-1565360543"
+    FEDORA_CACHE_IMAGE_NAME: "fedora-32-${_BUILT_IMAGE_SUFFIX}"
-    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-1904-disco-v20190724"
+    PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}"
-    PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-1804-bionic-v20190722a"
+    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}"
    PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}"
    ####
    #### Command variables to help avoid duplication
@ -153,9 +155,6 @@ gce_instance:
        - 'cirrus-ci/only_prs/gate'
        - 'cirrus-ci/only_prs/vendor'
    container:
        image: registry.fedoraproject.org/fedora:30
    env:
        matrix:
            CROSS_TARGET: darwin
@ -179,10 +178,8 @@ gce_instance:
    gce_instance:  # Only need to specify differences from defaults (above)
        matrix:  # Duplicate this task for each matrix product.
            image_name: "${FEDORA_CACHE_IMAGE_NAME}"
-            # TODO: Re-enable once prior image is F30 and above is F31
+            image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
-            # image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
+            image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
            # TODO: Re-enable when package repositories functional
            #image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
            image_name: "${PRIOR_UBUNTU_CACHE_IMAGE_NAME}"
    # Separate scripts for separate outputs, makes debugging easier.
@ -248,7 +245,7 @@ gce_instance:
        CIRRUS_CLONE_DEPTH: 1  # no code is being used by this task
    container:
-        image: "registry.fedoraproject.org/fedora-minimal:latest"
+        image: "quay.io/libpod/fedora-minimal:latest"
        cpu: 1
        memory: 1
--- a/vendor/github.com/containers/buildah/.golangci.yml
+++ b/vendor/github.com/containers/buildah/.golangci.yml
@ -4,8 +4,8 @@ run:
    - apparmor
    - seccomp
    - selinux
-  concurrency: 6
+  # Don't exceed number of threads available when running under CI
-  deadline: 5m
+  concurrency: 4
 linters:
  disable-all: true
  enable:
@ -17,7 +17,8 @@ linters:
    - gofmt
    - goimports
    - golint
-    - gosimple
+    # Broken? Unpredictably dies w/o any error well before deadline/timeout expires
    # - gosimple
    - govet
    - ineffassign
    - interfacer
--- a/vendor/github.com/containers/buildah/SECURITY.md
+++ b/vendor/github.com/containers/buildah/SECURITY.md
@ -0,0 +1,3 @@
 ## Security and Disclosure Information Policy for the Buildah Project
 The Buildah Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the Containers Projects.
--- a/vendor/github.com/containers/buildah/buildah.go
+++ b/vendor/github.com/containers/buildah/buildah.go
@ -13,6 +13,7 @@ import (
 	"github.com/containers/buildah/docker"
 	"github.com/containers/image/v5/types"
 	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/ioutils"
 	v1 "github.com/opencontainers/image-spec/specs-go/v1"
@ -413,6 +414,9 @@ type BuilderOptions struct {
 	MaxPullRetries int
 	// PullRetryDelay is how long to wait before retrying a pull attempt.
 	PullRetryDelay time.Duration
 	// OciDecryptConfig contains the config that can be used to decrypt an image if it is
 	// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
 	OciDecryptConfig *encconfig.DecryptConfig
 }
 // ImportOptions are used to initialize a Builder from an existing container
--- a/vendor/github.com/containers/buildah/commit.go
+++ b/vendor/github.com/containers/buildah/commit.go
@ -19,11 +19,11 @@ import (
 	is "github.com/containers/image/v5/storage"
 	"github.com/containers/image/v5/transports"
 	"github.com/containers/image/v5/types"
 	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/stringid"
 	digest "github.com/opencontainers/go-digest"
 	configv1 "github.com/openshift/api/config/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@ -88,6 +88,15 @@ type CommitOptions struct {
 	// RetryDelay is how long to wait before retrying a commit attempt to a
 	// registry.
 	RetryDelay time.Duration
 	// OciEncryptConfig when non-nil indicates that an image should be encrypted.
 	// The encryption options is derived from the construction of EncryptConfig object.
 	OciEncryptConfig *encconfig.EncryptConfig
 	// OciEncryptLayers represents the list of layers to encrypt.
 	// If nil, don't encrypt any layers.
 	// If non-nil and len==0, denotes encrypt all layers.
 	// integers in the slice represent 0-indexed layer indices, with support for negative
 	// indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer.
 	OciEncryptLayers *[]int
 }
 // PushOptions can be used to alter how an image is copied somewhere.
@ -132,6 +141,15 @@ type PushOptions struct {
 	MaxRetries int
 	// RetryDelay is how long to wait before retrying a push attempt.
 	RetryDelay time.Duration
 	// OciEncryptConfig when non-nil indicates that an image should be encrypted.
 	// The encryption options is derived from the construction of EncryptConfig object.
 	OciEncryptConfig *encconfig.EncryptConfig
 	// OciEncryptLayers represents the list of layers to encrypt.
 	// If nil, don't encrypt any layers.
 	// If non-nil and len==0, denotes encrypt all layers.
 	// integers in the slice represent 0-indexed layer indices, with support for negative
 	// indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer.
 	OciEncryptLayers *[]int
 }
 var (
@ -162,7 +180,12 @@ func checkRegistrySourcesAllows(forWhat string, dest types.ImageReference) error
 	}
 	if registrySources, ok := os.LookupEnv("BUILD_REGISTRY_SOURCES"); ok && len(registrySources) > 0 {
-		var sources configv1.RegistrySources
+		// Use local struct instead of github.com/openshift/api/config/v1 RegistrySources
 		var sources struct {
 			InsecureRegistries []string `json:"insecureRegistries,omitempty"`
 			BlockedRegistries  []string `json:"blockedRegistries,omitempty"`
 			AllowedRegistries  []string `json:"allowedRegistries,omitempty"`
 		}
 		if err := json.Unmarshal([]byte(registrySources), &sources); err != nil {
 			return errors.Wrapf(err, "error parsing $BUILD_REGISTRY_SOURCES (%q) as JSON", registrySources)
 		}
@ -270,7 +293,9 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
 	// Check if the base image is already in the destination and it's some kind of local
 	// storage.  If so, we can skip recompressing any layers that come from the base image.
 	exportBaseLayers := true
-	if transport, destIsStorage := dest.Transport().(is.StoreTransport); destIsStorage && b.FromImageID != "" {
+	if transport, destIsStorage := dest.Transport().(is.StoreTransport); destIsStorage && options.OciEncryptConfig != nil {
 		return imgID, nil, "", errors.New("unable to use local storage with image encryption")
 	} else if destIsStorage && b.FromImageID != "" {
 		if baseref, err := transport.ParseReference(b.FromImageID); baseref != nil && err == nil {
 			if img, err := transport.GetImage(baseref); img != nil && err == nil {
 				logrus.Debugf("base image %q is already present in local storage, no need to copy its layers", b.FromImageID)
@ -319,7 +344,7 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
 	}
 	var manifestBytes []byte
-	if manifestBytes, err = retryCopyImage(ctx, policyContext, maybeCachedDest, maybeCachedSrc, dest, "push", getCopyOptions(b.store, options.ReportWriter, nil, systemContext, "", false, options.SignBy), options.MaxRetries, options.RetryDelay); err != nil {
+	if manifestBytes, err = retryCopyImage(ctx, policyContext, maybeCachedDest, maybeCachedSrc, dest, "push", getCopyOptions(b.store, options.ReportWriter, nil, systemContext, "", false, options.SignBy, options.OciEncryptLayers, options.OciEncryptConfig, nil), options.MaxRetries, options.RetryDelay); err != nil {
 		return imgID, nil, "", errors.Wrapf(err, "error copying layers and metadata for container %q", b.ContainerID)
 	}
 	// If we've got more names to attach, and we know how to do that for
@ -451,7 +476,7 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options
 		systemContext.DirForceCompress = true
 	}
 	var manifestBytes []byte
-	if manifestBytes, err = retryCopyImage(ctx, policyContext, dest, maybeCachedSrc, dest, "push", getCopyOptions(options.Store, options.ReportWriter, nil, systemContext, options.ManifestType, options.RemoveSignatures, options.SignBy), options.MaxRetries, options.RetryDelay); err != nil {
+	if manifestBytes, err = retryCopyImage(ctx, policyContext, dest, maybeCachedSrc, dest, "push", getCopyOptions(options.Store, options.ReportWriter, nil, systemContext, options.ManifestType, options.RemoveSignatures, options.SignBy, options.OciEncryptLayers, options.OciEncryptConfig, nil), options.MaxRetries, options.RetryDelay); err != nil {
 		return nil, "", errors.Wrapf(err, "error copying layers and metadata from %q to %q", transports.ImageName(maybeCachedSrc), transports.ImageName(dest))
 	}
 	if options.ReportWriter != nil {
--- a/vendor/github.com/containers/buildah/common.go
+++ b/vendor/github.com/containers/buildah/common.go
@ -14,6 +14,7 @@ import (
 	"github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/signature"
 	"github.com/containers/image/v5/types"
 	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/unshare"
 	"github.com/docker/distribution/registry/api/errcode"
@ -30,7 +31,7 @@ const (
 	DOCKER = "docker"
 )
-func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemContext *types.SystemContext, destinationSystemContext *types.SystemContext, manifestType string, removeSignatures bool, addSigner string) *cp.Options {
+func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemContext *types.SystemContext, destinationSystemContext *types.SystemContext, manifestType string, removeSignatures bool, addSigner string, ociEncryptLayers *[]int, ociEncryptConfig *encconfig.EncryptConfig, ociDecryptConfig *encconfig.DecryptConfig) *cp.Options {
 	sourceCtx := getSystemContext(store, nil, "")
 	if sourceSystemContext != nil {
 		*sourceCtx = *sourceSystemContext
@ -47,6 +48,9 @@ func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemCon
 		ForceManifestMIMEType: manifestType,
 		RemoveSignatures:      removeSignatures,
 		SignBy:                addSigner,
 		OciEncryptConfig:      ociEncryptConfig,
 		OciDecryptConfig:      ociDecryptConfig,
 		OciEncryptLayers:      ociEncryptLayers,
 	}
 }
--- a/vendor/github.com/containers/buildah/go.mod
+++ b/vendor/github.com/containers/buildah/go.mod
@ -4,9 +4,10 @@ go 1.12
 require (
 	github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784
-	github.com/containers/common v0.10.0
+	github.com/containers/common v0.11.2
-	github.com/containers/image/v5 v5.4.3
+	github.com/containers/image/v5 v5.4.4
-	github.com/containers/storage v1.19.0
+	github.com/containers/ocicrypt v1.0.2
 	github.com/containers/storage v1.19.2
 	github.com/cyphar/filepath-securejoin v0.2.2
 	github.com/docker/distribution v2.7.1+incompatible
 	github.com/docker/go-units v0.4.0
@ -17,27 +18,26 @@ require (
 	github.com/hashicorp/go-multierror v1.0.0
 	github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 // indirect
 	github.com/mattn/go-shellwords v1.0.10
-	github.com/onsi/ginkgo v1.12.0
+	github.com/onsi/ginkgo v1.12.1
-	github.com/onsi/gomega v1.9.0
+	github.com/onsi/gomega v1.10.0
-	github.com/opencontainers/go-digest v1.0.0-rc1
+	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6
 	github.com/opencontainers/runc v1.0.0-rc9
-	github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7
+	github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2
 	github.com/opencontainers/runtime-tools v0.9.0
 	github.com/opencontainers/selinux v1.5.1
 	github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316
 	github.com/openshift/imagebuilder v1.1.4
 	github.com/pkg/errors v0.9.1
-	github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f
+	github.com/seccomp/containers-golang v0.4.1
 	github.com/seccomp/libseccomp-golang v0.9.1
-	github.com/sirupsen/logrus v1.5.0
+	github.com/sirupsen/logrus v1.6.0
 	github.com/spf13/cobra v0.0.7
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.5.1
 	github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2
 	github.com/vishvananda/netlink v1.1.0 // indirect
-	golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59
+	golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5
-	golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775
+	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
 )
 replace github.com/sirupsen/logrus => github.com/sirupsen/logrus v1.4.2
--- a/vendor/github.com/containers/buildah/go.sum
+++ b/vendor/github.com/containers/buildah/go.sum
@ -6,18 +6,14 @@ github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7O
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 h1:93nQ7k53GjoMQ07HVP8g6Zj1fQZDDj7Xy2VkNNtvX8o=
 github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/hcsshim v0.8.7 h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg=
 github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk=
 github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@ -31,6 +27,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver v3.1.0+incompatible h1:7hqmJYuaEK3qwVjWubYiht3j93YI0WQBuysxHIfUriU=
 github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@ -41,6 +39,8 @@ github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtM
 github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.0 h1:xjvXQWABwS2uiv3TWgQt5Uth60Gu86LTGZXMJkjc7rY=
 github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA=
 github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c h1:8ahmSVELW1wghbjerVAyuEYD5+Dio66RYvSS0iGfL1M=
 github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY=
@ -50,17 +50,20 @@ github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDG
 github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
 github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 h1:rqUVLD8I859xRgUx/WMC3v7QAFqbLKZbs+0kqYboRJc=
 github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containers/common v0.10.0 h1:Km1foMJJBIxceA1/UCZcIuwf8sCF71sP5DwE6Oh1BEA=
+github.com/containers/common v0.11.2 h1:e4477fCE3qSA+Z2vT+uUMUTn8s8CyIM++qNm3PCSl68=
-github.com/containers/common v0.10.0/go.mod h1:6A/moCuQITXLqBe5A0WKKTcCfCmEQRbknI05HcPzOL0=
+github.com/containers/common v0.11.2/go.mod h1:2w3QE6VUmhltGYW4wV00h4okq1Crs7hNI1ZD2I0QRUY=
 github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs=
 github.com/containers/image/v5 v5.4.3/go.mod h1:pN0tvp3YbDd7BWavK2aE0mvJUqVd2HmhPjekyWSFm0U=
 github.com/containers/image/v5 v5.4.4 h1:JSanNn3v/BMd3o0MEvO4R4OKNuoJUSzVGQAI1+0FMXE=
 github.com/containers/image/v5 v5.4.4/go.mod h1:g7cxNXitiLi6pEr9/L9n/0wfazRuhDKXU15kV86N8h8=
 github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE=
 github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.0.2 h1:Q0/IPs8ohfbXNxEfyJ2pFVmvJu5BhqJUAmc6ES9NKbo=
 github.com/containers/ocicrypt v1.0.2/go.mod h1:nsOhbP19flrX6rE7ieGFvBlr7modwmNjsqWarIUce4M=
 github.com/containers/storage v1.18.2/go.mod h1:WTBMf+a9ZZ/LbmEVeLHH2TX4CikWbO1Bt+/m58ZHVPg=
-github.com/containers/storage v1.19.0 h1:bVIF5EglbT5PQnqcN7sE6VWqoQzlToqzjXdz+eNubQg=
+github.com/containers/storage v1.19.1 h1:YKIzOO12iaD5Ra0PKFS6emcygbHLmwmQOCQRU/19YAQ=
-github.com/containers/storage v1.19.0/go.mod h1:9Xc4rrTubn5hmtBfL+PSJH1XlfTQwR4VAG1NDUIpCts=
+github.com/containers/storage v1.19.1/go.mod h1:KbXjSwKnx17ejOsjFcCXSf78mCgZkQSLPBNTMRc3XrQ=
 github.com/containers/storage v1.19.2 h1:vhcUwEjDZiPJxaLPFsjvyavnEjFw6qQi9HAkVz1amfI=
 github.com/containers/storage v1.19.2/go.mod h1:gYCp3jzgXkvubO0rI14QAjz5Mxm/qKJgLmHFyqayDnw=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@ -69,7 +72,6 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg=
 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
 github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -92,53 +94,32 @@ github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316 h1:moehP
 github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8=
 github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
 github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/etcd-io/bbolt v1.3.3 h1:gSJmxrs37LgTqR/oyJBWok6k6SvXEUerFTbltIhXkBM=
 github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsouza/go-dockerclient v1.6.5 h1:vuFDnPcds3LvTWGYb9h0Rty14FLgkjHZdwLDROCdgsw=
 github.com/fsouza/go-dockerclient v1.6.5/go.mod h1:GOdftxWLWIbIWKbIMDroKFJzPdg6Iw7r+jX1DDZdVsA=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
 github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
 github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
@ -148,11 +129,8 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc=
 github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
@ -177,20 +155,18 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt
 github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 h1:rw3IAne6CDuVFlZbPOkA7bhxlqawFh7RJJ+CejfMaxE=
 github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc=
+github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc=
-github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/pgzip v1.2.3 h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw=
 github.com/klauspost/pgzip v1.2.3/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@ -198,14 +174,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
@ -217,7 +188,6 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
@ -225,23 +195,25 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mtrmac/gpgme v0.1.2 h1:dNOmvYmsrakgW7LcgiprD0yfRuQQe8/C8F6Z+zogO3s=
 github.com/mtrmac/gpgme v0.1.2/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU=
 github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0 h1:R1uwffexN6Pr340GtYRIdZmAiN4J+iw6WG4wog1DUXg=
+github.com/onsi/gomega v1.10.0 h1:Gwkk+PTu/nfOwNMtUB/mRUv0X7ewW5dO4AERT1ThVKo=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
+github.com/onsi/gomega v1.10.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 h1:yN8BPXVwMBAm3Cuvh1L5XE8XpvYRMdsVLd82ILprhUU=
 github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
@ -252,14 +224,15 @@ github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rm
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 h1:Dliu5QO+4JYWu/yMshaMU7G3JN2POGpwjJN7gjy10Go=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 h1:9mv9SC7GWmRWE0J/+oD8w3GsN2KYGKtg6uwLN7hfP5E=
 github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
 github.com/opencontainers/runtime-tools v0.9.0 h1:FYgwVsKRI/H9hU32MJ/4MLOzXWodKK5zsQavY8NPMkU=
 github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
 github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs=
 github.com/opencontainers/selinux v1.4.0/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/opencontainers/selinux v1.5.1 h1:jskKwSMFYqyTrHEuJgQoUlTcId0av64S6EWObrIfn5Y=
 github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316 h1:enQG2QUGwug4fR1yM6hL0Fjzx6Km/exZY6RbSPwMu3o=
 github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316/go.mod h1:dv+J0b/HWai0QnMVb37/H0v36klkLBi2TNpPeWDxX10=
 github.com/openshift/imagebuilder v1.1.4 h1:LUg8aTjyXMtlDx6IbtvaqofFGZ6aYqe+VIeATE735LM=
 github.com/openshift/imagebuilder v1.1.4/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913 h1:TnbXhKzrTOyuvWrjI8W6pcoI9XPbLHFXCdN2dtUw7Rw=
@ -270,7 +243,6 @@ github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M=
@ -290,6 +262,7 @@ github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0 h1:kRhiuYSXR3+uv2IbVbZhUxK5zVD/2pp3Gd2PpvPkpEo=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@ -297,13 +270,14 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f h1:OtU/w6sBKmXYaw2KEODxjcYi3oPSyyslhgGFgIJVGAI=
+github.com/seccomp/containers-golang v0.4.1 h1:6hsmsP8Y9T6PWKJELqAkRWkc6Te60+zK64avkjInd44=
-github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f/go.mod h1:f/98/SnvAzhAEFQJ3u836FePXvcbE8BS0YGMQNn4mhA=
+github.com/seccomp/containers-golang v0.4.1/go.mod h1:5fP9lgyYyklJ8fg8Geq193G1QLe0ikf34z+hZKIjmnE=
 github.com/seccomp/libseccomp-golang v0.9.1 h1:NJjM5DNFOs0s3kYE1WUOr6G8V97sdt46rlXTMfXGWBo=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@ -315,7 +289,6 @@ github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKv
 github.com/spf13/cobra v0.0.7 h1:FfTH+vuMXOas8jmfb5/M7dzEYx7LpcLb7a0LPe34uOU=
 github.com/spf13/cobra v0.0.7/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@ -323,8 +296,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@ -342,8 +313,9 @@ github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oW
 github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02dE=
 github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g=
 github.com/vbauerster/mpb/v5 v5.0.3 h1:Ldt/azOkbThTk2loi6FrBd/3fhxGFQ24MxFAS88PoNY=
 github.com/vbauerster/mpb/v5 v5.0.3/go.mod h1:h3YxU5CSr8rZP4Q3xZPVB3jJLhWPou63lHEdr9ytH4Y=
 github.com/vbauerster/mpb/v5 v5.0.4 h1:w7l/tJfHmtIOKZkU+bhbDZOUxj1kln9jy4DUOp3Tl14=
 github.com/vbauerster/mpb/v5 v5.0.4/go.mod h1:fvzasBUyuo35UyuA6sSOlVhpLoNQsp2nBdHw7OiSUU8=
 github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
@ -368,21 +340,16 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU=
 golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -394,9 +361,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@ -408,31 +373,29 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190921190940-14da1ac737cc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191127021746-63cb32ae39b2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 h1:TC0v2RSO1u2kn1ZugjrFXkRZAEaqMN/RW+OTZkBzmLE=
 golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8=
 golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@ -441,32 +404,26 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqG
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
 gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
 gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
 google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
@ -479,8 +436,6 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
 gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
@ -496,23 +451,4 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.17.0 h1:H9d/lw+VkZKEVIUc8F3wgiQ+FUXTTr21M87jXLU7yqM=
 k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
 k8s.io/apimachinery v0.17.0 h1:xRBnuie9rXcPxUkDizUsGvPf1cnlZCFu210op7J7LJo=
 k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
 k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
 modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
 modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
--- a/vendor/github.com/containers/buildah/image.go
+++ b/vendor/github.com/containers/buildah/image.go
@ -586,16 +586,10 @@ func (i *containerImageSource) Reference() types.ImageReference {
 }
 func (i *containerImageSource) GetSignatures(ctx context.Context, instanceDigest *digest.Digest) ([][]byte, error) {
 	if instanceDigest != nil {
 		return nil, errors.Errorf("containerImageSource does not support manifest lists")
 	}
 	return nil, nil
 }
 func (i *containerImageSource) GetManifest(ctx context.Context, instanceDigest *digest.Digest) ([]byte, string, error) {
 	if instanceDigest != nil {
 		return nil, "", errors.Errorf("containerImageSource does not support manifest lists")
 	}
 	return i.manifest, i.manifestType, nil
 }
--- a/vendor/github.com/containers/buildah/imagebuildah/build.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/build.go
@ -3,6 +3,7 @@ package imagebuildah
 import (
 	"bytes"
 	"context"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
@ -16,10 +17,12 @@ import (
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/types"
 	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/openshift/imagebuilder"
 	"github.com/openshift/imagebuilder/dockerfile/parser"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@ -171,6 +174,9 @@ type BuildOptions struct {
 	MaxPullPushRetries int
 	// PullPushRetryDelay is how long to wait before retrying a pull or push attempt.
 	PullPushRetryDelay time.Duration
 	// OciDecryptConfig contains the config that can be used to decrypt an image if it is
 	// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
 	OciDecryptConfig *encconfig.DecryptConfig
 }
 // BuildDockerfiles parses a set of one or more Dockerfiles (which may be
@ -249,6 +255,9 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt
 	if err != nil {
 		return "", nil, errors.Wrapf(err, "error parsing main Dockerfile")
 	}
 	warnOnUnsetBuildArgs(mainNode, options.Args)
 	for _, d := range dockerfiles[1:] {
 		additionalNode, err := imagebuilder.ParseDockerfile(d)
 		if err != nil {
@ -280,6 +289,20 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt
 	return exec.Build(ctx, stages)
 }
 func warnOnUnsetBuildArgs(node *parser.Node, args map[string]string) {
 	for _, child := range node.Children {
 		switch strings.ToUpper(child.Value) {
 		case "ARG":
 			argName := child.Next.Value
 			if _, ok := args[argName]; !strings.Contains(argName, "=") && !ok {
 				logrus.Warnf("missing %q build argument. Try adding %q to the command line", argName, fmt.Sprintf("--build-arg %s=<VALUE>", argName))
 			}
 		default:
 			continue
 		}
 	}
 }
 // preprocessDockerfileContents runs CPP(1) in preprocess-only mode on the input
 // dockerfile content and will use ctxDir as the base include path.
 //
--- a/vendor/github.com/containers/buildah/imagebuildah/executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go
@ -20,6 +20,7 @@ import (
 	"github.com/containers/image/v5/transports"
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/image/v5/types"
 	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
 	v1 "github.com/opencontainers/image-spec/specs-go/v1"
@ -100,6 +101,7 @@ type Executor struct {
 	os                             string
 	maxPullPushRetries             int
 	retryPullPushDelay             time.Duration
 	ociDecryptConfig               *encconfig.DecryptConfig
 }
 // NewExecutor creates a new instance of the imagebuilder.Executor interface.
@ -188,6 +190,7 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod
 		os:                             options.OS,
 		maxPullPushRetries:             options.MaxPullPushRetries,
 		retryPullPushDelay:             options.PullPushRetryDelay,
 		ociDecryptConfig:               options.OciDecryptConfig,
 	}
 	if exec.err == nil {
 		exec.err = os.Stderr
@ -233,7 +236,7 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod
 // startStage creates a new stage executor that will be referenced whenever a
 // COPY or ADD statement uses a --from=NAME flag.
-func (b *Executor) startStage(stage *imagebuilder.Stage, stages int, from, output string) *StageExecutor {
+func (b *Executor) startStage(stage *imagebuilder.Stage, stages int, output string) *StageExecutor {
 	if b.stages == nil {
 		b.stages = make(map[string]*StageExecutor)
 	}
@ -248,7 +251,6 @@ func (b *Executor) startStage(stage *imagebuilder.Stage, stages int, from, outpu
 		stage:           stage,
 	}
 	b.stages[stage.Name] = stageExec
 	b.stages[from] = stageExec
 	if idx := strconv.Itoa(stage.Position); idx != stage.Name {
 		b.stages[idx] = stageExec
 	}
@ -421,7 +423,7 @@ func (b *Executor) Build(ctx context.Context, stages imagebuilder.Stages) (image
 			output = b.output
 		}
-		stageExecutor := b.startStage(&stage, len(stages), base, output)
+		stageExecutor := b.startStage(&stage, len(stages), output)
 		// If this a single-layer build, or if it's a multi-layered
 		// build and b.forceRmIntermediateCtrs is set, make sure we
--- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
@ -295,7 +295,7 @@ func (s *StageExecutor) digestSpecifiedContent(node *parser.Node, argValues []st
 			// container.  Update the ID mappings and
 			// all-content-comes-from-below-this-directory value.
 			from := strings.TrimPrefix(flag, "--from=")
-			if other, ok := s.executor.stages[from]; ok {
+			if other, ok := s.executor.stages[from]; ok && other.index < s.index {
 				contextDir = other.mountPoint
 				idMappingOptions = &other.builder.IDMappingOptions
 			} else if builder, ok := s.executor.containerMap[from]; ok {
@ -633,6 +633,7 @@ func (s *StageExecutor) prepare(ctx context.Context, from string, initializeIBCo
 		Devices:               s.executor.devices,
 		MaxPullRetries:        s.executor.maxPullPushRetries,
 		PullRetryDelay:        s.executor.retryPullPushDelay,
 		OciDecryptConfig:      s.executor.ociDecryptConfig,
 	}
 	// Check and see if the image is a pseudonym for the end result of a
@ -868,13 +869,10 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 				if len(arr) != 2 {
 					return "", nil, errors.Errorf("%s: invalid --from flag, should be --from=<name|stage>", command)
 				}
-				otherStage, ok := s.executor.stages[arr[1]]
+				if otherStage, ok := s.executor.stages[arr[1]]; ok && otherStage.index < s.index {
 				if !ok {
 					if mountPoint, err = s.getImageRootfs(ctx, arr[1]); err != nil {
 						return "", nil, errors.Errorf("%s --from=%s: no stage or image found with that name", command, arr[1])
 					}
 				} else {
 					mountPoint = otherStage.mountPoint
 				} else if mountPoint, err = s.getImageRootfs(ctx, arr[1]); err != nil {
 					return "", nil, errors.Errorf("%s --from=%s: no stage or image found with that name", command, arr[1])
 				}
 				s.copyFrom = mountPoint
 				break
--- a/vendor/github.com/containers/buildah/new.go
+++ b/vendor/github.com/containers/buildah/new.go
@ -36,6 +36,7 @@ func pullAndFindImage(ctx context.Context, store storage.Store, srcRef types.Ima
 		BlobDirectory:    options.BlobDirectory,
 		MaxRetries:       options.MaxPullRetries,
 		RetryDelay:       options.PullRetryDelay,
 		OciDecryptConfig: options.OciDecryptConfig,
 	}
 	ref, err := pullImage(ctx, store, srcRef, pullOptions, sc)
 	if err != nil {
--- a/vendor/github.com/containers/buildah/pkg/cli/common.go
+++ b/vendor/github.com/containers/buildah/pkg/cli/common.go
@ -57,6 +57,7 @@ type BudResults struct {
 	Creds               string
 	DisableCompression  bool
 	DisableContentTrust bool
 	DecryptionKeys      []string
 	File                []string
 	Format              string
 	Iidfile             string
--- a/vendor/github.com/containers/buildah/pull.go
+++ b/vendor/github.com/containers/buildah/pull.go
@ -19,6 +19,7 @@ import (
 	is "github.com/containers/image/v5/storage"
 	"github.com/containers/image/v5/transports"
 	"github.com/containers/image/v5/types"
 	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	multierror "github.com/hashicorp/go-multierror"
 	"github.com/pkg/errors"
@ -56,6 +57,9 @@ type PullOptions struct {
 	MaxRetries int
 	// RetryDelay is how long to wait before retrying a pull attempt.
 	RetryDelay time.Duration
 	// OciDecryptConfig contains the config that can be used to decrypt an image if it is
 	// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
 	OciDecryptConfig *encconfig.DecryptConfig
 }
 func localImageNameForReference(ctx context.Context, store storage.Store, srcRef types.ImageReference) (string, error) {
@ -164,6 +168,7 @@ func Pull(ctx context.Context, imageName string, options PullOptions) (imageID s
 		ReportWriter:        options.ReportWriter,
 		MaxPullRetries:      options.MaxRetries,
 		PullRetryDelay:      options.RetryDelay,
 		OciDecryptConfig:    options.OciDecryptConfig,
 	}
 	storageRef, transport, img, err := resolveImage(ctx, systemContext, options.Store, boptions)
@ -275,7 +280,7 @@ func pullImage(ctx context.Context, store storage.Store, srcRef types.ImageRefer
 	}()
 	logrus.Debugf("copying %q to %q", transports.ImageName(srcRef), destName)
-	if _, err := retryCopyImage(ctx, policyContext, maybeCachedDestRef, srcRef, srcRef, "pull", getCopyOptions(store, options.ReportWriter, sc, nil, "", options.RemoveSignatures, ""), options.MaxRetries, options.RetryDelay); err != nil {
+	if _, err := retryCopyImage(ctx, policyContext, maybeCachedDestRef, srcRef, srcRef, "pull", getCopyOptions(store, options.ReportWriter, sc, nil, "", options.RemoveSignatures, "", nil, nil, options.OciDecryptConfig), options.MaxRetries, options.RetryDelay); err != nil {
 		logrus.Debugf("error copying src image [%q] to dest image [%q] err: %v", transports.ImageName(srcRef), destName, err)
 		return nil, err
 	}
--- a/vendor/github.com/containers/buildah/util/util.go
+++ b/vendor/github.com/containers/buildah/util/util.go
@ -74,7 +74,7 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto
 		return []string{strings.TrimPrefix(name, DefaultTransport)}, DefaultTransport, false, nil
 	}
 	split := strings.SplitN(name, ":", 2)
-	if len(split) == 2 {
+	if StartsWithValidTransport(name) && len(split) == 2 {
 		if trans := transports.Get(split[0]); trans != nil {
 			return []string{split[1]}, trans.Name(), false, nil
 		}
@ -148,6 +148,12 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto
 	return candidates, DefaultTransport, searchRegistriesAreEmpty, nil
 }
 // StartsWithValidTransport validates the name starts with Buildah supported transport
 // to avoid the corner case image name same as the transport name
 func StartsWithValidTransport(name string) bool {
 	return strings.HasPrefix(name, "dir:") || strings.HasPrefix(name, "docker://") || strings.HasPrefix(name, "docker-archive:") || strings.HasPrefix(name, "docker-daemon:") || strings.HasPrefix(name, "oci:") || strings.HasPrefix(name, "oci-archive:")
 }
 // ExpandNames takes unqualified names, parses them as image names, and returns
 // the fully expanded result, including a tag.  Names which don't include a registry
 // name will be marked for the most-preferred registry (i.e., the first one in our
--- a/vendor/github.com/openshift/api/LICENSE
+++ b/vendor/github.com/openshift/api/LICENSE
@ -1,201 +0,0 @@
                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/
   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
   1. Definitions.
      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.
      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.
      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."
      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.
   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.
   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and
      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.
      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.
   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
   END OF TERMS AND CONDITIONS
   APPENDIX: How to apply the Apache License to your work.
      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "{}"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
   Copyright {yyyy} {name of copyright owner}
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml
@ -1,164 +0,0 @@
 kind: CustomResourceDefinition
 apiVersion: apiextensions.k8s.io/v1beta1
 metadata:
  name: clusteroperators.config.openshift.io
 spec:
  additionalPrinterColumns:
  - JSONPath: .status.versions[?(@.name=="operator")].version
    description: The version the operator is at.
    name: Version
    type: string
  - JSONPath: .status.conditions[?(@.type=="Available")].status
    description: Whether the operator is running and stable.
    name: Available
    type: string
  - JSONPath: .status.conditions[?(@.type=="Progressing")].status
    description: Whether the operator is processing changes.
    name: Progressing
    type: string
  - JSONPath: .status.conditions[?(@.type=="Degraded")].status
    description: Whether the operator is degraded.
    name: Degraded
    type: string
  - JSONPath: .status.conditions[?(@.type=="Available")].lastTransitionTime
    description: The time the operator's Available status last changed.
    name: Since
    type: date
  group: config.openshift.io
  names:
    kind: ClusterOperator
    listKind: ClusterOperatorList
    plural: clusteroperators
    singular: clusteroperator
    shortNames:
    - co
  preserveUnknownFields: false
  scope: Cluster
  subresources:
    status: {}
  version: v1
  versions:
  - name: v1
    served: true
    storage: true
  validation:
    openAPIV3Schema:
      description: ClusterOperator is the Custom Resource object which holds the current
        state of an operator. This object is used by operators to convey their state
        to the rest of the cluster.
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds configuration that could apply to any operator.
          type: object
        status:
          description: status holds the information about the state of an operator.  It
            is consistent with status information across the Kubernetes ecosystem.
          type: object
          properties:
            conditions:
              description: conditions describes the state of the operator's managed
                and monitored components.
              type: array
              items:
                description: ClusterOperatorStatusCondition represents the state of
                  the operator's managed and monitored components.
                type: object
                required:
                - lastTransitionTime
                - status
                - type
                properties:
                  lastTransitionTime:
                    description: lastTransitionTime is the time of the last update
                      to the current status property.
                    type: string
                    format: date-time
                  message:
                    description: message provides additional information about the
                      current condition. This is only to be consumed by humans.
                    type: string
                  reason:
                    description: reason is the CamelCase reason for the condition's
                      current status.
                    type: string
                  status:
                    description: status of the condition, one of True, False, Unknown.
                    type: string
                  type:
                    description: type specifies the aspect reported by this condition.
                    type: string
            extension:
              description: extension contains any additional status information specific
                to the operator which owns this status object.
              type: object
              nullable: true
              x-kubernetes-preserve-unknown-fields: true
            relatedObjects:
              description: 'relatedObjects is a list of objects that are "interesting"
                or related to this operator.  Common uses are: 1. the detailed resource
                driving the operator 2. operator namespaces 3. operand namespaces'
              type: array
              items:
                description: ObjectReference contains enough information to let you
                  inspect or modify the referred object.
                type: object
                required:
                - group
                - name
                - resource
                properties:
                  group:
                    description: group of the referent.
                    type: string
                  name:
                    description: name of the referent.
                    type: string
                  namespace:
                    description: namespace of the referent.
                    type: string
                  resource:
                    description: resource of the referent.
                    type: string
            versions:
              description: versions is a slice of operator and operand version tuples.  Operators
                which manage multiple operands will have multiple operand entries
                in the array.  Available operators must report the version of the
                operator itself with the name "operator". An operator reports a new
                "operator" version when it has rolled out the new version to all of
                its operands.
              type: array
              items:
                type: object
                required:
                - name
                - version
                properties:
                  name:
                    description: name is the name of the particular operand this version
                      is for.  It usually matches container images, not operators.
                    type: string
                  version:
                    description: version indicates which version of a particular operand
                      is currently being managed.  It must always match the Available
                      operand.  If 1.0.0 is Available, then this must indicate 1.0.0
                      even if the operator is trying to rollout 1.1.0
                    type: string
  versions:
  - name: v1
    served: true
    storage: true
--- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml
@ -1,328 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: clusterversions.config.openshift.io
 spec:
  group: config.openshift.io
  versions:
  - name: v1
    served: true
    storage: true
  scope: Cluster
  subresources:
    status: {}
  names:
    plural: clusterversions
    singular: clusterversion
    kind: ClusterVersion
  preserveUnknownFields: false
  additionalPrinterColumns:
  - name: Version
    type: string
    JSONPath: .status.history[?(@.state=="Completed")].version
  - name: Available
    type: string
    JSONPath: .status.conditions[?(@.type=="Available")].status
  - name: Progressing
    type: string
    JSONPath: .status.conditions[?(@.type=="Progressing")].status
  - name: Since
    type: date
    JSONPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime
  - name: Status
    type: string
    JSONPath: .status.conditions[?(@.type=="Progressing")].message
  validation:
    openAPIV3Schema:
      description: ClusterVersion is the configuration for the ClusterVersionOperator.
        This is where parameters related to automatic updates can be set.
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec is the desired state of the cluster version - the operator
            will work to ensure that the desired version is applied to the cluster.
          type: object
          required:
          - clusterID
          properties:
            channel:
              description: channel is an identifier for explicitly requesting that
                a non-default set of updates be applied to this cluster. The default
                channel will be contain stable updates that are appropriate for production
                clusters.
              type: string
            clusterID:
              description: clusterID uniquely identifies this cluster. This is expected
                to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
                in hexadecimal values). This is a required field.
              type: string
            desiredUpdate:
              description: "desiredUpdate is an optional field that indicates the
                desired value of the cluster version. Setting this value will trigger
                an upgrade (if the current version does not match the desired version).
                The set of recommended update values is listed as part of available
                updates in status, and setting values outside that range may cause
                the upgrade to fail. You may specify the version field without setting
                image if an update exists with that version in the availableUpdates
                or history. \n If an upgrade fails the operator will halt and report
                status about the failing component. Setting the desired update value
                back to the previous version will cause a rollback to be attempted.
                Not all rollbacks will succeed."
              type: object
              properties:
                force:
                  description: "force allows an administrator to update to an image
                    that has failed verification, does not appear in the availableUpdates
                    list, or otherwise would be blocked by normal protections on update.
                    This option should only be used when the authenticity of the provided
                    image has been verified out of band because the provided image
                    will run with full administrative access to the cluster. Do not
                    use this flag with images that comes from unknown or potentially
                    malicious sources. \n This flag does not override other forms
                    of consistency checking that are required before a new update
                    is deployed."
                  type: boolean
                image:
                  description: image is a container image location that contains the
                    update. When this field is part of spec, image is optional if
                    version is specified and the availableUpdates field contains a
                    matching version.
                  type: string
                version:
                  description: version is a semantic versioning identifying the update
                    version. When this field is part of spec, version is optional
                    if image is specified.
                  type: string
            overrides:
              description: overrides is list of overides for components that are managed
                by cluster version operator. Marking a component unmanaged will prevent
                the operator from creating or updating the object.
              type: array
              items:
                description: ComponentOverride allows overriding cluster version operator's
                  behavior for a component.
                type: object
                required:
                - group
                - kind
                - name
                - namespace
                - unmanaged
                properties:
                  group:
                    description: group identifies the API group that the kind is in.
                    type: string
                  kind:
                    description: kind indentifies which object to override.
                    type: string
                  name:
                    description: name is the component's name.
                    type: string
                  namespace:
                    description: namespace is the component's namespace. If the resource
                      is cluster scoped, the namespace should be empty.
                    type: string
                  unmanaged:
                    description: 'unmanaged controls if cluster version operator should
                      stop managing the resources in this cluster. Default: false'
                    type: boolean
            upstream:
              description: upstream may be used to specify the preferred update server.
                By default it will use the appropriate update server for the cluster
                and region.
              type: string
        status:
          description: status contains information about the available updates and
            any in-progress updates.
          type: object
          required:
          - availableUpdates
          - desired
          - observedGeneration
          - versionHash
          properties:
            availableUpdates:
              description: availableUpdates contains the list of updates that are
                appropriate for this cluster. This list may be empty if no updates
                are recommended, if the update service is unavailable, or if an invalid
                channel has been specified.
              type: array
              items:
                description: Update represents a release of the ClusterVersionOperator,
                  referenced by the Image member.
                type: object
                properties:
                  force:
                    description: "force allows an administrator to update to an image
                      that has failed verification, does not appear in the availableUpdates
                      list, or otherwise would be blocked by normal protections on
                      update. This option should only be used when the authenticity
                      of the provided image has been verified out of band because
                      the provided image will run with full administrative access
                      to the cluster. Do not use this flag with images that comes
                      from unknown or potentially malicious sources. \n This flag
                      does not override other forms of consistency checking that are
                      required before a new update is deployed."
                    type: boolean
                  image:
                    description: image is a container image location that contains
                      the update. When this field is part of spec, image is optional
                      if version is specified and the availableUpdates field contains
                      a matching version.
                    type: string
                  version:
                    description: version is a semantic versioning identifying the
                      update version. When this field is part of spec, version is
                      optional if image is specified.
                    type: string
              nullable: true
            conditions:
              description: conditions provides information about the cluster version.
                The condition "Available" is set to true if the desiredUpdate has
                been reached. The condition "Progressing" is set to true if an update
                is being applied. The condition "Degraded" is set to true if an update
                is currently blocked by a temporary or permanent error. Conditions
                are only valid for the current desiredUpdate when metadata.generation
                is equal to status.generation.
              type: array
              items:
                description: ClusterOperatorStatusCondition represents the state of
                  the operator's managed and monitored components.
                type: object
                required:
                - lastTransitionTime
                - status
                - type
                properties:
                  lastTransitionTime:
                    description: lastTransitionTime is the time of the last update
                      to the current status property.
                    type: string
                    format: date-time
                  message:
                    description: message provides additional information about the
                      current condition. This is only to be consumed by humans.
                    type: string
                  reason:
                    description: reason is the CamelCase reason for the condition's
                      current status.
                    type: string
                  status:
                    description: status of the condition, one of True, False, Unknown.
                    type: string
                  type:
                    description: type specifies the aspect reported by this condition.
                    type: string
            desired:
              description: desired is the version that the cluster is reconciling
                towards. If the cluster is not yet fully initialized desired will
                be set with the information available, which may be an image or a
                tag.
              type: object
              properties:
                force:
                  description: "force allows an administrator to update to an image
                    that has failed verification, does not appear in the availableUpdates
                    list, or otherwise would be blocked by normal protections on update.
                    This option should only be used when the authenticity of the provided
                    image has been verified out of band because the provided image
                    will run with full administrative access to the cluster. Do not
                    use this flag with images that comes from unknown or potentially
                    malicious sources. \n This flag does not override other forms
                    of consistency checking that are required before a new update
                    is deployed."
                  type: boolean
                image:
                  description: image is a container image location that contains the
                    update. When this field is part of spec, image is optional if
                    version is specified and the availableUpdates field contains a
                    matching version.
                  type: string
                version:
                  description: version is a semantic versioning identifying the update
                    version. When this field is part of spec, version is optional
                    if image is specified.
                  type: string
            history:
              description: history contains a list of the most recent versions applied
                to the cluster. This value may be empty during cluster startup, and
                then will be updated when a new update is being applied. The newest
                update is first in the list and it is ordered by recency. Updates
                in the history have state Completed if the rollout completed - if
                an update was failing or halfway applied the state will be Partial.
                Only a limited amount of update history is preserved.
              type: array
              items:
                description: UpdateHistory is a single attempted update to the cluster.
                type: object
                required:
                - completionTime
                - image
                - startedTime
                - state
                - verified
                properties:
                  completionTime:
                    description: completionTime, if set, is when the update was fully
                      applied. The update that is currently being applied will have
                      a null completion time. Completion time will always be set for
                      entries that are not the current update (usually to the started
                      time of the next update).
                    type: string
                    format: date-time
                    nullable: true
                  image:
                    description: image is a container image location that contains
                      the update. This value is always populated.
                    type: string
                  startedTime:
                    description: startedTime is the time at which the update was started.
                    type: string
                    format: date-time
                  state:
                    description: state reflects whether the update was fully applied.
                      The Partial state indicates the update is not fully applied,
                      while the Completed state indicates the update was successfully
                      rolled out at least once (all parts of the update successfully
                      applied).
                    type: string
                  verified:
                    description: verified indicates whether the provided update was
                      properly verified before it was installed. If this is false
                      the cluster may not be trusted.
                    type: boolean
                  version:
                    description: version is a semantic versioning identifying the
                      update version. If the requested image does not define a version,
                      or if a failure occurs retrieving the image, this value may
                      be empty.
                    type: string
            observedGeneration:
              description: observedGeneration reports which version of the spec is
                being synced. If this value is not equal to metadata.generation, then
                the desired and conditions fields may represent a previous version.
              type: integer
              format: int64
            versionHash:
              description: versionHash is a fingerprint of the content that the cluster
                will be updated with. It is used by the operator to avoid unnecessary
                work and is for internal use only.
              type: string
  versions:
  - name: v1
    served: true
    storage: true
--- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml
@ -1,101 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: operatorhubs.config.openshift.io
 spec:
  group: config.openshift.io
  names:
    kind: OperatorHub
    listKind: OperatorHubList
    plural: operatorhubs
    singular: operatorhub
  scope: Cluster
  preserveUnknownFields: false
  subresources:
    status: {}
  version: v1
  versions:
  - name: v1
    served: true
    storage: true
  "validation":
    "openAPIV3Schema":
      description: OperatorHub is the Schema for the operatorhubs API. It can be used
        to change the state of the default hub sources for OperatorHub on the cluster
        from enabled to disabled and vice versa.
      type: object
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: OperatorHubSpec defines the desired state of OperatorHub
          type: object
          properties:
            disableAllDefaultSources:
              description: disableAllDefaultSources allows you to disable all the
                default hub sources. If this is true, a specific entry in sources
                can be used to enable a default source. If this is false, a specific
                entry in sources can be used to disable or enable a default source.
              type: boolean
            sources:
              description: sources is the list of default hub sources and their configuration.
                If the list is empty, it implies that the default hub sources are
                enabled on the cluster unless disableAllDefaultSources is true. If
                disableAllDefaultSources is true and sources is not empty, the configuration
                present in sources will take precedence. The list of default hub sources
                and their current state will always be reflected in the status block.
              type: array
              items:
                description: HubSource is used to specify the hub source and its configuration
                type: object
                properties:
                  disabled:
                    description: disabled is used to disable a default hub source
                      on cluster
                    type: boolean
                  name:
                    description: name is the name of one of the default hub sources
                    type: string
                    maxLength: 253
                    minLength: 1
        status:
          description: OperatorHubStatus defines the observed state of OperatorHub.
            The current state of the default hub sources will always be reflected
            here.
          type: object
          properties:
            sources:
              description: sources encapsulates the result of applying the configuration
                for each hub source
              type: array
              items:
                description: HubSourceStatus is used to reflect the current state
                  of applying the configuration to a default source
                type: object
                properties:
                  disabled:
                    description: disabled is used to disable a default hub source
                      on cluster
                    type: boolean
                  message:
                    description: message provides more information regarding failures
                    type: string
                  name:
                    description: name is the name of one of the default hub sources
                    type: string
                    maxLength: 253
                    minLength: 1
                  status:
                    description: status indicates success or failure in applying the
                      configuration
                    type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml
@ -1,98 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: proxies.config.openshift.io
 spec:
  group: config.openshift.io
  scope: Cluster
  preserveUnknownFields: false
  versions:
  - name: v1
    served: true
    storage: true
  names:
    kind: Proxy
    listKind: ProxyList
    plural: proxies
    singular: proxy
  subresources:
    status: {}
  "validation":
    "openAPIV3Schema":
      description: Proxy holds cluster-wide information on how to configure default
        proxies for the cluster. The canonical name is `cluster`
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: Spec holds user-settable values for the proxy configuration
          type: object
          properties:
            httpProxy:
              description: httpProxy is the URL of the proxy for HTTP requests.  Empty
                means unset and will not result in an env var.
              type: string
            httpsProxy:
              description: httpsProxy is the URL of the proxy for HTTPS requests.  Empty
                means unset and will not result in an env var.
              type: string
            noProxy:
              description: noProxy is a comma-separated list of hostnames and/or CIDRs
                for which the proxy should not be used. Empty means unset and will
                not result in an env var.
              type: string
            readinessEndpoints:
              description: readinessEndpoints is a list of endpoints used to verify
                readiness of the proxy.
              type: array
              items:
                type: string
            trustedCA:
              description: "trustedCA is a reference to a ConfigMap containing a CA
                certificate bundle used for client egress HTTPS connections. The certificate
                bundle must be from the CA that signed the proxy's certificate and
                be signed for everything. The trustedCA field should only be consumed
                by a proxy validator. The validator is responsible for reading the
                certificate bundle from required key \"ca-bundle.crt\" and copying
                it to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\"
                namespace. The namespace for the ConfigMap referenced by trustedCA
                is \"openshift-config\". Here is an example ConfigMap (in yaml): \n
                apiVersion: v1 kind: ConfigMap metadata:  name: user-ca-bundle  namespace:
                openshift-config  data:    ca-bundle.crt: |      -----BEGIN CERTIFICATE-----
                \     Custom CA certificate bundle.      -----END CERTIFICATE-----"
              type: object
              required:
              - name
              properties:
                name:
                  description: name is the metadata.name of the referenced config
                    map
                  type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
          properties:
            httpProxy:
              description: httpProxy is the URL of the proxy for HTTP requests.
              type: string
            httpsProxy:
              description: httpsProxy is the URL of the proxy for HTTPS requests.
              type: string
            noProxy:
              description: noProxy is a comma-separated list of hostnames and/or CIDRs
                for which the proxy should not be used.
              type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml
@ -1,219 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: apiservers.config.openshift.io
 spec:
  group: config.openshift.io
  scope: Cluster
  preserveUnknownFields: false
  names:
    kind: APIServer
    singular: apiserver
    plural: apiservers
    listKind: APIServerList
  versions:
  - name: v1
    served: true
    storage: true
  subresources:
    status: {}
  "validation":
    "openAPIV3Schema":
      description: APIServer holds configuration (like serving certificates, client
        CA and CORS domains) shared by all API servers in the system, among them especially
        kube-apiserver and openshift-apiserver. The canonical name of an instance
        is 'cluster'.
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          type: object
          properties:
            additionalCORSAllowedOrigins:
              description: additionalCORSAllowedOrigins lists additional, user-defined
                regular expressions describing hosts for which the API server allows
                access using the CORS headers. This may be needed to access the API
                and the integrated OAuth server from JavaScript applications. The
                values are regular expressions that correspond to the Golang regular
                expression language.
              type: array
              items:
                type: string
            clientCA:
              description: 'clientCA references a ConfigMap containing a certificate
                bundle for the signers that will be recognized for incoming client
                certificates in addition to the operator managed signers. If this
                is empty, then only operator managed signers are valid. You usually
                only have to set this if you have your own PKI you wish to honor client
                certificates from. The ConfigMap must exist in the openshift-config
                namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"]
                - CA bundle.'
              type: object
              required:
              - name
              properties:
                name:
                  description: name is the metadata.name of the referenced config
                    map
                  type: string
            encryption:
              description: encryption allows the configuration of encryption of resources
                at the datastore layer.
              type: object
              properties:
                type:
                  description: "type defines what encryption type should be used to
                    encrypt resources at the datastore layer. When this field is unset
                    (i.e. when it is set to the empty string), identity is implied.
                    The behavior of unset can and will change over time.  Even if
                    encryption is enabled by default, the meaning of unset may change
                    to a different encryption type based on changes in best practices.
                    \n When encryption is enabled, all sensitive resources shipped
                    with the platform are encrypted. This list of sensitive resources
                    can and will change over time.  The current authoritative list
                    is: \n   1. secrets   2. configmaps   3. routes.route.openshift.io
                    \  4. oauthaccesstokens.oauth.openshift.io   5. oauthauthorizetokens.oauth.openshift.io"
                  type: string
                  enum:
                  - ""
                  - identity
                  - aescbc
            servingCerts:
              description: servingCert is the TLS cert info for serving secure traffic.
                If not specified, operator managed certificates will be used for serving
                secure traffic.
              type: object
              properties:
                namedCertificates:
                  description: namedCertificates references secrets containing the
                    TLS cert info for serving secure traffic to specific hostnames.
                    If no named certificates are provided, or no named certificates
                    match the server name as understood by a client, the defaultServingCertificate
                    will be used.
                  type: array
                  items:
                    description: APIServerNamedServingCert maps a server DNS name,
                      as understood by a client, to a certificate.
                    type: object
                    properties:
                      names:
                        description: names is a optional list of explicit DNS names
                          (leading wildcards allowed) that should use this certificate
                          to serve secure traffic. If no names are provided, the implicit
                          names will be extracted from the certificates. Exact names
                          trump over wildcard names. Explicit names defined here trump
                          over extracted implicit names.
                        type: array
                        items:
                          type: string
                      servingCertificate:
                        description: 'servingCertificate references a kubernetes.io/tls
                          type secret containing the TLS cert info for serving secure
                          traffic. The secret must exist in the openshift-config namespace
                          and contain the following required fields: - Secret.Data["tls.key"]
                          - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.'
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
            tlsSecurityProfile:
              description: "tlsSecurityProfile specifies settings for TLS connections
                for externally exposed servers. \n If unset, a default (which may
                change between releases) is chosen. Note that only Old and Intermediate
                profiles are currently supported, and the maximum available MinTLSVersions
                is VersionTLS12."
              type: object
              properties:
                custom:
                  description: "custom is a user-defined TLS security profile. Be
                    extremely careful using a custom profile as invalid configurations
                    can be catastrophic. An example custom profile looks like this:
                    \n   ciphers:     - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305
                    \    - ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256
                    \  minTLSVersion: TLSv1.1"
                  type: object
                  properties:
                    ciphers:
                      description: "ciphers is used to specify the cipher algorithms
                        that are negotiated during the TLS handshake.  Operators may
                        remove entries their operands do not support.  For example,
                        to use DES-CBC3-SHA  (yaml): \n   ciphers:     - DES-CBC3-SHA"
                      type: array
                      items:
                        type: string
                    minTLSVersion:
                      description: "minTLSVersion is used to specify the minimal version
                        of the TLS protocol that is negotiated during the TLS handshake.
                        For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):
                        \n   minTLSVersion: TLSv1.1 \n NOTE: currently the highest
                        minTLSVersion allowed is VersionTLS12"
                      type: string
                  nullable: true
                intermediate:
                  description: "intermediate is a TLS security profile based on: \n
                    https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
                    \n and looks like this (yaml): \n   ciphers:     - TLS_AES_128_GCM_SHA256
                    \    - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256
                    \    - ECDHE-ECDSA-AES128-GCM-SHA256     - ECDHE-RSA-AES128-GCM-SHA256
                    \    - ECDHE-ECDSA-AES256-GCM-SHA384     - ECDHE-RSA-AES256-GCM-SHA384
                    \    - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305
                    \    - DHE-RSA-AES128-GCM-SHA256     - DHE-RSA-AES256-GCM-SHA384
                    \  minTLSVersion: TLSv1.2"
                  type: object
                  nullable: true
                modern:
                  description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
                    \n and looks like this (yaml): \n   ciphers:     - TLS_AES_128_GCM_SHA256
                    \    - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256
                    \  minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported."
                  type: object
                  nullable: true
                old:
                  description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
                    \n and looks like this (yaml): \n   ciphers:     - TLS_AES_128_GCM_SHA256
                    \    - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256
                    \    - ECDHE-ECDSA-AES128-GCM-SHA256     - ECDHE-RSA-AES128-GCM-SHA256
                    \    - ECDHE-ECDSA-AES256-GCM-SHA384     - ECDHE-RSA-AES256-GCM-SHA384
                    \    - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305
                    \    - DHE-RSA-AES128-GCM-SHA256     - DHE-RSA-AES256-GCM-SHA384
                    \    - DHE-RSA-CHACHA20-POLY1305     - ECDHE-ECDSA-AES128-SHA256
                    \    - ECDHE-RSA-AES128-SHA256     - ECDHE-ECDSA-AES128-SHA     -
                    ECDHE-RSA-AES128-SHA     - ECDHE-ECDSA-AES256-SHA384     - ECDHE-RSA-AES256-SHA384
                    \    - ECDHE-ECDSA-AES256-SHA     - ECDHE-RSA-AES256-SHA     -
                    DHE-RSA-AES128-SHA256     - DHE-RSA-AES256-SHA256     - AES128-GCM-SHA256
                    \    - AES256-GCM-SHA384     - AES128-SHA256     - AES256-SHA256
                    \    - AES128-SHA     - AES256-SHA     - DES-CBC3-SHA   minTLSVersion:
                    TLSv1.0"
                  type: object
                  nullable: true
                type:
                  description: "type is one of Old, Intermediate, Modern or Custom.
                    Custom provides the ability to specify individual TLS security
                    profile parameters. Old, Intermediate and Modern are TLS security
                    profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
                    \n The profiles are intent based, so they may change over time
                    as new ciphers are developed and existing ciphers are found to
                    be insecure.  Depending on precisely which ciphers are available
                    to a process, the list may be reduced. \n Note that the Modern
                    profile is currently not supported because it is not yet well
                    adopted by common software libraries."
                  type: string
        status:
          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml
@ -1,123 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: authentications.config.openshift.io
 spec:
  group: config.openshift.io
  names:
    kind: Authentication
    listKind: AuthenticationList
    plural: authentications
    singular: authentication
  scope: Cluster
  preserveUnknownFields: false
  subresources:
    status: {}
  versions:
  - name: v1
    served: true
    storage: true
  "validation":
    "openAPIV3Schema":
      description: Authentication specifies cluster-wide settings for authentication
        (like OAuth and webhook token authenticators). The canonical name of an instance
        is `cluster`.
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration
          type: object
          properties:
            oauthMetadata:
              description: 'oauthMetadata contains the discovery endpoint data for
                OAuth 2.0 Authorization Server Metadata for an external OAuth server.
                This discovery document can be viewed from its served location: oc
                get --raw ''/.well-known/oauth-authorization-server'' For further
                details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
                If oauthMetadata.name is non-empty, this value has precedence over
                any metadata reference stored in status. The key "oauthMetadata" is
                used to locate the data. If specified and the config map or expected
                key is not found, no metadata is served. If the specified metadata
                is not valid, no metadata is served. The namespace for this config
                map is openshift-config.'
              type: object
              required:
              - name
              properties:
                name:
                  description: name is the metadata.name of the referenced config
                    map
                  type: string
            type:
              description: type identifies the cluster managed, user facing authentication
                mode in use. Specifically, it manages the component that responds
                to login attempts. The default is IntegratedOAuth.
              type: string
            webhookTokenAuthenticators:
              description: webhookTokenAuthenticators configures remote token reviewers.
                These remote authentication webhooks can be used to verify bearer
                tokens via the tokenreviews.authentication.k8s.io REST API.  This
                is required to honor bearer tokens that are provisioned by an external
                authentication service. The namespace for these secrets is openshift-config.
              type: array
              items:
                description: webhookTokenAuthenticator holds the necessary configuration
                  options for a remote token authenticator
                type: object
                properties:
                  kubeConfig:
                    description: 'kubeConfig contains kube config file data which
                      describes how to access the remote webhook service. For further
                      details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
                      The key "kubeConfig" is used to locate the data. If the secret
                      or expected key is not found, the webhook is not honored. If
                      the specified kube config data is not valid, the webhook is
                      not honored. The namespace for this secret is determined by
                      the point of use.'
                    type: object
                    required:
                    - name
                    properties:
                      name:
                        description: name is the metadata.name of the referenced secret
                        type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
          properties:
            integratedOAuthMetadata:
              description: 'integratedOAuthMetadata contains the discovery endpoint
                data for OAuth 2.0 Authorization Server Metadata for the in-cluster
                integrated OAuth server. This discovery document can be viewed from
                its served location: oc get --raw ''/.well-known/oauth-authorization-server''
                For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
                This contains the observed value based on cluster state. An explicitly
                set value in spec.oauthMetadata has precedence over this field. This
                field has no meaning if authentication spec.type is not set to IntegratedOAuth.
                The key "oauthMetadata" is used to locate the data. If the config
                map or expected key is not found, no metadata is served. If the specified
                metadata is not valid, no metadata is served. The namespace for this
                config map is openshift-config-managed.'
              type: object
              required:
              - name
              properties:
                name:
                  description: name is the metadata.name of the referenced config
                    map
                  type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml
@ -1,366 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: builds.config.openshift.io
 spec:
  group: config.openshift.io
  scope: Cluster
  preserveUnknownFields: false
  names:
    kind: Build
    singular: build
    plural: builds
    listKind: BuildList
  versions:
  - name: v1
    served: true
    storage: true
  subresources:
    status: {}
  "validation":
    "openAPIV3Schema":
      description: "Build configures the behavior of OpenShift builds for the entire
        cluster. This includes default settings that can be overridden in BuildConfig
        objects, and overrides which are applied to all builds. \n The canonical name
        is \"cluster\""
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: Spec holds user-settable values for the build controller configuration
          type: object
          properties:
            additionalTrustedCA:
              description: "AdditionalTrustedCA is a reference to a ConfigMap containing
                additional CAs that should be trusted for image pushes and pulls during
                builds. The namespace for this config map is openshift-config. \n
                DEPRECATED: Additional CAs for image pull and push should be set on
                image.config.openshift.io/cluster instead."
              type: object
              required:
              - name
              properties:
                name:
                  description: name is the metadata.name of the referenced config
                    map
                  type: string
            buildDefaults:
              description: BuildDefaults controls the default information for Builds
              type: object
              properties:
                defaultProxy:
                  description: "DefaultProxy contains the default proxy settings for
                    all build operations, including image pull/push and source download.
                    \n Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`,
                    and `NO_PROXY` environment variables in the build config's strategy."
                  type: object
                  properties:
                    httpProxy:
                      description: httpProxy is the URL of the proxy for HTTP requests.  Empty
                        means unset and will not result in an env var.
                      type: string
                    httpsProxy:
                      description: httpsProxy is the URL of the proxy for HTTPS requests.  Empty
                        means unset and will not result in an env var.
                      type: string
                    noProxy:
                      description: noProxy is a comma-separated list of hostnames
                        and/or CIDRs for which the proxy should not be used. Empty
                        means unset and will not result in an env var.
                      type: string
                    readinessEndpoints:
                      description: readinessEndpoints is a list of endpoints used
                        to verify readiness of the proxy.
                      type: array
                      items:
                        type: string
                    trustedCA:
                      description: "trustedCA is a reference to a ConfigMap containing
                        a CA certificate bundle used for client egress HTTPS connections.
                        The certificate bundle must be from the CA that signed the
                        proxy's certificate and be signed for everything. The trustedCA
                        field should only be consumed by a proxy validator. The validator
                        is responsible for reading the certificate bundle from required
                        key \"ca-bundle.crt\" and copying it to a ConfigMap named
                        \"trusted-ca-bundle\" in the \"openshift-config-managed\"
                        namespace. The namespace for the ConfigMap referenced by trustedCA
                        is \"openshift-config\". Here is an example ConfigMap (in
                        yaml): \n apiVersion: v1 kind: ConfigMap metadata:  name:
                        user-ca-bundle  namespace: openshift-config  data:    ca-bundle.crt:
                        |      -----BEGIN CERTIFICATE-----      Custom CA certificate
                        bundle.      -----END CERTIFICATE-----"
                      type: object
                      required:
                      - name
                      properties:
                        name:
                          description: name is the metadata.name of the referenced
                            config map
                          type: string
                env:
                  description: Env is a set of default environment variables that
                    will be applied to the build if the specified variables do not
                    exist on the build
                  type: array
                  items:
                    description: EnvVar represents an environment variable present
                      in a Container.
                    type: object
                    required:
                    - name
                    properties:
                      name:
                        description: Name of the environment variable. Must be a C_IDENTIFIER.
                        type: string
                      value:
                        description: 'Variable references $(VAR_NAME) are expanded
                          using the previous defined environment variables in the
                          container and any service environment variables. If a variable
                          cannot be resolved, the reference in the input string will
                          be unchanged. The $(VAR_NAME) syntax can be escaped with
                          a double $$, ie: $$(VAR_NAME). Escaped references will never
                          be expanded, regardless of whether the variable exists or
                          not. Defaults to "".'
                        type: string
                      valueFrom:
                        description: Source for the environment variable's value.
                          Cannot be used if value is not empty.
                        type: object
                        properties:
                          configMapKeyRef:
                            description: Selects a key of a ConfigMap.
                            type: object
                            required:
                            - key
                            properties:
                              key:
                                description: The key to select.
                                type: string
                              name:
                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                  TODO: Add other useful fields. apiVersion, kind,
                                  uid?'
                                type: string
                              optional:
                                description: Specify whether the ConfigMap or its
                                  key must be defined
                                type: boolean
                          fieldRef:
                            description: 'Selects a field of the pod: supports metadata.name,
                              metadata.namespace, metadata.labels, metadata.annotations,
                              spec.nodeName, spec.serviceAccountName, status.hostIP,
                              status.podIP, status.podIPs.'
                            type: object
                            required:
                            - fieldPath
                            properties:
                              apiVersion:
                                description: Version of the schema the FieldPath is
                                  written in terms of, defaults to "v1".
                                type: string
                              fieldPath:
                                description: Path of the field to select in the specified
                                  API version.
                                type: string
                          resourceFieldRef:
                            description: 'Selects a resource of the container: only
                              resources limits and requests (limits.cpu, limits.memory,
                              limits.ephemeral-storage, requests.cpu, requests.memory
                              and requests.ephemeral-storage) are currently supported.'
                            type: object
                            required:
                            - resource
                            properties:
                              containerName:
                                description: 'Container name: required for volumes,
                                  optional for env vars'
                                type: string
                              divisor:
                                description: Specifies the output format of the exposed
                                  resources, defaults to "1"
                                type: string
                              resource:
                                description: 'Required: resource to select'
                                type: string
                          secretKeyRef:
                            description: Selects a key of a secret in the pod's namespace
                            type: object
                            required:
                            - key
                            properties:
                              key:
                                description: The key of the secret to select from.  Must
                                  be a valid secret key.
                                type: string
                              name:
                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                  TODO: Add other useful fields. apiVersion, kind,
                                  uid?'
                                type: string
                              optional:
                                description: Specify whether the Secret or its key
                                  must be defined
                                type: boolean
                gitProxy:
                  description: "GitProxy contains the proxy settings for git operations
                    only. If set, this will override any Proxy settings for all git
                    commands, such as git clone. \n Values that are not set here will
                    be inherited from DefaultProxy."
                  type: object
                  properties:
                    httpProxy:
                      description: httpProxy is the URL of the proxy for HTTP requests.  Empty
                        means unset and will not result in an env var.
                      type: string
                    httpsProxy:
                      description: httpsProxy is the URL of the proxy for HTTPS requests.  Empty
                        means unset and will not result in an env var.
                      type: string
                    noProxy:
                      description: noProxy is a comma-separated list of hostnames
                        and/or CIDRs for which the proxy should not be used. Empty
                        means unset and will not result in an env var.
                      type: string
                    readinessEndpoints:
                      description: readinessEndpoints is a list of endpoints used
                        to verify readiness of the proxy.
                      type: array
                      items:
                        type: string
                    trustedCA:
                      description: "trustedCA is a reference to a ConfigMap containing
                        a CA certificate bundle used for client egress HTTPS connections.
                        The certificate bundle must be from the CA that signed the
                        proxy's certificate and be signed for everything. The trustedCA
                        field should only be consumed by a proxy validator. The validator
                        is responsible for reading the certificate bundle from required
                        key \"ca-bundle.crt\" and copying it to a ConfigMap named
                        \"trusted-ca-bundle\" in the \"openshift-config-managed\"
                        namespace. The namespace for the ConfigMap referenced by trustedCA
                        is \"openshift-config\". Here is an example ConfigMap (in
                        yaml): \n apiVersion: v1 kind: ConfigMap metadata:  name:
                        user-ca-bundle  namespace: openshift-config  data:    ca-bundle.crt:
                        |      -----BEGIN CERTIFICATE-----      Custom CA certificate
                        bundle.      -----END CERTIFICATE-----"
                      type: object
                      required:
                      - name
                      properties:
                        name:
                          description: name is the metadata.name of the referenced
                            config map
                          type: string
                imageLabels:
                  description: ImageLabels is a list of docker labels that are applied
                    to the resulting image. User can override a default label by providing
                    a label with the same name in their Build/BuildConfig.
                  type: array
                  items:
                    type: object
                    properties:
                      name:
                        description: Name defines the name of the label. It must have
                          non-zero length.
                        type: string
                      value:
                        description: Value defines the literal value of the label.
                        type: string
                resources:
                  description: Resources defines resource requirements to execute
                    the build.
                  type: object
                  properties:
                    limits:
                      description: 'Limits describes the maximum amount of compute
                        resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
                      type: object
                      additionalProperties:
                        type: string
                    requests:
                      description: 'Requests describes the minimum amount of compute
                        resources required. If Requests is omitted for a container,
                        it defaults to Limits if that is explicitly specified, otherwise
                        to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
                      type: object
                      additionalProperties:
                        type: string
            buildOverrides:
              description: BuildOverrides controls override settings for builds
              type: object
              properties:
                imageLabels:
                  description: ImageLabels is a list of docker labels that are applied
                    to the resulting image. If user provided a label in their Build/BuildConfig
                    with the same name as one in this list, the user's label will
                    be overwritten.
                  type: array
                  items:
                    type: object
                    properties:
                      name:
                        description: Name defines the name of the label. It must have
                          non-zero length.
                        type: string
                      value:
                        description: Value defines the literal value of the label.
                        type: string
                nodeSelector:
                  description: NodeSelector is a selector which must be true for the
                    build pod to fit on a node
                  type: object
                  additionalProperties:
                    type: string
                tolerations:
                  description: Tolerations is a list of Tolerations that will override
                    any existing tolerations set on a build pod.
                  type: array
                  items:
                    description: The pod this Toleration is attached to tolerates
                      any taint that matches the triple <key,value,effect> using the
                      matching operator <operator>.
                    type: object
                    properties:
                      effect:
                        description: Effect indicates the taint effect to match. Empty
                          means match all taint effects. When specified, allowed values
                          are NoSchedule, PreferNoSchedule and NoExecute.
                        type: string
                      key:
                        description: Key is the taint key that the toleration applies
                          to. Empty means match all taint keys. If the key is empty,
                          operator must be Exists; this combination means to match
                          all values and all keys.
                        type: string
                      operator:
                        description: Operator represents a key's relationship to the
                          value. Valid operators are Exists and Equal. Defaults to
                          Equal. Exists is equivalent to wildcard for value, so that
                          a pod can tolerate all taints of a particular category.
                        type: string
                      tolerationSeconds:
                        description: TolerationSeconds represents the period of time
                          the toleration (which must be of effect NoExecute, otherwise
                          this field is ignored) tolerates the taint. By default,
                          it is not set, which means tolerate the taint forever (do
                          not evict). Zero and negative values will be treated as
                          0 (evict immediately) by the system.
                        type: integer
                        format: int64
                      value:
                        description: Value is the taint value the toleration matches
                          to. If the operator is Exists, the value should be empty,
                          otherwise just a regular string.
                        type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml
@ -1,70 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: consoles.config.openshift.io
 spec:
  scope: Cluster
  preserveUnknownFields: false
  group: config.openshift.io
  names:
    kind: Console
    listKind: ConsoleList
    plural: consoles
    singular: console
  subresources:
    status: {}
  versions:
  - name: v1
    served: true
    storage: true
  "validation":
    "openAPIV3Schema":
      description: Console holds cluster-wide configuration for the web console, including
        the logout URL, and reports the public URL of the console. The canonical name
        is `cluster`.
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration
          type: object
          properties:
            authentication:
              description: ConsoleAuthentication defines a list of optional configuration
                for console authentication.
              type: object
              properties:
                logoutRedirect:
                  description: 'An optional, absolute URL to redirect web browsers
                    to after logging out of the console. If not specified, it will
                    redirect to the default login page. This is required when using
                    an identity provider that supports single sign-on (SSO) such as:
                    - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML)
                    - OAuth (GitHub, GitLab, Google) Logging out of the console will
                    destroy the user''s token. The logoutRedirect provides the user
                    the option to perform single logout (SLO) through the identity
                    provider to destroy their single sign-on session.'
                  type: string
                  pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
          properties:
            consoleURL:
              description: The URL for the console. This will be derived from the
                host for the route that is created for the console.
              type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml
@ -1,100 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: dnses.config.openshift.io
 spec:
  group: config.openshift.io
  names:
    kind: DNS
    listKind: DNSList
    plural: dnses
    singular: dns
  scope: Cluster
  preserveUnknownFields: false
  versions:
  - name: v1
    served: true
    storage: true
  subresources:
    status: {}
  "validation":
    "openAPIV3Schema":
      description: DNS holds cluster-wide information about DNS. The canonical name
        is `cluster`
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration
          type: object
          properties:
            baseDomain:
              description: "baseDomain is the base domain of the cluster. All managed
                DNS records will be sub-domains of this base. \n For example, given
                the base domain `openshift.example.com`, an API server DNS record
                may be created for `cluster-api.openshift.example.com`. \n Once set,
                this field cannot be changed."
              type: string
            privateZone:
              description: "privateZone is the location where all the DNS records
                that are only available internally to the cluster exist. \n If this
                field is nil, no private records should be created. \n Once set, this
                field cannot be changed."
              type: object
              properties:
                id:
                  description: "id is the identifier that can be used to find the
                    DNS hosted zone. \n on AWS zone can be fetched using `ID` as id
                    in [1] on Azure zone can be fetched using `ID` as a pre-determined
                    name in [2], on GCP zone can be fetched using `ID` as a pre-determined
                    name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
                    [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
                    [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
                  type: string
                tags:
                  description: "tags can be used to query the DNS hosted zone. \n
                    on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone
                    using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
                  type: object
                  additionalProperties:
                    type: string
            publicZone:
              description: "publicZone is the location where all the DNS records that
                are publicly accessible to the internet exist. \n If this field is
                nil, no public records should be created. \n Once set, this field
                cannot be changed."
              type: object
              properties:
                id:
                  description: "id is the identifier that can be used to find the
                    DNS hosted zone. \n on AWS zone can be fetched using `ID` as id
                    in [1] on Azure zone can be fetched using `ID` as a pre-determined
                    name in [2], on GCP zone can be fetched using `ID` as a pre-determined
                    name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
                    [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
                    [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
                  type: string
                tags:
                  description: "tags can be used to query the DNS hosted zone. \n
                    on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone
                    using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
                  type: object
                  additionalProperties:
                    type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml
@ -1,76 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: featuregates.config.openshift.io
 spec:
  group: config.openshift.io
  version: v1
  scope: Cluster
  preserveUnknownFields: false
  names:
    kind: FeatureGate
    singular: featuregate
    plural: featuregates
    listKind: FeatureGateList
  versions:
  - name: v1
    served: true
    storage: true
  subresources:
    status: {}
  "validation":
    "openAPIV3Schema":
      description: Feature holds cluster-wide information about feature gates.  The
        canonical name is `cluster`
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration
          type: object
          properties:
            customNoUpgrade:
              description: customNoUpgrade allows the enabling or disabling of any
                feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE,
                and PREVENTS UPGRADES. Because of its nature, this setting cannot
                be validated.  If you have any typos or accidentally apply invalid
                combinations your cluster may fail in an unrecoverable way.  featureSet
                must equal "CustomNoUpgrade" must be set to use this field.
              type: object
              properties:
                disabled:
                  description: disabled is a list of all feature gates that you want
                    to force off
                  type: array
                  items:
                    type: string
                enabled:
                  description: enabled is a list of all feature gates that you want
                    to force on
                  type: array
                  items:
                    type: string
              nullable: true
            featureSet:
              description: featureSet changes the list of features in the cluster.  The
                default is empty.  Be very careful adjusting this setting. Turning
                on or off features may cause irreversible changes in your cluster
                which cannot be undone.
              type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml
@ -1,144 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: images.config.openshift.io
 spec:
  group: config.openshift.io
  scope: Cluster
  preserveUnknownFields: false
  names:
    kind: Image
    singular: image
    plural: images
    listKind: ImageList
  versions:
  - name: v1
    served: true
    storage: true
  subresources:
    status: {}
  "validation":
    "openAPIV3Schema":
      description: Image governs policies related to imagestream imports and runtime
        configuration for external registries. It allows cluster admins to configure
        which registries OpenShift is allowed to import images from, extra CA trust
        bundles for external registries, and policies to blacklist/whitelist registry
        hostnames. When exposing OpenShift's image registry to the public, this also
        lets cluster admins specify the external hostname.
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration
          type: object
          properties:
            additionalTrustedCA:
              description: additionalTrustedCA is a reference to a ConfigMap containing
                additional CAs that should be trusted during imagestream import, pod
                image pull, build image pull, and imageregistry pullthrough. The namespace
                for this config map is openshift-config.
              type: object
              required:
              - name
              properties:
                name:
                  description: name is the metadata.name of the referenced config
                    map
                  type: string
            allowedRegistriesForImport:
              description: allowedRegistriesForImport limits the container image registries
                that normal users may import images from. Set this list to the registries
                that you trust to contain valid Docker images and that you want applications
                to be able to import from. Users with permission to create Images
                or ImageStreamMappings via the API are not affected by this policy
                - typically only administrators or system integrations will have those
                permissions.
              type: array
              items:
                description: RegistryLocation contains a location of the registry
                  specified by the registry domain name. The domain name might include
                  wildcards, like '*' or '??'.
                type: object
                properties:
                  domainName:
                    description: domainName specifies a domain name for the registry
                      In case the registry use non-standard (80 or 443) port, the
                      port should be included in the domain name as well.
                    type: string
                  insecure:
                    description: insecure indicates whether the registry is secure
                      (https) or insecure (http) By default (if not specified) the
                      registry is assumed as secure.
                    type: boolean
            externalRegistryHostnames:
              description: externalRegistryHostnames provides the hostnames for the
                default external image registry. The external hostname should be set
                only when the image registry is exposed externally. The first value
                is used in 'publicDockerImageRepository' field in ImageStreams. The
                value must be in "hostname[:port]" format.
              type: array
              items:
                type: string
            registrySources:
              description: registrySources contains configuration that determines
                how the container runtime should treat individual registries when
                accessing images for builds+pods. (e.g. whether or not to allow insecure
                access).  It does not contain configuration for the internal cluster
                registry.
              type: object
              properties:
                allowedRegistries:
                  description: "allowedRegistries are whitelisted for image pull/push.
                    All other registries are blocked. \n Only one of BlockedRegistries
                    or AllowedRegistries may be set."
                  type: array
                  items:
                    type: string
                blockedRegistries:
                  description: "blockedRegistries are blacklisted from image pull/push.
                    All other registries are allowed. \n Only one of BlockedRegistries
                    or AllowedRegistries may be set."
                  type: array
                  items:
                    type: string
                insecureRegistries:
                  description: insecureRegistries are registries which do not have
                    a valid TLS certificates or only support HTTP connections.
                  type: array
                  items:
                    type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
          properties:
            externalRegistryHostnames:
              description: externalRegistryHostnames provides the hostnames for the
                default external image registry. The external hostname should be set
                only when the image registry is exposed externally. The first value
                is used in 'publicDockerImageRepository' field in ImageStreams. The
                value must be in "hostname[:port]" format.
              type: array
              items:
                type: string
            internalRegistryHostname:
              description: internalRegistryHostname sets the hostname for the default
                internal image registry. The value must be in "hostname[:port]" format.
                This value is set by the image registry operator which controls the
                internal registry hostname. For backward compatibility, users can
                still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this
                setting overrides the environment variable.
              type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml
@ -1,221 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: infrastructures.config.openshift.io
 spec:
  group: config.openshift.io
  names:
    kind: Infrastructure
    listKind: InfrastructureList
    plural: infrastructures
    singular: infrastructure
  scope: Cluster
  preserveUnknownFields: false
  versions:
  - name: v1
    served: true
    storage: true
  "validation":
    "openAPIV3Schema":
      description: Infrastructure holds cluster-wide information about Infrastructure.  The
        canonical name is `cluster`
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration
          type: object
          properties:
            cloudConfig:
              description: cloudConfig is a reference to a ConfigMap containing the
                cloud provider configuration file. This configuration file is used
                to configure the Kubernetes cloud provider integration when using
                the built-in cloud provider integration or the external cloud controller
                manager. The namespace for this config map is openshift-config.
              type: object
              properties:
                key:
                  description: Key allows pointing to a specific key/value inside
                    of the configmap.  This is useful for logical file references.
                  type: string
                name:
                  type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
          properties:
            apiServerInternalURI:
              description: apiServerInternalURL is a valid URI with scheme(http/https),
                address and port.  apiServerInternalURL can be used by components
                like kubelets, to contact the Kubernetes API server using the infrastructure
                provider rather than Kubernetes networking.
              type: string
            apiServerURL:
              description: apiServerURL is a valid URI with scheme(http/https), address
                and port.  apiServerURL can be used by components like the web console
                to tell users where to find the Kubernetes API.
              type: string
            etcdDiscoveryDomain:
              description: 'etcdDiscoveryDomain is the domain used to fetch the SRV
                records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery'
              type: string
            infrastructureName:
              description: infrastructureName uniquely identifies a cluster with a
                human friendly name. Once set it should not be changed. Must be of
                max length 27 and must have only alphanumeric or hyphen characters.
              type: string
            platform:
              description: "platform is the underlying infrastructure provider for
                the cluster. \n Deprecated: Use platformStatus.type instead."
              type: string
            platformStatus:
              description: platformStatus holds status information specific to the
                underlying infrastructure provider.
              type: object
              properties:
                aws:
                  description: AWS contains settings specific to the Amazon Web Services
                    infrastructure provider.
                  type: object
                  properties:
                    region:
                      description: region holds the default AWS region for new AWS
                        resources created by the cluster.
                      type: string
                azure:
                  description: Azure contains settings specific to the Azure infrastructure
                    provider.
                  type: object
                  properties:
                    networkResourceGroupName:
                      description: networkResourceGroupName is the Resource Group
                        for network resources like the Virtual Network and Subnets
                        used by the cluster. If empty, the value is same as ResourceGroupName.
                      type: string
                    resourceGroupName:
                      description: resourceGroupName is the Resource Group for new
                        Azure resources created for the cluster.
                      type: string
                baremetal:
                  description: BareMetal contains settings specific to the BareMetal
                    platform.
                  type: object
                  properties:
                    apiServerInternalIP:
                      description: apiServerInternalIP is an IP address to contact
                        the Kubernetes API server that can be used by components inside
                        the cluster, like kubelets using the infrastructure rather
                        than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
                        points to. It is the IP for a self-hosted load balancer in
                        front of the API servers.
                      type: string
                    ingressIP:
                      description: ingressIP is an external IP which routes to the
                        default ingress controller. The IP is a suitable target of
                        a wildcard DNS record used to resolve default route host names.
                      type: string
                    nodeDNSIP:
                      description: nodeDNSIP is the IP address for the internal DNS
                        used by the nodes. Unlike the one managed by the DNS operator,
                        `NodeDNSIP` provides name resolution for the nodes themselves.
                        There is no DNS-as-a-service for BareMetal deployments. In
                        order to minimize necessary changes to the datacenter DNS,
                        a DNS service is hosted as a static pod to serve those hostnames
                        to the nodes in the cluster.
                      type: string
                gcp:
                  description: GCP contains settings specific to the Google Cloud
                    Platform infrastructure provider.
                  type: object
                  properties:
                    projectID:
                      description: resourceGroupName is the Project ID for new GCP
                        resources created for the cluster.
                      type: string
                    region:
                      description: region holds the region for new GCP resources created
                        for the cluster.
                      type: string
                openstack:
                  description: OpenStack contains settings specific to the OpenStack
                    infrastructure provider.
                  type: object
                  properties:
                    apiServerInternalIP:
                      description: apiServerInternalIP is an IP address to contact
                        the Kubernetes API server that can be used by components inside
                        the cluster, like kubelets using the infrastructure rather
                        than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
                        points to. It is the IP for a self-hosted load balancer in
                        front of the API servers.
                      type: string
                    cloudName:
                      description: cloudName is the name of the desired OpenStack
                        cloud in the client configuration file (`clouds.yaml`).
                      type: string
                    ingressIP:
                      description: ingressIP is an external IP which routes to the
                        default ingress controller. The IP is a suitable target of
                        a wildcard DNS record used to resolve default route host names.
                      type: string
                    nodeDNSIP:
                      description: nodeDNSIP is the IP address for the internal DNS
                        used by the nodes. Unlike the one managed by the DNS operator,
                        `NodeDNSIP` provides name resolution for the nodes themselves.
                        There is no DNS-as-a-service for OpenStack deployments. In
                        order to minimize necessary changes to the datacenter DNS,
                        a DNS service is hosted as a static pod to serve those hostnames
                        to the nodes in the cluster.
                      type: string
                ovirt:
                  description: Ovirt contains settings specific to the oVirt infrastructure
                    provider.
                  type: object
                  properties:
                    apiServerInternalIP:
                      description: apiServerInternalIP is an IP address to contact
                        the Kubernetes API server that can be used by components inside
                        the cluster, like kubelets using the infrastructure rather
                        than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
                        points to. It is the IP for a self-hosted load balancer in
                        front of the API servers.
                      type: string
                    ingressIP:
                      description: ingressIP is an external IP which routes to the
                        default ingress controller. The IP is a suitable target of
                        a wildcard DNS record used to resolve default route host names.
                      type: string
                    nodeDNSIP:
                      description: nodeDNSIP is the IP address for the internal DNS
                        used by the nodes. Unlike the one managed by the DNS operator,
                        `NodeDNSIP` provides name resolution for the nodes themselves.
                        There is no DNS-as-a-service for oVirt deployments. In order
                        to minimize necessary changes to the datacenter DNS, a DNS
                        service is hosted as a static pod to serve those hostnames
                        to the nodes in the cluster.
                      type: string
                type:
                  description: type is the underlying infrastructure provider for
                    the cluster. This value controls whether infrastructure automation
                    such as service load balancers, dynamic volume provisioning, machine
                    creation and deletion, and other integrations are enabled. If
                    None, no infrastructure automation is enabled. Allowed values
                    are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack",
                    "VSphere", "oVirt", and "None". Individual components may not
                    support all platforms, and must handle unrecognized platforms
                    as None if they do not support that platform.
                  type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml
@ -1,55 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: ingresses.config.openshift.io
 spec:
  group: config.openshift.io
  names:
    kind: Ingress
    listKind: IngressList
    plural: ingresses
    singular: ingress
  scope: Cluster
  preserveUnknownFields: false
  versions:
  - name: v1
    served: true
    storage: true
  subresources:
    status: {}
  "validation":
    "openAPIV3Schema":
      description: Ingress holds cluster-wide information about ingress, including
        the default ingress domain used for routes. The canonical name is `cluster`.
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration
          type: object
          properties:
            domain:
              description: "domain is used to generate a default host name for a route
                when the route's host name is empty. The generated host name will
                follow this pattern: \"<route-name>.<route-namespace>.<domain>\".
                \n It is also used as the default wildcard domain suffix for ingress.
                The default ingresscontroller domain will follow this pattern: \"*.<domain>\".
                \n Once set, changing domain is not currently supported."
              type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml
@ -1,141 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: networks.config.openshift.io
 spec:
  group: config.openshift.io
  names:
    kind: Network
    listKind: NetworkList
    plural: networks
    singular: network
  scope: Cluster
  preserveUnknownFields: false
  versions:
  - name: v1
    served: true
    storage: true
  "validation":
    "openAPIV3Schema":
      description: 'Network holds cluster-wide information about Network. The canonical
        name is `cluster`. It is used to configure the desired network configuration,
        such as: IP address pools for services/pod IPs, network plugin, etc. Please
        view network.spec for an explanation on what applies when configuring this
        resource.'
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration. As a general
            rule, this SHOULD NOT be read directly. Instead, you should consume the
            NetworkStatus, as it indicates the currently deployed configuration. Currently,
            most spec fields are immutable after installation. Please view the individual
            ones for further details on each.
          type: object
          properties:
            clusterNetwork:
              description: IP address pool to use for pod IPs. This field is immutable
                after installation.
              type: array
              items:
                description: ClusterNetworkEntry is a contiguous block of IP addresses
                  from which pod IPs are allocated.
                type: object
                properties:
                  cidr:
                    description: The complete block for pod IPs.
                    type: string
                  hostPrefix:
                    description: The size (prefix) of block to allocate to each node.
                    type: integer
                    format: int32
                    minimum: 0
            externalIP:
              description: externalIP defines configuration for controllers that affect
                Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.
              type: object
              properties:
                autoAssignCIDRs:
                  description: autoAssignCIDRs is a list of CIDRs from which to automatically
                    assign Service.ExternalIP. These are assigned when the service
                    is of type LoadBalancer. In general, this is only useful for bare-metal
                    clusters. In Openshift 3.x, this was misleadingly called "IngressIPs".
                    Automatically assigned External IPs are not affected by any ExternalIPPolicy
                    rules. Currently, only one entry may be provided.
                  type: array
                  items:
                    type: string
                policy:
                  description: policy is a set of restrictions applied to the ExternalIP
                    field. If nil or empty, then ExternalIP is not allowed to be set.
                  type: object
                  properties:
                    allowedCIDRs:
                      description: allowedCIDRs is the list of allowed CIDRs.
                      type: array
                      items:
                        type: string
                    rejectedCIDRs:
                      description: rejectedCIDRs is the list of disallowed CIDRs.
                        These take precedence over allowedCIDRs.
                      type: array
                      items:
                        type: string
            networkType:
              description: 'NetworkType is the plugin that is to be deployed (e.g.
                OpenShiftSDN). This should match a value that the cluster-network-operator
                understands, or else no networking will be installed. Currently supported
                values are: - OpenShiftSDN This field is immutable after installation.'
              type: string
            serviceNetwork:
              description: IP address pool for services. Currently, we only support
                a single entry here. This field is immutable after installation.
              type: array
              items:
                type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
          properties:
            clusterNetwork:
              description: IP address pool to use for pod IPs.
              type: array
              items:
                description: ClusterNetworkEntry is a contiguous block of IP addresses
                  from which pod IPs are allocated.
                type: object
                properties:
                  cidr:
                    description: The complete block for pod IPs.
                    type: string
                  hostPrefix:
                    description: The size (prefix) of block to allocate to each node.
                    type: integer
                    format: int32
                    minimum: 0
            clusterNetworkMTU:
              description: ClusterNetworkMTU is the MTU for inter-pod networking.
              type: integer
            networkType:
              description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
              type: string
            serviceNetwork:
              description: IP address pool for services. Currently, we only support
                a single entry here.
              type: array
              items:
                type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml
@ -1,661 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: oauths.config.openshift.io
 spec:
  group: config.openshift.io
  names:
    kind: OAuth
    listKind: OAuthList
    plural: oauths
    singular: oauth
  scope: Cluster
  preserveUnknownFields: false
  subresources:
    status: {}
  versions:
  - name: v1
    served: true
    storage: true
  "validation":
    "openAPIV3Schema":
      description: OAuth holds cluster-wide information about OAuth.  The canonical
        name is `cluster`. It is used to configure the integrated OAuth server. This
        configuration is only honored when the top level Authentication config has
        type set to IntegratedOAuth.
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: OAuthSpec contains desired cluster auth configuration
          type: object
          properties:
            identityProviders:
              description: identityProviders is an ordered list of ways for a user
                to identify themselves. When this list is empty, no identities are
                provisioned for users.
              type: array
              items:
                description: IdentityProvider provides identities for users authenticating
                  using credentials
                type: object
                properties:
                  basicAuth:
                    description: basicAuth contains configuration options for the
                      BasicAuth IdP
                    type: object
                    properties:
                      ca:
                        description: ca is an optional reference to a config map by
                          name containing the PEM-encoded CA bundle. It is used as
                          a trust anchor to validate the TLS certificate presented
                          by the remote server. The key "ca.crt" is used to locate
                          the data. If specified and the config map or expected key
                          is not found, the identity provider is not honored. If the
                          specified ca data is not valid, the identity provider is
                          not honored. If empty, the default system roots are used.
                          The namespace for this config map is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              config map
                            type: string
                      tlsClientCert:
                        description: tlsClientCert is an optional reference to a secret
                          by name that contains the PEM-encoded TLS client certificate
                          to present when connecting to the server. The key "tls.crt"
                          is used to locate the data. If specified and the secret
                          or expected key is not found, the identity provider is not
                          honored. If the specified certificate data is not valid,
                          the identity provider is not honored. The namespace for
                          this secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                      tlsClientKey:
                        description: tlsClientKey is an optional reference to a secret
                          by name that contains the PEM-encoded TLS private key for
                          the client certificate referenced in tlsClientCert. The
                          key "tls.key" is used to locate the data. If specified and
                          the secret or expected key is not found, the identity provider
                          is not honored. If the specified certificate data is not
                          valid, the identity provider is not honored. The namespace
                          for this secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                      url:
                        description: url is the remote URL to connect to
                        type: string
                  github:
                    description: github enables user authentication using GitHub credentials
                    type: object
                    properties:
                      ca:
                        description: ca is an optional reference to a config map by
                          name containing the PEM-encoded CA bundle. It is used as
                          a trust anchor to validate the TLS certificate presented
                          by the remote server. The key "ca.crt" is used to locate
                          the data. If specified and the config map or expected key
                          is not found, the identity provider is not honored. If the
                          specified ca data is not valid, the identity provider is
                          not honored. If empty, the default system roots are used.
                          This can only be configured when hostname is set to a non-empty
                          value. The namespace for this config map is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              config map
                            type: string
                      clientID:
                        description: clientID is the oauth client ID
                        type: string
                      clientSecret:
                        description: clientSecret is a required reference to the secret
                          by name containing the oauth client secret. The key "clientSecret"
                          is used to locate the data. If the secret or expected key
                          is not found, the identity provider is not honored. The
                          namespace for this secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                      hostname:
                        description: hostname is the optional domain (e.g. "mycompany.com")
                          for use with a hosted instance of GitHub Enterprise. It
                          must match the GitHub Enterprise settings value configured
                          at /setup/settings#hostname.
                        type: string
                      organizations:
                        description: organizations optionally restricts which organizations
                          are allowed to log in
                        type: array
                        items:
                          type: string
                      teams:
                        description: teams optionally restricts which teams are allowed
                          to log in. Format is <org>/<team>.
                        type: array
                        items:
                          type: string
                  gitlab:
                    description: gitlab enables user authentication using GitLab credentials
                    type: object
                    properties:
                      ca:
                        description: ca is an optional reference to a config map by
                          name containing the PEM-encoded CA bundle. It is used as
                          a trust anchor to validate the TLS certificate presented
                          by the remote server. The key "ca.crt" is used to locate
                          the data. If specified and the config map or expected key
                          is not found, the identity provider is not honored. If the
                          specified ca data is not valid, the identity provider is
                          not honored. If empty, the default system roots are used.
                          The namespace for this config map is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              config map
                            type: string
                      clientID:
                        description: clientID is the oauth client ID
                        type: string
                      clientSecret:
                        description: clientSecret is a required reference to the secret
                          by name containing the oauth client secret. The key "clientSecret"
                          is used to locate the data. If the secret or expected key
                          is not found, the identity provider is not honored. The
                          namespace for this secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                      url:
                        description: url is the oauth server base URL
                        type: string
                  google:
                    description: google enables user authentication using Google credentials
                    type: object
                    properties:
                      clientID:
                        description: clientID is the oauth client ID
                        type: string
                      clientSecret:
                        description: clientSecret is a required reference to the secret
                          by name containing the oauth client secret. The key "clientSecret"
                          is used to locate the data. If the secret or expected key
                          is not found, the identity provider is not honored. The
                          namespace for this secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                      hostedDomain:
                        description: hostedDomain is the optional Google App domain
                          (e.g. "mycompany.com") to restrict logins to
                        type: string
                  htpasswd:
                    description: htpasswd enables user authentication using an HTPasswd
                      file to validate credentials
                    type: object
                    properties:
                      fileData:
                        description: fileData is a required reference to a secret
                          by name containing the data to use as the htpasswd file.
                          The key "htpasswd" is used to locate the data. If the secret
                          or expected key is not found, the identity provider is not
                          honored. If the specified htpasswd data is not valid, the
                          identity provider is not honored. The namespace for this
                          secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                  keystone:
                    description: keystone enables user authentication using keystone
                      password credentials
                    type: object
                    properties:
                      ca:
                        description: ca is an optional reference to a config map by
                          name containing the PEM-encoded CA bundle. It is used as
                          a trust anchor to validate the TLS certificate presented
                          by the remote server. The key "ca.crt" is used to locate
                          the data. If specified and the config map or expected key
                          is not found, the identity provider is not honored. If the
                          specified ca data is not valid, the identity provider is
                          not honored. If empty, the default system roots are used.
                          The namespace for this config map is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              config map
                            type: string
                      domainName:
                        description: domainName is required for keystone v3
                        type: string
                      tlsClientCert:
                        description: tlsClientCert is an optional reference to a secret
                          by name that contains the PEM-encoded TLS client certificate
                          to present when connecting to the server. The key "tls.crt"
                          is used to locate the data. If specified and the secret
                          or expected key is not found, the identity provider is not
                          honored. If the specified certificate data is not valid,
                          the identity provider is not honored. The namespace for
                          this secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                      tlsClientKey:
                        description: tlsClientKey is an optional reference to a secret
                          by name that contains the PEM-encoded TLS private key for
                          the client certificate referenced in tlsClientCert. The
                          key "tls.key" is used to locate the data. If specified and
                          the secret or expected key is not found, the identity provider
                          is not honored. If the specified certificate data is not
                          valid, the identity provider is not honored. The namespace
                          for this secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                      url:
                        description: url is the remote URL to connect to
                        type: string
                  ldap:
                    description: ldap enables user authentication using LDAP credentials
                    type: object
                    properties:
                      attributes:
                        description: attributes maps LDAP attributes to identities
                        type: object
                        properties:
                          email:
                            description: email is the list of attributes whose values
                              should be used as the email address. Optional. If unspecified,
                              no email is set for the identity
                            type: array
                            items:
                              type: string
                          id:
                            description: id is the list of attributes whose values
                              should be used as the user ID. Required. First non-empty
                              attribute is used. At least one attribute is required.
                              If none of the listed attribute have a value, authentication
                              fails. LDAP standard identity attribute is "dn"
                            type: array
                            items:
                              type: string
                          name:
                            description: name is the list of attributes whose values
                              should be used as the display name. Optional. If unspecified,
                              no display name is set for the identity LDAP standard
                              display name attribute is "cn"
                            type: array
                            items:
                              type: string
                          preferredUsername:
                            description: preferredUsername is the list of attributes
                              whose values should be used as the preferred username.
                              LDAP standard login attribute is "uid"
                            type: array
                            items:
                              type: string
                      bindDN:
                        description: bindDN is an optional DN to bind with during
                          the search phase.
                        type: string
                      bindPassword:
                        description: bindPassword is an optional reference to a secret
                          by name containing a password to bind with during the search
                          phase. The key "bindPassword" is used to locate the data.
                          If specified and the secret or expected key is not found,
                          the identity provider is not honored. The namespace for
                          this secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                      ca:
                        description: ca is an optional reference to a config map by
                          name containing the PEM-encoded CA bundle. It is used as
                          a trust anchor to validate the TLS certificate presented
                          by the remote server. The key "ca.crt" is used to locate
                          the data. If specified and the config map or expected key
                          is not found, the identity provider is not honored. If the
                          specified ca data is not valid, the identity provider is
                          not honored. If empty, the default system roots are used.
                          The namespace for this config map is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              config map
                            type: string
                      insecure:
                        description: 'insecure, if true, indicates the connection
                          should not use TLS WARNING: Should not be set to `true`
                          with the URL scheme "ldaps://" as "ldaps://" URLs always          attempt
                          to connect using TLS, even when `insecure` is set to `true`
                          When `true`, "ldap://" URLS connect insecurely. When `false`,
                          "ldap://" URLs are upgraded to a TLS connection using StartTLS
                          as specified in https://tools.ietf.org/html/rfc2830.'
                        type: boolean
                      url:
                        description: 'url is an RFC 2255 URL which specifies the LDAP
                          search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter'
                        type: string
                  mappingMethod:
                    description: mappingMethod determines how identities from this
                      provider are mapped to users Defaults to "claim"
                    type: string
                  name:
                    description: 'name is used to qualify the identities returned
                      by this provider. - It MUST be unique and not shared by any
                      other identity provider used - It MUST be a valid path segment:
                      name cannot equal "." or ".." or contain "/" or "%" or ":"   Ref:
                      https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName'
                    type: string
                  openID:
                    description: openID enables user authentication using OpenID credentials
                    type: object
                    properties:
                      ca:
                        description: ca is an optional reference to a config map by
                          name containing the PEM-encoded CA bundle. It is used as
                          a trust anchor to validate the TLS certificate presented
                          by the remote server. The key "ca.crt" is used to locate
                          the data. If specified and the config map or expected key
                          is not found, the identity provider is not honored. If the
                          specified ca data is not valid, the identity provider is
                          not honored. If empty, the default system roots are used.
                          The namespace for this config map is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              config map
                            type: string
                      claims:
                        description: claims mappings
                        type: object
                        properties:
                          email:
                            description: email is the list of claims whose values
                              should be used as the email address. Optional. If unspecified,
                              no email is set for the identity
                            type: array
                            items:
                              type: string
                          name:
                            description: name is the list of claims whose values should
                              be used as the display name. Optional. If unspecified,
                              no display name is set for the identity
                            type: array
                            items:
                              type: string
                          preferredUsername:
                            description: preferredUsername is the list of claims whose
                              values should be used as the preferred username. If
                              unspecified, the preferred username is determined from
                              the value of the sub claim
                            type: array
                            items:
                              type: string
                      clientID:
                        description: clientID is the oauth client ID
                        type: string
                      clientSecret:
                        description: clientSecret is a required reference to the secret
                          by name containing the oauth client secret. The key "clientSecret"
                          is used to locate the data. If the secret or expected key
                          is not found, the identity provider is not honored. The
                          namespace for this secret is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              secret
                            type: string
                      extraAuthorizeParameters:
                        description: extraAuthorizeParameters are any custom parameters
                          to add to the authorize request.
                        type: object
                        additionalProperties:
                          type: string
                      extraScopes:
                        description: extraScopes are any scopes to request in addition
                          to the standard "openid" scope.
                        type: array
                        items:
                          type: string
                      issuer:
                        description: issuer is the URL that the OpenID Provider asserts
                          as its Issuer Identifier. It must use the https scheme with
                          no query or fragment component.
                        type: string
                  requestHeader:
                    description: requestHeader enables user authentication using request
                      header credentials
                    type: object
                    properties:
                      ca:
                        description: ca is a required reference to a config map by
                          name containing the PEM-encoded CA bundle. It is used as
                          a trust anchor to validate the TLS certificate presented
                          by the remote server. Specifically, it allows verification
                          of incoming requests to prevent header spoofing. The key
                          "ca.crt" is used to locate the data. If the config map or
                          expected key is not found, the identity provider is not
                          honored. If the specified ca data is not valid, the identity
                          provider is not honored. The namespace for this config map
                          is openshift-config.
                        type: object
                        required:
                        - name
                        properties:
                          name:
                            description: name is the metadata.name of the referenced
                              config map
                            type: string
                      challengeURL:
                        description: challengeURL is a URL to redirect unauthenticated
                          /authorize requests to Unauthenticated requests from OAuth
                          clients which expect WWW-Authenticate challenges will be
                          redirected here. ${url} is replaced with the current URL,
                          escaped to be safe in a query parameter   https://www.example.com/sso-login?then=${url}
                          ${query} is replaced with the current query string   https://www.example.com/auth-proxy/oauth/authorize?${query}
                          Required when challenge is set to true.
                        type: string
                      clientCommonNames:
                        description: clientCommonNames is an optional list of common
                          names to require a match from. If empty, any client certificate
                          validated against the clientCA bundle is considered authoritative.
                        type: array
                        items:
                          type: string
                      emailHeaders:
                        description: emailHeaders is the set of headers to check for
                          the email address
                        type: array
                        items:
                          type: string
                      headers:
                        description: headers is the set of headers to check for identity
                          information
                        type: array
                        items:
                          type: string
                      loginURL:
                        description: loginURL is a URL to redirect unauthenticated
                          /authorize requests to Unauthenticated requests from OAuth
                          clients which expect interactive logins will be redirected
                          here ${url} is replaced with the current URL, escaped to
                          be safe in a query parameter   https://www.example.com/sso-login?then=${url}
                          ${query} is replaced with the current query string   https://www.example.com/auth-proxy/oauth/authorize?${query}
                          Required when login is set to true.
                        type: string
                      nameHeaders:
                        description: nameHeaders is the set of headers to check for
                          the display name
                        type: array
                        items:
                          type: string
                      preferredUsernameHeaders:
                        description: preferredUsernameHeaders is the set of headers
                          to check for the preferred username
                        type: array
                        items:
                          type: string
                  type:
                    description: type identifies the identity provider type for this
                      entry.
                    type: string
            templates:
              description: templates allow you to customize pages like the login page.
              type: object
              properties:
                error:
                  description: error is the name of a secret that specifies a go template
                    to use to render error pages during the authentication or grant
                    flow. The key "errors.html" is used to locate the template data.
                    If specified and the secret or expected key is not found, the
                    default error page is used. If the specified template is not valid,
                    the default error page is used. If unspecified, the default error
                    page is used. The namespace for this secret is openshift-config.
                  type: object
                  required:
                  - name
                  properties:
                    name:
                      description: name is the metadata.name of the referenced secret
                      type: string
                login:
                  description: login is the name of a secret that specifies a go template
                    to use to render the login page. The key "login.html" is used
                    to locate the template data. If specified and the secret or expected
                    key is not found, the default login page is used. If the specified
                    template is not valid, the default login page is used. If unspecified,
                    the default login page is used. The namespace for this secret
                    is openshift-config.
                  type: object
                  required:
                  - name
                  properties:
                    name:
                      description: name is the metadata.name of the referenced secret
                      type: string
                providerSelection:
                  description: providerSelection is the name of a secret that specifies
                    a go template to use to render the provider selection page. The
                    key "providers.html" is used to locate the template data. If specified
                    and the secret or expected key is not found, the default provider
                    selection page is used. If the specified template is not valid,
                    the default provider selection page is used. If unspecified, the
                    default provider selection page is used. The namespace for this
                    secret is openshift-config.
                  type: object
                  required:
                  - name
                  properties:
                    name:
                      description: name is the metadata.name of the referenced secret
                      type: string
            tokenConfig:
              description: tokenConfig contains options for authorization and access
                tokens
              type: object
              properties:
                accessTokenInactivityTimeoutSeconds:
                  description: 'accessTokenInactivityTimeoutSeconds defines the default
                    token inactivity timeout for tokens granted by any client. The
                    value represents the maximum amount of time that can occur between
                    consecutive uses of the token. Tokens become invalid if they are
                    not used within this temporal window. The user will need to acquire
                    a new token to regain access once a token times out. Valid values
                    are integer values:   x < 0  Tokens time out is enabled but tokens
                    never timeout unless configured per client (e.g. `-1`)   x = 0  Tokens
                    time out is disabled (default)   x > 0  Tokens time out if there
                    is no activity for x seconds The current minimum allowed value
                    for X is 300 (5 minutes)'
                  type: integer
                  format: int32
                accessTokenMaxAgeSeconds:
                  description: accessTokenMaxAgeSeconds defines the maximum age of
                    access tokens
                  type: integer
                  format: int32
        status:
          description: OAuthStatus shows current known state of OAuth server in the
            cluster
          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml
@ -1,63 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: projects.config.openshift.io
 spec:
  group: config.openshift.io
  scope: Cluster
  preserveUnknownFields: false
  versions:
  - name: v1
    served: true
    storage: true
  names:
    kind: Project
    listKind: ProjectList
    plural: projects
    singular: project
  subresources:
    status: {}
  "validation":
    "openAPIV3Schema":
      description: Project holds cluster-wide information about Project.  The canonical
        name is `cluster`
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration
          type: object
          properties:
            projectRequestMessage:
              description: projectRequestMessage is the string presented to a user
                if they are unable to request a project via the projectrequest api
                endpoint
              type: string
            projectRequestTemplate:
              description: projectRequestTemplate is the template to use for creating
                projects in response to projectrequest. This must point to a template
                in 'openshift-config' namespace. It is optional. If it is not specified,
                a default template is used.
              type: object
              properties:
                name:
                  description: name is the metadata.name of the referenced project
                    request template
                  type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml
@ -1,88 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: schedulers.config.openshift.io
 spec:
  group: config.openshift.io
  scope: Cluster
  preserveUnknownFields: false
  names:
    kind: Scheduler
    singular: scheduler
    plural: schedulers
    listKind: SchedulerList
  versions:
  - name: v1
    served: true
    storage: true
  subresources:
    status: {}
  "validation":
    "openAPIV3Schema":
      description: Scheduler holds cluster-wide config information to run the Kubernetes
        Scheduler and influence its placement decisions. The canonical name for this
        config is `cluster`.
      type: object
      required:
      - spec
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: spec holds user settable values for configuration
          type: object
          properties:
            defaultNodeSelector:
              description: 'defaultNodeSelector helps set the cluster-wide default
                node selector to restrict pod placement to specific nodes. This is
                applied to the pods created in all namespaces without a specified
                nodeSelector value. For example, defaultNodeSelector: "type=user-node,region=east"
                would set nodeSelector field in pod spec to "type=user-node,region=east"
                to all pods created in all namespaces. Namespaces having project-wide
                node selectors won''t be impacted even if this field is set. This
                adds an annotation section to the namespace. For example, if a new
                namespace is created with node-selector=''type=user-node,region=east'',
                the annotation openshift.io/node-selector: type=user-node,region=east
                gets added to the project. When the openshift.io/node-selector annotation
                is set on the project the value is used in preference to the value
                we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector:
                "type=user-node,region=west" means that the default of "type=user-node,region=east"
                set in defaultNodeSelector would not be applied.'
              type: string
            mastersSchedulable:
              description: 'MastersSchedulable allows masters nodes to be schedulable.
                When this flag is turned on, all the master nodes in the cluster will
                be made schedulable, so that workload pods can run on them. The default
                value for this field is false, meaning none of the master nodes are
                schedulable. Important Note: Once the workload pods start running
                on the master nodes, extreme care must be taken to ensure that cluster-critical
                control plane components are not impacted. Please turn on this field
                after doing due diligence.'
              type: boolean
            policy:
              description: policy is a reference to a ConfigMap containing scheduler
                policy which has user specified predicates and priorities. If this
                ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider.
                The namespace for this configmap is openshift-config.
              type: object
              required:
              - name
              properties:
                name:
                  description: name is the metadata.name of the referenced config
                    map
                  type: string
        status:
          description: status holds observed values from the cluster. They may not
            be overridden.
          type: object
--- a/vendor/github.com/openshift/api/config/v1/doc.go
+++ b/vendor/github.com/openshift/api/config/v1/doc.go
@ -1,8 +0,0 @@
 // +k8s:deepcopy-gen=package,register
 // +k8s:defaulter-gen=TypeMeta
 // +k8s:openapi-gen=true
 // +kubebuilder:validation:Optional
 // +groupName=config.openshift.io
 // Package v1 is the v1 version of the API.
 package v1
--- a/vendor/github.com/openshift/api/config/v1/register.go
+++ b/vendor/github.com/openshift/api/config/v1/register.go
@ -1,70 +0,0 @@
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 var (
 	GroupName     = "config.openshift.io"
 	GroupVersion  = schema.GroupVersion{Group: GroupName, Version: "v1"}
 	schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
 	// Install is a function which adds this version to a scheme
 	Install = schemeBuilder.AddToScheme
 	// SchemeGroupVersion generated code relies on this name
 	// Deprecated
 	SchemeGroupVersion = GroupVersion
 	// AddToScheme exists solely to keep the old generators creating valid code
 	// DEPRECATED
 	AddToScheme = schemeBuilder.AddToScheme
 )
 // Resource generated code relies on this being here, but it logically belongs to the group
 // DEPRECATED
 func Resource(resource string) schema.GroupResource {
 	return schema.GroupResource{Group: GroupName, Resource: resource}
 }
 // Adds the list of known types to api.Scheme.
 func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(GroupVersion,
 		&APIServer{},
 		&APIServerList{},
 		&Authentication{},
 		&AuthenticationList{},
 		&Build{},
 		&BuildList{},
 		&ClusterOperator{},
 		&ClusterOperatorList{},
 		&ClusterVersion{},
 		&ClusterVersionList{},
 		&Console{},
 		&ConsoleList{},
 		&DNS{},
 		&DNSList{},
 		&FeatureGate{},
 		&FeatureGateList{},
 		&Image{},
 		&ImageList{},
 		&Infrastructure{},
 		&InfrastructureList{},
 		&Ingress{},
 		&IngressList{},
 		&Network{},
 		&NetworkList{},
 		&OAuth{},
 		&OAuthList{},
 		&OperatorHub{},
 		&OperatorHubList{},
 		&Project{},
 		&ProjectList{},
 		&Proxy{},
 		&ProxyList{},
 		&Scheduler{},
 		&SchedulerList{},
 	)
 	metav1.AddToGroupVersion(scheme, GroupVersion)
 	return nil
 }
--- a/vendor/github.com/openshift/api/config/v1/stringsource.go
+++ b/vendor/github.com/openshift/api/config/v1/stringsource.go
@ -1,31 +0,0 @@
 package v1
 import "encoding/json"
 // UnmarshalJSON implements the json.Unmarshaller interface.
 // If the value is a string, it sets the Value field of the StringSource.
 // Otherwise, it is unmarshaled into the StringSourceSpec struct
 func (s *StringSource) UnmarshalJSON(value []byte) error {
 	// If we can unmarshal to a simple string, just set the value
 	var simpleValue string
 	if err := json.Unmarshal(value, &simpleValue); err == nil {
 		s.Value = simpleValue
 		return nil
 	}
 	// Otherwise do the full struct unmarshal
 	return json.Unmarshal(value, &s.StringSourceSpec)
 }
 // MarshalJSON implements the json.Marshaller interface.
 // If the StringSource contains only a string Value (or is empty), it is marshaled as a JSON string.
 // Otherwise, the StringSourceSpec struct is marshaled as a JSON object.
 func (s *StringSource) MarshalJSON() ([]byte, error) {
 	// If we have only a cleartext value set, do a simple string marshal
 	if s.StringSourceSpec == (StringSourceSpec{Value: s.Value}) {
 		return json.Marshal(s.Value)
 	}
 	// Otherwise do the full struct marshal of the externalized bits
 	return json.Marshal(s.StringSourceSpec)
 }
--- a/vendor/github.com/openshift/api/config/v1/types.go
+++ b/vendor/github.com/openshift/api/config/v1/types.go
@ -1,312 +0,0 @@
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 )
 // ConfigMapFileReference references a config map in a specific namespace.
 // The namespace must be specified at the point of use.
 type ConfigMapFileReference struct {
 	Name string `json:"name"`
 	// Key allows pointing to a specific key/value inside of the configmap.  This is useful for logical file references.
 	Key string `json:"key,omitempty"`
 }
 // ConfigMapNameReference references a config map in a specific namespace.
 // The namespace must be specified at the point of use.
 type ConfigMapNameReference struct {
 	// name is the metadata.name of the referenced config map
 	// +kubebuilder:validation:Required
 	// +required
 	Name string `json:"name"`
 }
 // SecretNameReference references a secret in a specific namespace.
 // The namespace must be specified at the point of use.
 type SecretNameReference struct {
 	// name is the metadata.name of the referenced secret
 	// +kubebuilder:validation:Required
 	// +required
 	Name string `json:"name"`
 }
 // HTTPServingInfo holds configuration for serving HTTP
 type HTTPServingInfo struct {
 	// ServingInfo is the HTTP serving information
 	ServingInfo `json:",inline"`
 	// MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.
 	MaxRequestsInFlight int64 `json:"maxRequestsInFlight"`
 	// RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if
 	// -1 there is no limit on requests.
 	RequestTimeoutSeconds int64 `json:"requestTimeoutSeconds"`
 }
 // ServingInfo holds information about serving web pages
 type ServingInfo struct {
 	// BindAddress is the ip:port to serve on
 	BindAddress string `json:"bindAddress"`
 	// BindNetwork is the type of network to bind to - defaults to "tcp4", accepts "tcp",
 	// "tcp4", and "tcp6"
 	BindNetwork string `json:"bindNetwork"`
 	// CertInfo is the TLS cert info for serving secure traffic.
 	// this is anonymous so that we can inline it for serialization
 	CertInfo `json:",inline"`
 	// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
 	// +optional
 	ClientCA string `json:"clientCA,omitempty"`
 	// NamedCertificates is a list of certificates to use to secure requests to specific hostnames
 	NamedCertificates []NamedCertificate `json:"namedCertificates,omitempty"`
 	// MinTLSVersion is the minimum TLS version supported.
 	// Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
 	MinTLSVersion string `json:"minTLSVersion,omitempty"`
 	// CipherSuites contains an overridden list of ciphers for the server to support.
 	// Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants
 	CipherSuites []string `json:"cipherSuites,omitempty"`
 }
 // CertInfo relates a certificate with a private key
 type CertInfo struct {
 	// CertFile is a file containing a PEM-encoded certificate
 	CertFile string `json:"certFile"`
 	// KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile
 	KeyFile string `json:"keyFile"`
 }
 // NamedCertificate specifies a certificate/key, and the names it should be served for
 type NamedCertificate struct {
 	// Names is a list of DNS names this certificate should be used to secure
 	// A name can be a normal DNS name, or can contain leading wildcard segments.
 	Names []string `json:"names,omitempty"`
 	// CertInfo is the TLS cert info for serving secure traffic
 	CertInfo `json:",inline"`
 }
 // LeaderElection provides information to elect a leader
 type LeaderElection struct {
 	// disable allows leader election to be suspended while allowing a fully defaulted "normal" startup case.
 	Disable bool `json:"disable,omitempty"`
 	// namespace indicates which namespace the resource is in
 	Namespace string `json:"namespace,omitempty"`
 	// name indicates what name to use for the resource
 	Name string `json:"name,omitempty"`
 	// leaseDuration is the duration that non-leader candidates will wait
 	// after observing a leadership renewal until attempting to acquire
 	// leadership of a led but unrenewed leader slot. This is effectively the
 	// maximum duration that a leader can be stopped before it is replaced
 	// by another candidate. This is only applicable if leader election is
 	// enabled.
 	// +nullable
 	LeaseDuration metav1.Duration `json:"leaseDuration"`
 	// renewDeadline is the interval between attempts by the acting master to
 	// renew a leadership slot before it stops leading. This must be less
 	// than or equal to the lease duration. This is only applicable if leader
 	// election is enabled.
 	// +nullable
 	RenewDeadline metav1.Duration `json:"renewDeadline"`
 	// retryPeriod is the duration the clients should wait between attempting
 	// acquisition and renewal of a leadership. This is only applicable if
 	// leader election is enabled.
 	// +nullable
 	RetryPeriod metav1.Duration `json:"retryPeriod"`
 }
 // StringSource allows specifying a string inline, or externally via env var or file.
 // When it contains only a string value, it marshals to a simple JSON string.
 type StringSource struct {
 	// StringSourceSpec specifies the string value, or external location
 	StringSourceSpec `json:",inline"`
 }
 // StringSourceSpec specifies a string value, or external location
 type StringSourceSpec struct {
 	// Value specifies the cleartext value, or an encrypted value if keyFile is specified.
 	Value string `json:"value"`
 	// Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.
 	Env string `json:"env"`
 	// File references a file containing the cleartext value, or an encrypted value if a keyFile is specified.
 	File string `json:"file"`
 	// KeyFile references a file containing the key to use to decrypt the value.
 	KeyFile string `json:"keyFile"`
 }
 // RemoteConnectionInfo holds information necessary for establishing a remote connection
 type RemoteConnectionInfo struct {
 	// URL is the remote URL to connect to
 	URL string `json:"url"`
 	// CA is the CA for verifying TLS connections
 	CA string `json:"ca"`
 	// CertInfo is the TLS client cert information to present
 	// this is anonymous so that we can inline it for serialization
 	CertInfo `json:",inline"`
 }
 type AdmissionConfig struct {
 	PluginConfig map[string]AdmissionPluginConfig `json:"pluginConfig,omitempty"`
 	// enabledPlugins is a list of admission plugins that must be on in addition to the default list.
 	// Some admission plugins are disabled by default, but certain configurations require them.  This is fairly uncommon
 	// and can result in performance penalties and unexpected behavior.
 	EnabledAdmissionPlugins []string `json:"enabledPlugins,omitempty"`
 	// disabledPlugins is a list of admission plugins that must be off.  Putting something in this list
 	// is almost always a mistake and likely to result in cluster instability.
 	DisabledAdmissionPlugins []string `json:"disabledPlugins,omitempty"`
 }
 // AdmissionPluginConfig holds the necessary configuration options for admission plugins
 type AdmissionPluginConfig struct {
 	// Location is the path to a configuration file that contains the plugin's
 	// configuration
 	Location string `json:"location"`
 	// Configuration is an embedded configuration object to be used as the plugin's
 	// configuration. If present, it will be used instead of the path to the configuration file.
 	// +nullable
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Configuration runtime.RawExtension `json:"configuration"`
 }
 type LogFormatType string
 type WebHookModeType string
 const (
 	// LogFormatLegacy saves event in 1-line text format.
 	LogFormatLegacy LogFormatType = "legacy"
 	// LogFormatJson saves event in structured json format.
 	LogFormatJson LogFormatType = "json"
 	// WebHookModeBatch indicates that the webhook should buffer audit events
 	// internally, sending batch updates either once a certain number of
 	// events have been received or a certain amount of time has passed.
 	WebHookModeBatch WebHookModeType = "batch"
 	// WebHookModeBlocking causes the webhook to block on every attempt to process
 	// a set of events. This causes requests to the API server to wait for a
 	// round trip to the external audit service before sending a response.
 	WebHookModeBlocking WebHookModeType = "blocking"
 )
 // AuditConfig holds configuration for the audit capabilities
 type AuditConfig struct {
 	// If this flag is set, audit log will be printed in the logs.
 	// The logs contains, method, user and a requested URL.
 	Enabled bool `json:"enabled"`
 	// All requests coming to the apiserver will be logged to this file.
 	AuditFilePath string `json:"auditFilePath"`
 	// Maximum number of days to retain old log files based on the timestamp encoded in their filename.
 	MaximumFileRetentionDays int32 `json:"maximumFileRetentionDays"`
 	// Maximum number of old log files to retain.
 	MaximumRetainedFiles int32 `json:"maximumRetainedFiles"`
 	// Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.
 	MaximumFileSizeMegabytes int32 `json:"maximumFileSizeMegabytes"`
 	// PolicyFile is a path to the file that defines the audit policy configuration.
 	PolicyFile string `json:"policyFile"`
 	// PolicyConfiguration is an embedded policy configuration object to be used
 	// as the audit policy configuration. If present, it will be used instead of
 	// the path to the policy file.
 	// +nullable
 	// +kubebuilder:pruning:PreserveUnknownFields
 	PolicyConfiguration runtime.RawExtension `json:"policyConfiguration"`
 	// Format of saved audits (legacy or json).
 	LogFormat LogFormatType `json:"logFormat"`
 	// Path to a .kubeconfig formatted file that defines the audit webhook configuration.
 	WebHookKubeConfig string `json:"webHookKubeConfig"`
 	// Strategy for sending audit events (block or batch).
 	WebHookMode WebHookModeType `json:"webHookMode"`
 }
 // EtcdConnectionInfo holds information necessary for connecting to an etcd server
 type EtcdConnectionInfo struct {
 	// URLs are the URLs for etcd
 	URLs []string `json:"urls,omitempty"`
 	// CA is a file containing trusted roots for the etcd server certificates
 	CA string `json:"ca"`
 	// CertInfo is the TLS client cert information for securing communication to etcd
 	// this is anonymous so that we can inline it for serialization
 	CertInfo `json:",inline"`
 }
 type EtcdStorageConfig struct {
 	EtcdConnectionInfo `json:",inline"`
 	// StoragePrefix is the path within etcd that the OpenShift resources will
 	// be rooted under. This value, if changed, will mean existing objects in etcd will
 	// no longer be located.
 	StoragePrefix string `json:"storagePrefix"`
 }
 // GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd
 type GenericAPIServerConfig struct {
 	// servingInfo describes how to start serving
 	ServingInfo HTTPServingInfo `json:"servingInfo"`
 	// corsAllowedOrigins
 	CORSAllowedOrigins []string `json:"corsAllowedOrigins"`
 	// auditConfig describes how to configure audit information
 	AuditConfig AuditConfig `json:"auditConfig"`
 	// storageConfig contains information about how to use
 	StorageConfig EtcdStorageConfig `json:"storageConfig"`
 	// admissionConfig holds information about how to configure admission.
 	AdmissionConfig AdmissionConfig `json:"admission"`
 	KubeClientConfig KubeClientConfig `json:"kubeClientConfig"`
 }
 type KubeClientConfig struct {
 	// kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver.  Empty uses an in-cluster-config
 	KubeConfig string `json:"kubeConfig"`
 	// connectionOverrides specifies client overrides for system components to loop back to this master.
 	ConnectionOverrides ClientConnectionOverrides `json:"connectionOverrides"`
 }
 type ClientConnectionOverrides struct {
 	// acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
 	// default value of 'application/json'. This field will control all connections to the server used by a particular
 	// client.
 	AcceptContentTypes string `json:"acceptContentTypes"`
 	// contentType is the content type used when sending data to the server from this client.
 	ContentType string `json:"contentType"`
 	// qps controls the number of queries per second allowed for this connection.
 	QPS float32 `json:"qps"`
 	// burst allows extra queries to accumulate when a client is exceeding its rate.
 	Burst int32 `json:"burst"`
 }
 // GenericControllerConfig provides information to configure a controller
 type GenericControllerConfig struct {
 	// ServingInfo is the HTTP serving information for the controller's endpoints
 	ServingInfo HTTPServingInfo `json:"servingInfo"`
 	// leaderElection provides information to elect a leader. Only override this if you have a specific need
 	LeaderElection LeaderElection `json:"leaderElection"`
 	// authentication allows configuration of authentication for the endpoints
 	Authentication DelegatedAuthentication `json:"authentication"`
 	// authorization allows configuration of authentication for the endpoints
 	Authorization DelegatedAuthorization `json:"authorization"`
 }
 // DelegatedAuthentication allows authentication to be disabled.
 type DelegatedAuthentication struct {
 	// disabled indicates that authentication should be disabled.  By default it will use delegated authentication.
 	Disabled bool `json:"disabled,omitempty"`
 }
 // DelegatedAuthorization allows authorization to be disabled.
 type DelegatedAuthorization struct {
 	// disabled indicates that authorization should be disabled.  By default it will use delegated authorization.
 	Disabled bool `json:"disabled,omitempty"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go
+++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go
@ -1,118 +0,0 @@
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // APIServer holds configuration (like serving certificates, client CA and CORS domains)
 // shared by all API servers in the system, among them especially kube-apiserver
 // and openshift-apiserver. The canonical name of an instance is 'cluster'.
 type APIServer struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// +kubebuilder:validation:Required
 	// +required
 	Spec APIServerSpec `json:"spec"`
 	// +optional
 	Status APIServerStatus `json:"status"`
 }
 type APIServerSpec struct {
 	// servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates
 	// will be used for serving secure traffic.
 	// +optional
 	ServingCerts APIServerServingCerts `json:"servingCerts"`
 	// clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for
 	// incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid.
 	// You usually only have to set this if you have your own PKI you wish to honor client certificates from.
 	// The ConfigMap must exist in the openshift-config namespace and contain the following required fields:
 	// - ConfigMap.Data["ca-bundle.crt"] - CA bundle.
 	// +optional
 	ClientCA ConfigMapNameReference `json:"clientCA"`
 	// additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the
 	// API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth
 	// server from JavaScript applications.
 	// The values are regular expressions that correspond to the Golang regular expression language.
 	// +optional
 	AdditionalCORSAllowedOrigins []string `json:"additionalCORSAllowedOrigins,omitempty"`
 	// encryption allows the configuration of encryption of resources at the datastore layer.
 	// +optional
 	Encryption APIServerEncryption `json:"encryption"`
 	// tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.
 	//
 	// If unset, a default (which may change between releases) is chosen. Note that only Old and
 	// Intermediate profiles are currently supported, and the maximum available MinTLSVersions
 	// is VersionTLS12.
 	// +optional
 	TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"`
 }
 type APIServerServingCerts struct {
 	// namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames.
 	// If no named certificates are provided, or no named certificates match the server name as understood by a client,
 	// the defaultServingCertificate will be used.
 	// +optional
 	NamedCertificates []APIServerNamedServingCert `json:"namedCertificates,omitempty"`
 }
 // APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
 type APIServerNamedServingCert struct {
 	// names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to
 	// serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates.
 	// Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
 	// +optional
 	Names []string `json:"names,omitempty"`
 	// servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic.
 	// The secret must exist in the openshift-config namespace and contain the following required fields:
 	// - Secret.Data["tls.key"] - TLS private key.
 	// - Secret.Data["tls.crt"] - TLS certificate.
 	ServingCertificate SecretNameReference `json:"servingCertificate"`
 }
 type APIServerEncryption struct {
 	// type defines what encryption type should be used to encrypt resources at the datastore layer.
 	// When this field is unset (i.e. when it is set to the empty string), identity is implied.
 	// The behavior of unset can and will change over time.  Even if encryption is enabled by default,
 	// the meaning of unset may change to a different encryption type based on changes in best practices.
 	//
 	// When encryption is enabled, all sensitive resources shipped with the platform are encrypted.
 	// This list of sensitive resources can and will change over time.  The current authoritative list is:
 	//
 	//   1. secrets
 	//   2. configmaps
 	//   3. routes.route.openshift.io
 	//   4. oauthaccesstokens.oauth.openshift.io
 	//   5. oauthauthorizetokens.oauth.openshift.io
 	//
 	// +unionDiscriminator
 	// +optional
 	Type EncryptionType `json:"type,omitempty"`
 }
 // +kubebuilder:validation:Enum="";identity;aescbc
 type EncryptionType string
 const (
 	// identity refers to a type where no encryption is performed at the datastore layer.
 	// Resources are written as-is without encryption.
 	EncryptionTypeIdentity EncryptionType = "identity"
 	// aescbc refers to a type where AES-CBC with PKCS#7 padding and a 32-byte key
 	// is used to perform encryption at the datastore layer.
 	EncryptionTypeAESCBC EncryptionType = "aescbc"
 )
 type APIServerStatus struct {
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type APIServerList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items           []APIServer `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_authentication.go
+++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go
@ -1,118 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Authentication specifies cluster-wide settings for authentication (like OAuth and
 // webhook token authenticators). The canonical name of an instance is `cluster`.
 type Authentication struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec AuthenticationSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status AuthenticationStatus `json:"status"`
 }
 type AuthenticationSpec struct {
 	// type identifies the cluster managed, user facing authentication mode in use.
 	// Specifically, it manages the component that responds to login attempts.
 	// The default is IntegratedOAuth.
 	// +optional
 	Type AuthenticationType `json:"type"`
 	// oauthMetadata contains the discovery endpoint data for OAuth 2.0
 	// Authorization Server Metadata for an external OAuth server.
 	// This discovery document can be viewed from its served location:
 	// oc get --raw '/.well-known/oauth-authorization-server'
 	// For further details, see the IETF Draft:
 	// https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
 	// If oauthMetadata.name is non-empty, this value has precedence
 	// over any metadata reference stored in status.
 	// The key "oauthMetadata" is used to locate the data.
 	// If specified and the config map or expected key is not found, no metadata is served.
 	// If the specified metadata is not valid, no metadata is served.
 	// The namespace for this config map is openshift-config.
 	// +optional
 	OAuthMetadata ConfigMapNameReference `json:"oauthMetadata"`
 	// webhookTokenAuthenticators configures remote token reviewers.
 	// These remote authentication webhooks can be used to verify bearer tokens
 	// via the tokenreviews.authentication.k8s.io REST API.  This is required to
 	// honor bearer tokens that are provisioned by an external authentication service.
 	// The namespace for these secrets is openshift-config.
 	// +optional
 	WebhookTokenAuthenticators []WebhookTokenAuthenticator `json:"webhookTokenAuthenticators,omitempty"`
 }
 type AuthenticationStatus struct {
 	// integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0
 	// Authorization Server Metadata for the in-cluster integrated OAuth server.
 	// This discovery document can be viewed from its served location:
 	// oc get --raw '/.well-known/oauth-authorization-server'
 	// For further details, see the IETF Draft:
 	// https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
 	// This contains the observed value based on cluster state.
 	// An explicitly set value in spec.oauthMetadata has precedence over this field.
 	// This field has no meaning if authentication spec.type is not set to IntegratedOAuth.
 	// The key "oauthMetadata" is used to locate the data.
 	// If the config map or expected key is not found, no metadata is served.
 	// If the specified metadata is not valid, no metadata is served.
 	// The namespace for this config map is openshift-config-managed.
 	IntegratedOAuthMetadata ConfigMapNameReference `json:"integratedOAuthMetadata"`
 	// TODO if we add support for an in-cluster operator managed Keycloak instance
 	// KeycloakOAuthMetadata ConfigMapNameReference `json:"keycloakOAuthMetadata"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type AuthenticationList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Authentication `json:"items"`
 }
 type AuthenticationType string
 const (
 	// None means that no cluster managed authentication system is in place.
 	// Note that user login will only work if a manually configured system is in place and
 	// referenced in authentication spec via oauthMetadata and webhookTokenAuthenticators.
 	AuthenticationTypeNone AuthenticationType = "None"
 	// IntegratedOAuth refers to the cluster managed OAuth server.
 	// It is configured via the top level OAuth config.
 	AuthenticationTypeIntegratedOAuth AuthenticationType = "IntegratedOAuth"
 	// TODO if we add support for an in-cluster operator managed Keycloak instance
 	// AuthenticationTypeKeycloak AuthenticationType = "Keycloak"
 )
 // webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator
 type WebhookTokenAuthenticator struct {
 	// kubeConfig contains kube config file data which describes how to access the remote webhook service.
 	// For further details, see:
 	// https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
 	// The key "kubeConfig" is used to locate the data.
 	// If the secret or expected key is not found, the webhook is not honored.
 	// If the specified kube config data is not valid, the webhook is not honored.
 	// The namespace for this secret is determined by the point of use.
 	KubeConfig SecretNameReference `json:"kubeConfig"`
 }
 const (
 	// OAuthMetadataKey is the key for the oauth authorization server metadata
 	OAuthMetadataKey = "oauthMetadata"
 	// KubeConfigKey is the key for the kube config file data in a secret
 	KubeConfigKey = "kubeConfig"
 )
--- a/vendor/github.com/openshift/api/config/v1/types_build.go
+++ b/vendor/github.com/openshift/api/config/v1/types_build.go
@ -1,109 +0,0 @@
 package v1
 import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Build configures the behavior of OpenShift builds for the entire cluster.
 // This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.
 //
 // The canonical name is "cluster"
 type Build struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// Spec holds user-settable values for the build controller configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec BuildSpec `json:"spec"`
 }
 type BuildSpec struct {
 	// AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that
 	// should be trusted for image pushes and pulls during builds.
 	// The namespace for this config map is openshift-config.
 	//
 	// DEPRECATED: Additional CAs for image pull and push should be set on
 	// image.config.openshift.io/cluster instead.
 	//
 	// +optional
 	AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"`
 	// BuildDefaults controls the default information for Builds
 	// +optional
 	BuildDefaults BuildDefaults `json:"buildDefaults"`
 	// BuildOverrides controls override settings for builds
 	// +optional
 	BuildOverrides BuildOverrides `json:"buildOverrides"`
 }
 type BuildDefaults struct {
 	// DefaultProxy contains the default proxy settings for all build operations, including image pull/push
 	// and source download.
 	//
 	// Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables
 	// in the build config's strategy.
 	// +optional
 	DefaultProxy *ProxySpec `json:"defaultProxy,omitempty"`
 	// GitProxy contains the proxy settings for git operations only. If set, this will override
 	// any Proxy settings for all git commands, such as git clone.
 	//
 	// Values that are not set here will be inherited from DefaultProxy.
 	// +optional
 	GitProxy *ProxySpec `json:"gitProxy,omitempty"`
 	// Env is a set of default environment variables that will be applied to the
 	// build if the specified variables do not exist on the build
 	// +optional
 	Env []corev1.EnvVar `json:"env,omitempty"`
 	// ImageLabels is a list of docker labels that are applied to the resulting image.
 	// User can override a default label by providing a label with the same name in their
 	// Build/BuildConfig.
 	// +optional
 	ImageLabels []ImageLabel `json:"imageLabels,omitempty"`
 	// Resources defines resource requirements to execute the build.
 	// +optional
 	Resources corev1.ResourceRequirements `json:"resources"`
 }
 type ImageLabel struct {
 	// Name defines the name of the label. It must have non-zero length.
 	Name string `json:"name"`
 	// Value defines the literal value of the label.
 	// +optional
 	Value string `json:"value,omitempty"`
 }
 type BuildOverrides struct {
 	// ImageLabels is a list of docker labels that are applied to the resulting image.
 	// If user provided a label in their Build/BuildConfig with the same name as one in this
 	// list, the user's label will be overwritten.
 	// +optional
 	ImageLabels []ImageLabel `json:"imageLabels,omitempty"`
 	// NodeSelector is a selector which must be true for the build pod to fit on a node
 	// +optional
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 	// Tolerations is a list of Tolerations that will override any existing
 	// tolerations set on a build pod.
 	// +optional
 	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type BuildList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Build `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go
+++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go
@ -1,184 +0,0 @@
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // ClusterOperator is the Custom Resource object which holds the current state
 // of an operator. This object is used by operators to convey their state to
 // the rest of the cluster.
 type ClusterOperator struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata"`
 	// spec holds configuration that could apply to any operator.
 	// +kubebuilder:validation:Required
 	// +required
 	Spec ClusterOperatorSpec `json:"spec"`
 	// status holds the information about the state of an operator.  It is consistent with status information across
 	// the Kubernetes ecosystem.
 	// +optional
 	Status ClusterOperatorStatus `json:"status"`
 }
 // ClusterOperatorSpec is empty for now, but you could imagine holding information like "pause".
 type ClusterOperatorSpec struct {
 }
 // ClusterOperatorStatus provides information about the status of the operator.
 // +k8s:deepcopy-gen=true
 type ClusterOperatorStatus struct {
 	// conditions describes the state of the operator's managed and monitored components.
 	// +patchMergeKey=type
 	// +patchStrategy=merge
 	// +optional
 	Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty"  patchStrategy:"merge" patchMergeKey:"type"`
 	// versions is a slice of operator and operand version tuples.  Operators which manage multiple operands will have multiple
 	// operand entries in the array.  Available operators must report the version of the operator itself with the name "operator".
 	// An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
 	// +optional
 	Versions []OperandVersion `json:"versions,omitempty"`
 	// relatedObjects is a list of objects that are "interesting" or related to this operator.  Common uses are:
 	// 1. the detailed resource driving the operator
 	// 2. operator namespaces
 	// 3. operand namespaces
 	// +optional
 	RelatedObjects []ObjectReference `json:"relatedObjects,omitempty"`
 	// extension contains any additional status information specific to the
 	// operator which owns this status object.
 	// +nullable
 	// +optional
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Extension runtime.RawExtension `json:"extension"`
 }
 type OperandVersion struct {
 	// name is the name of the particular operand this version is for.  It usually matches container images, not operators.
 	// +kubebuilder:validation:Required
 	// +required
 	Name string `json:"name"`
 	// version indicates which version of a particular operand is currently being managed.  It must always match the Available
 	// operand.  If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout
 	// 1.1.0
 	// +kubebuilder:validation:Required
 	// +required
 	Version string `json:"version"`
 }
 // ObjectReference contains enough information to let you inspect or modify the referred object.
 type ObjectReference struct {
 	// group of the referent.
 	// +kubebuilder:validation:Required
 	// +required
 	Group string `json:"group"`
 	// resource of the referent.
 	// +kubebuilder:validation:Required
 	// +required
 	Resource string `json:"resource"`
 	// namespace of the referent.
 	// +optional
 	Namespace string `json:"namespace,omitempty"`
 	// name of the referent.
 	// +kubebuilder:validation:Required
 	// +required
 	Name string `json:"name"`
 }
 type ConditionStatus string
 // These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
 // "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
 // can't decide if a resource is in the condition or not. In the future, we could add other
 // intermediate conditions, e.g. ConditionDegraded.
 const (
 	ConditionTrue    ConditionStatus = "True"
 	ConditionFalse   ConditionStatus = "False"
 	ConditionUnknown ConditionStatus = "Unknown"
 )
 // ClusterOperatorStatusCondition represents the state of the operator's
 // managed and monitored components.
 // +k8s:deepcopy-gen=true
 type ClusterOperatorStatusCondition struct {
 	// type specifies the aspect reported by this condition.
 	// +kubebuilder:validation:Required
 	// +required
 	Type ClusterStatusConditionType `json:"type"`
 	// status of the condition, one of True, False, Unknown.
 	// +kubebuilder:validation:Required
 	// +required
 	Status ConditionStatus `json:"status"`
 	// lastTransitionTime is the time of the last update to the current status property.
 	// +kubebuilder:validation:Required
 	// +required
 	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
 	// reason is the CamelCase reason for the condition's current status.
 	// +optional
 	Reason string `json:"reason,omitempty"`
 	// message provides additional information about the current condition.
 	// This is only to be consumed by humans.
 	// +optional
 	Message string `json:"message,omitempty"`
 }
 // ClusterStatusConditionType is an aspect of operator state.
 type ClusterStatusConditionType string
 const (
 	// Available indicates that the operand (eg: openshift-apiserver for the
 	// openshift-apiserver-operator), is functional and available in the cluster.
 	OperatorAvailable ClusterStatusConditionType = "Available"
 	// Progressing indicates that the operator is actively rolling out new code,
 	// propagating config changes, or otherwise moving from one steady state to
 	// another.  Operators should not report progressing when they are reconciling
 	// a previously known state.
 	OperatorProgressing ClusterStatusConditionType = "Progressing"
 	// Degraded indicates that the operator's current state does not match its
 	// desired state over a period of time resulting in a lower quality of service.
 	// The period of time may vary by component, but a Degraded state represents
 	// persistent observation of a condition.  As a result, a component should not
 	// oscillate in and out of Degraded state.  A service may be Available even
 	// if its degraded.  For example, your service may desire 3 running pods, but 1
 	// pod is crash-looping.  The service is Available but Degraded because it
 	// may have a lower quality of service.  A component may be Progressing but
 	// not Degraded because the transition from one state to another does not
 	// persist over a long enough period to report Degraded.  A service should not
 	// report Degraded during the course of a normal upgrade.  A service may report
 	// Degraded in response to a persistent infrastructure failure that requires
 	// administrator intervention.  For example, if a control plane host is unhealthy
 	// and must be replaced.  An operator should report Degraded if unexpected
 	// errors occur over a period, but the expectation is that all unexpected errors
 	// are handled as operators mature.
 	OperatorDegraded ClusterStatusConditionType = "Degraded"
 	// Upgradeable indicates whether the operator is in a state that is safe to upgrade. When status is `False`
 	// administrators should not upgrade their cluster and the message field should contain a human readable description
 	// of what the administrator should do to allow the operator to successfully update.  A missing condition, True,
 	// and Unknown are all treated by the CVO as allowing an upgrade.
 	OperatorUpgradeable ClusterStatusConditionType = "Upgradeable"
 )
 // ClusterOperatorList is a list of OperatorStatus resources.
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type ClusterOperatorList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []ClusterOperator `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go
+++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go
@ -1,267 +0,0 @@
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // ClusterVersion is the configuration for the ClusterVersionOperator. This is where
 // parameters related to automatic updates can be set.
 type ClusterVersion struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec is the desired state of the cluster version - the operator will work
 	// to ensure that the desired version is applied to the cluster.
 	// +kubebuilder:validation:Required
 	// +required
 	Spec ClusterVersionSpec `json:"spec"`
 	// status contains information about the available updates and any in-progress
 	// updates.
 	// +optional
 	Status ClusterVersionStatus `json:"status"`
 }
 // ClusterVersionSpec is the desired version state of the cluster. It includes
 // the version the cluster should be at, how the cluster is identified, and
 // where the cluster should look for version updates.
 // +k8s:deepcopy-gen=true
 type ClusterVersionSpec struct {
 	// clusterID uniquely identifies this cluster. This is expected to be
 	// an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in
 	// hexadecimal values). This is a required field.
 	// +kubebuilder:validation:Required
 	// +required
 	ClusterID ClusterID `json:"clusterID"`
 	// desiredUpdate is an optional field that indicates the desired value of
 	// the cluster version. Setting this value will trigger an upgrade (if
 	// the current version does not match the desired version). The set of
 	// recommended update values is listed as part of available updates in
 	// status, and setting values outside that range may cause the upgrade
 	// to fail. You may specify the version field without setting image if
 	// an update exists with that version in the availableUpdates or history.
 	//
 	// If an upgrade fails the operator will halt and report status
 	// about the failing component. Setting the desired update value back to
 	// the previous version will cause a rollback to be attempted. Not all
 	// rollbacks will succeed.
 	//
 	// +optional
 	DesiredUpdate *Update `json:"desiredUpdate,omitempty"`
 	// upstream may be used to specify the preferred update server. By default
 	// it will use the appropriate update server for the cluster and region.
 	//
 	// +optional
 	Upstream URL `json:"upstream,omitempty"`
 	// channel is an identifier for explicitly requesting that a non-default
 	// set of updates be applied to this cluster. The default channel will be
 	// contain stable updates that are appropriate for production clusters.
 	//
 	// +optional
 	Channel string `json:"channel,omitempty"`
 	// overrides is list of overides for components that are managed by
 	// cluster version operator. Marking a component unmanaged will prevent
 	// the operator from creating or updating the object.
 	// +optional
 	Overrides []ComponentOverride `json:"overrides,omitempty"`
 }
 // ClusterVersionStatus reports the status of the cluster versioning,
 // including any upgrades that are in progress. The current field will
 // be set to whichever version the cluster is reconciling to, and the
 // conditions array will report whether the update succeeded, is in
 // progress, or is failing.
 // +k8s:deepcopy-gen=true
 type ClusterVersionStatus struct {
 	// desired is the version that the cluster is reconciling towards.
 	// If the cluster is not yet fully initialized desired will be set
 	// with the information available, which may be an image or a tag.
 	// +kubebuilder:validation:Required
 	// +required
 	Desired Update `json:"desired"`
 	// history contains a list of the most recent versions applied to the cluster.
 	// This value may be empty during cluster startup, and then will be updated
 	// when a new update is being applied. The newest update is first in the
 	// list and it is ordered by recency. Updates in the history have state
 	// Completed if the rollout completed - if an update was failing or halfway
 	// applied the state will be Partial. Only a limited amount of update history
 	// is preserved.
 	// +optional
 	History []UpdateHistory `json:"history,omitempty"`
 	// observedGeneration reports which version of the spec is being synced.
 	// If this value is not equal to metadata.generation, then the desired
 	// and conditions fields may represent a previous version.
 	// +kubebuilder:validation:Required
 	// +required
 	ObservedGeneration int64 `json:"observedGeneration"`
 	// versionHash is a fingerprint of the content that the cluster will be
 	// updated with. It is used by the operator to avoid unnecessary work
 	// and is for internal use only.
 	// +kubebuilder:validation:Required
 	// +required
 	VersionHash string `json:"versionHash"`
 	// conditions provides information about the cluster version. The condition
 	// "Available" is set to true if the desiredUpdate has been reached. The
 	// condition "Progressing" is set to true if an update is being applied.
 	// The condition "Degraded" is set to true if an update is currently blocked
 	// by a temporary or permanent error. Conditions are only valid for the
 	// current desiredUpdate when metadata.generation is equal to
 	// status.generation.
 	// +optional
 	Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty"`
 	// availableUpdates contains the list of updates that are appropriate
 	// for this cluster. This list may be empty if no updates are recommended,
 	// if the update service is unavailable, or if an invalid channel has
 	// been specified.
 	// +nullable
 	// +kubebuilder:validation:Required
 	// +required
 	AvailableUpdates []Update `json:"availableUpdates"`
 }
 // UpdateState is a constant representing whether an update was successfully
 // applied to the cluster or not.
 type UpdateState string
 const (
 	// CompletedUpdate indicates an update was successfully applied
 	// to the cluster (all resource updates were successful).
 	CompletedUpdate UpdateState = "Completed"
 	// PartialUpdate indicates an update was never completely applied
 	// or is currently being applied.
 	PartialUpdate UpdateState = "Partial"
 )
 // UpdateHistory is a single attempted update to the cluster.
 type UpdateHistory struct {
 	// state reflects whether the update was fully applied. The Partial state
 	// indicates the update is not fully applied, while the Completed state
 	// indicates the update was successfully rolled out at least once (all
 	// parts of the update successfully applied).
 	// +kubebuilder:validation:Required
 	// +required
 	State UpdateState `json:"state"`
 	// startedTime is the time at which the update was started.
 	// +kubebuilder:validation:Required
 	// +required
 	StartedTime metav1.Time `json:"startedTime"`
 	// completionTime, if set, is when the update was fully applied. The update
 	// that is currently being applied will have a null completion time.
 	// Completion time will always be set for entries that are not the current
 	// update (usually to the started time of the next update).
 	// +kubebuilder:validation:Required
 	// +required
 	// +nullable
 	CompletionTime *metav1.Time `json:"completionTime"`
 	// version is a semantic versioning identifying the update version. If the
 	// requested image does not define a version, or if a failure occurs
 	// retrieving the image, this value may be empty.
 	//
 	// +optional
 	Version string `json:"version"`
 	// image is a container image location that contains the update. This value
 	// is always populated.
 	// +kubebuilder:validation:Required
 	// +required
 	Image string `json:"image"`
 	// verified indicates whether the provided update was properly verified
 	// before it was installed. If this is false the cluster may not be trusted.
 	// +kubebuilder:validation:Required
 	// +required
 	Verified bool `json:"verified"`
 }
 // ClusterID is string RFC4122 uuid.
 type ClusterID string
 // ComponentOverride allows overriding cluster version operator's behavior
 // for a component.
 // +k8s:deepcopy-gen=true
 type ComponentOverride struct {
 	// kind indentifies which object to override.
 	// +kubebuilder:validation:Required
 	// +required
 	Kind string `json:"kind"`
 	// group identifies the API group that the kind is in.
 	// +kubebuilder:validation:Required
 	// +required
 	Group string `json:"group"`
 	// namespace is the component's namespace. If the resource is cluster
 	// scoped, the namespace should be empty.
 	// +kubebuilder:validation:Required
 	// +required
 	Namespace string `json:"namespace"`
 	// name is the component's name.
 	// +kubebuilder:validation:Required
 	// +required
 	Name string `json:"name"`
 	// unmanaged controls if cluster version operator should stop managing the
 	// resources in this cluster.
 	// Default: false
 	// +kubebuilder:validation:Required
 	// +required
 	Unmanaged bool `json:"unmanaged"`
 }
 // URL is a thin wrapper around string that ensures the string is a valid URL.
 type URL string
 // Update represents a release of the ClusterVersionOperator, referenced by the
 // Image member.
 // +k8s:deepcopy-gen=true
 type Update struct {
 	// version is a semantic versioning identifying the update version. When this
 	// field is part of spec, version is optional if image is specified.
 	//
 	// +optional
 	Version string `json:"version"`
 	// image is a container image location that contains the update. When this
 	// field is part of spec, image is optional if version is specified and the
 	// availableUpdates field contains a matching version.
 	//
 	// +optional
 	Image string `json:"image"`
 	// force allows an administrator to update to an image that has failed
 	// verification, does not appear in the availableUpdates list, or otherwise
 	// would be blocked by normal protections on update. This option should only
 	// be used when the authenticity of the provided image has been verified out
 	// of band because the provided image will run with full administrative access
 	// to the cluster. Do not use this flag with images that comes from unknown
 	// or potentially malicious sources.
 	//
 	// This flag does not override other forms of consistency checking that are
 	// required before a new update is deployed.
 	//
 	// +optional
 	Force bool `json:"force"`
 }
 // RetrievedUpdates reports whether available updates have been retrieved from
 // the upstream update server. The condition is Unknown before retrieval, False
 // if the updates could not be retrieved or recently failed, or True if the
 // availableUpdates field is accurate and recent.
 const RetrievedUpdates ClusterStatusConditionType = "RetrievedUpdates"
 // ClusterVersionList is a list of ClusterVersion resources.
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type ClusterVersionList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []ClusterVersion `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_console.go
+++ b/vendor/github.com/openshift/api/config/v1/types_console.go
@ -1,62 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Console holds cluster-wide configuration for the web console, including the
 // logout URL, and reports the public URL of the console. The canonical name is
 // `cluster`.
 type Console struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec ConsoleSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status ConsoleStatus `json:"status"`
 }
 // ConsoleSpec is the specification of the desired behavior of the Console.
 type ConsoleSpec struct {
 	// +optional
 	Authentication ConsoleAuthentication `json:"authentication"`
 }
 // ConsoleStatus defines the observed status of the Console.
 type ConsoleStatus struct {
 	// The URL for the console. This will be derived from the host for the route that
 	// is created for the console.
 	ConsoleURL string `json:"consoleURL"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type ConsoleList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Console `json:"items"`
 }
 // ConsoleAuthentication defines a list of optional configuration for console authentication.
 type ConsoleAuthentication struct {
 	// An optional, absolute URL to redirect web browsers to after logging out of
 	// the console. If not specified, it will redirect to the default login page.
 	// This is required when using an identity provider that supports single
 	// sign-on (SSO) such as:
 	// - OpenID (Keycloak, Azure)
 	// - RequestHeader (GSSAPI, SSPI, SAML)
 	// - OAuth (GitHub, GitLab, Google)
 	// Logging out of the console will destroy the user's token. The logoutRedirect
 	// provides the user the option to perform single logout (SLO) through the identity
 	// provider to destroy their single sign-on session.
 	// +optional
 	// +kubebuilder:validation:Pattern=`^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$`
 	LogoutRedirect string `json:"logoutRedirect,omitempty"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_dns.go
+++ b/vendor/github.com/openshift/api/config/v1/types_dns.go
@ -1,87 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // DNS holds cluster-wide information about DNS. The canonical name is `cluster`
 type DNS struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec DNSSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status DNSStatus `json:"status"`
 }
 type DNSSpec struct {
 	// baseDomain is the base domain of the cluster. All managed DNS records will
 	// be sub-domains of this base.
 	//
 	// For example, given the base domain `openshift.example.com`, an API server
 	// DNS record may be created for `cluster-api.openshift.example.com`.
 	//
 	// Once set, this field cannot be changed.
 	BaseDomain string `json:"baseDomain"`
 	// publicZone is the location where all the DNS records that are publicly accessible to
 	// the internet exist.
 	//
 	// If this field is nil, no public records should be created.
 	//
 	// Once set, this field cannot be changed.
 	//
 	// +optional
 	PublicZone *DNSZone `json:"publicZone,omitempty"`
 	// privateZone is the location where all the DNS records that are only available internally
 	// to the cluster exist.
 	//
 	// If this field is nil, no private records should be created.
 	//
 	// Once set, this field cannot be changed.
 	//
 	// +optional
 	PrivateZone *DNSZone `json:"privateZone,omitempty"`
 }
 // DNSZone is used to define a DNS hosted zone.
 // A zone can be identified by an ID or tags.
 type DNSZone struct {
 	// id is the identifier that can be used to find the DNS hosted zone.
 	//
 	// on AWS zone can be fetched using `ID` as id in [1]
 	// on Azure zone can be fetched using `ID` as a pre-determined name in [2],
 	// on GCP zone can be fetched using `ID` as a pre-determined name in [3].
 	//
 	// [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
 	// [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
 	// [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
 	// +optional
 	ID string `json:"id,omitempty"`
 	// tags can be used to query the DNS hosted zone.
 	//
 	// on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,
 	//
 	// [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
 	// +optional
 	Tags map[string]string `json:"tags,omitempty"`
 }
 type DNSStatus struct {
 	// dnsSuffix (service-ca amongst others)
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type DNSList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []DNS `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_feature.go
+++ b/vendor/github.com/openshift/api/config/v1/types_feature.go
@ -1,194 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Feature holds cluster-wide information about feature gates.  The canonical name is `cluster`
 type FeatureGate struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec FeatureGateSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status FeatureGateStatus `json:"status"`
 }
 type FeatureSet string
 var (
 	// Default feature set that allows upgrades.
 	Default FeatureSet = ""
 	// TechPreviewNoUpgrade turns on tech preview features that are not part of the normal supported platform. Turning
 	// this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES.
 	TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade"
 	// CustomNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
 	// Because of its nature, this setting cannot be validated.  If you have any typos or accidentally apply invalid combinations
 	// your cluster may fail in an unrecoverable way.
 	CustomNoUpgrade FeatureSet = "CustomNoUpgrade"
 	// TopologyManager enables ToplogyManager support. Upgrades are enabled with this feature.
 	LatencySensitive FeatureSet = "LatencySensitive"
 )
 type FeatureGateSpec struct {
 	FeatureGateSelection `json:",inline"`
 }
 // +union
 type FeatureGateSelection struct {
 	// featureSet changes the list of features in the cluster.  The default is empty.  Be very careful adjusting this setting.
 	// Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
 	// +unionDiscriminator
 	// +optional
 	FeatureSet FeatureSet `json:"featureSet,omitempty"`
 	// customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
 	// Because of its nature, this setting cannot be validated.  If you have any typos or accidentally apply invalid combinations
 	// your cluster may fail in an unrecoverable way.  featureSet must equal "CustomNoUpgrade" must be set to use this field.
 	// +optional
 	// +nullable
 	CustomNoUpgrade *CustomFeatureGates `json:"customNoUpgrade,omitempty"`
 }
 type CustomFeatureGates struct {
 	// enabled is a list of all feature gates that you want to force on
 	// +optional
 	Enabled []string `json:"enabled,omitempty"`
 	// disabled is a list of all feature gates that you want to force off
 	// +optional
 	Disabled []string `json:"disabled,omitempty"`
 }
 type FeatureGateStatus struct {
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type FeatureGateList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []FeatureGate `json:"items"`
 }
 type FeatureGateEnabledDisabled struct {
 	Enabled  []string
 	Disabled []string
 }
 // FeatureSets Contains a map of Feature names to Enabled/Disabled Feature.
 //
 // NOTE: The caller needs to make sure to check for the existence of the value
 // using golang's existence field. A possible scenario is an upgrade where new
 // FeatureSets are added and a controller has not been upgraded with a newer
 // version of this file. In this upgrade scenario the map could return nil.
 //
 // example:
 //   if featureSet, ok := FeatureSets["SomeNewFeature"]; ok { }
 //
 // If you put an item in either of these lists, put your area and name on it so we can find owners.
 var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{
 	Default: defaultFeatures,
 	CustomNoUpgrade: {
 		Enabled:  []string{},
 		Disabled: []string{},
 	},
 	TechPreviewNoUpgrade: newDefaultFeatures().toFeatures(),
 	LatencySensitive: newDefaultFeatures().
 		with(
 			"TopologyManager", // sig-pod, sjenning
 		).
 		toFeatures(),
 }
 var defaultFeatures = &FeatureGateEnabledDisabled{
 	Enabled: []string{
 		"RotateKubeletServerCertificate", // sig-pod, sjenning
 		"SupportPodPidsLimit",            // sig-pod, sjenning
 		"NodeDisruptionExclusion",        // sig-scheduling, ccoleman
 		"ServiceNodeExclusion",           // sig-scheduling, ccoleman
 		"SCTPSupport",                    // sig-network, ccallend
 	},
 	Disabled: []string{
 		"LegacyNodeRoleBehavior", // sig-scheduling, ccoleman
 	},
 }
 type featureSetBuilder struct {
 	forceOn  []string
 	forceOff []string
 }
 func newDefaultFeatures() *featureSetBuilder {
 	return &featureSetBuilder{}
 }
 func (f *featureSetBuilder) with(forceOn ...string) *featureSetBuilder {
 	f.forceOn = append(f.forceOn, forceOn...)
 	return f
 }
 func (f *featureSetBuilder) without(forceOff ...string) *featureSetBuilder {
 	f.forceOff = append(f.forceOff, forceOff...)
 	return f
 }
 func (f *featureSetBuilder) isForcedOff(needle string) bool {
 	for _, forcedOff := range f.forceOff {
 		if needle == forcedOff {
 			return true
 		}
 	}
 	return false
 }
 func (f *featureSetBuilder) isForcedOn(needle string) bool {
 	for _, forceOn := range f.forceOn {
 		if needle == forceOn {
 			return true
 		}
 	}
 	return false
 }
 func (f *featureSetBuilder) toFeatures() *FeatureGateEnabledDisabled {
 	finalOn := []string{}
 	finalOff := []string{}
 	// only add the default enabled features if they haven't been explicitly set off
 	for _, defaultOn := range defaultFeatures.Enabled {
 		if !f.isForcedOff(defaultOn) {
 			finalOn = append(finalOn, defaultOn)
 		}
 	}
 	for _, currOn := range f.forceOn {
 		if f.isForcedOff(currOn) {
 			panic("coding error, you can't have features both on and off")
 		}
 		finalOn = append(finalOn, currOn)
 	}
 	// only add the default disabled features if they haven't been explicitly set on
 	for _, defaultOff := range defaultFeatures.Disabled {
 		if !f.isForcedOn(defaultOff) {
 			finalOff = append(finalOff, defaultOff)
 		}
 	}
 	for _, currOff := range f.forceOff {
 		finalOff = append(finalOff, currOff)
 	}
 	return &FeatureGateEnabledDisabled{
 		Enabled:  finalOn,
 		Disabled: finalOff,
 	}
 }
--- a/vendor/github.com/openshift/api/config/v1/types_image.go
+++ b/vendor/github.com/openshift/api/config/v1/types_image.go
@ -1,115 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Image governs policies related to imagestream imports and runtime configuration
 // for external registries. It allows cluster admins to configure which registries
 // OpenShift is allowed to import images from, extra CA trust bundles for external
 // registries, and policies to blacklist/whitelist registry hostnames.
 // When exposing OpenShift's image registry to the public, this also lets cluster
 // admins specify the external hostname.
 type Image struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec ImageSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status ImageStatus `json:"status"`
 }
 type ImageSpec struct {
 	// allowedRegistriesForImport limits the container image registries that normal users may import
 	// images from. Set this list to the registries that you trust to contain valid Docker
 	// images and that you want applications to be able to import from. Users with
 	// permission to create Images or ImageStreamMappings via the API are not affected by
 	// this policy - typically only administrators or system integrations will have those
 	// permissions.
 	// +optional
 	AllowedRegistriesForImport []RegistryLocation `json:"allowedRegistriesForImport,omitempty"`
 	// externalRegistryHostnames provides the hostnames for the default external image
 	// registry. The external hostname should be set only when the image registry
 	// is exposed externally. The first value is used in 'publicDockerImageRepository'
 	// field in ImageStreams. The value must be in "hostname[:port]" format.
 	// +optional
 	ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
 	// additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
 	// should be trusted during imagestream import, pod image pull, build image pull, and
 	// imageregistry pullthrough.
 	// The namespace for this config map is openshift-config.
 	// +optional
 	AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"`
 	// registrySources contains configuration that determines how the container runtime
 	// should treat individual registries when accessing images for builds+pods. (e.g.
 	// whether or not to allow insecure access).  It does not contain configuration for the
 	// internal cluster registry.
 	// +optional
 	RegistrySources RegistrySources `json:"registrySources"`
 }
 type ImageStatus struct {
 	// internalRegistryHostname sets the hostname for the default internal image
 	// registry. The value must be in "hostname[:port]" format.
 	// This value is set by the image registry operator which controls the internal registry
 	// hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY
 	// environment variable but this setting overrides the environment variable.
 	// +optional
 	InternalRegistryHostname string `json:"internalRegistryHostname,omitempty"`
 	// externalRegistryHostnames provides the hostnames for the default external image
 	// registry. The external hostname should be set only when the image registry
 	// is exposed externally. The first value is used in 'publicDockerImageRepository'
 	// field in ImageStreams. The value must be in "hostname[:port]" format.
 	// +optional
 	ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type ImageList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Image `json:"items"`
 }
 // RegistryLocation contains a location of the registry specified by the registry domain
 // name. The domain name might include wildcards, like '*' or '??'.
 type RegistryLocation struct {
 	// domainName specifies a domain name for the registry
 	// In case the registry use non-standard (80 or 443) port, the port should be included
 	// in the domain name as well.
 	DomainName string `json:"domainName"`
 	// insecure indicates whether the registry is secure (https) or insecure (http)
 	// By default (if not specified) the registry is assumed as secure.
 	// +optional
 	Insecure bool `json:"insecure,omitempty"`
 }
 // RegistrySources holds cluster-wide information about how to handle the registries config.
 type RegistrySources struct {
 	// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
 	// +optional
 	InsecureRegistries []string `json:"insecureRegistries,omitempty"`
 	// blockedRegistries are blacklisted from image pull/push. All other registries are allowed.
 	//
 	// Only one of BlockedRegistries or AllowedRegistries may be set.
 	// +optional
 	BlockedRegistries []string `json:"blockedRegistries,omitempty"`
 	// allowedRegistries are whitelisted for image pull/push. All other registries are blocked.
 	//
 	// Only one of BlockedRegistries or AllowedRegistries may be set.
 	// +optional
 	AllowedRegistries []string `json:"allowedRegistries,omitempty"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
+++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
@ -1,241 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Infrastructure holds cluster-wide information about Infrastructure.  The canonical name is `cluster`
 type Infrastructure struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec InfrastructureSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status InfrastructureStatus `json:"status"`
 }
 // InfrastructureSpec contains settings that apply to the cluster infrastructure.
 type InfrastructureSpec struct {
 	// cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.
 	// This configuration file is used to configure the Kubernetes cloud provider integration
 	// when using the built-in cloud provider integration or the external cloud controller manager.
 	// The namespace for this config map is openshift-config.
 	// +optional
 	CloudConfig ConfigMapFileReference `json:"cloudConfig"`
 }
 // InfrastructureStatus describes the infrastructure the cluster is leveraging.
 type InfrastructureStatus struct {
 	// infrastructureName uniquely identifies a cluster with a human friendly name.
 	// Once set it should not be changed. Must be of max length 27 and must have only
 	// alphanumeric or hyphen characters.
 	InfrastructureName string `json:"infrastructureName"`
 	// platform is the underlying infrastructure provider for the cluster.
 	//
 	// Deprecated: Use platformStatus.type instead.
 	Platform PlatformType `json:"platform,omitempty"`
 	// platformStatus holds status information specific to the underlying
 	// infrastructure provider.
 	// +optional
 	PlatformStatus *PlatformStatus `json:"platformStatus,omitempty"`
 	// etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering
 	// etcd servers and clients.
 	// For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery
 	EtcdDiscoveryDomain string `json:"etcdDiscoveryDomain"`
 	// apiServerURL is a valid URI with scheme(http/https), address and
 	// port.  apiServerURL can be used by components like the web console
 	// to tell users where to find the Kubernetes API.
 	APIServerURL string `json:"apiServerURL"`
 	// apiServerInternalURL is a valid URI with scheme(http/https),
 	// address and port.  apiServerInternalURL can be used by components
 	// like kubelets, to contact the Kubernetes API server using the
 	// infrastructure provider rather than Kubernetes networking.
 	APIServerInternalURL string `json:"apiServerInternalURI"`
 }
 // PlatformType is a specific supported infrastructure provider.
 type PlatformType string
 const (
 	// AWSPlatformType represents Amazon Web Services infrastructure.
 	AWSPlatformType PlatformType = "AWS"
 	// AzurePlatformType represents Microsoft Azure infrastructure.
 	AzurePlatformType PlatformType = "Azure"
 	// BareMetalPlatformType represents managed bare metal infrastructure.
 	BareMetalPlatformType PlatformType = "BareMetal"
 	// GCPPlatformType represents Google Cloud Platform infrastructure.
 	GCPPlatformType PlatformType = "GCP"
 	// LibvirtPlatformType represents libvirt infrastructure.
 	LibvirtPlatformType PlatformType = "Libvirt"
 	// OpenStackPlatformType represents OpenStack infrastructure.
 	OpenStackPlatformType PlatformType = "OpenStack"
 	// NonePlatformType means there is no infrastructure provider.
 	NonePlatformType PlatformType = "None"
 	// VSpherePlatformType represents VMWare vSphere infrastructure.
 	VSpherePlatformType PlatformType = "VSphere"
 	// OvirtPlatformType represents oVirt/RHV infrastructure.
 	OvirtPlatformType PlatformType = "oVirt"
 )
 // PlatformStatus holds the current status specific to the underlying infrastructure provider
 // of the current cluster. Since these are used at status-level for the underlying cluster, it
 // is supposed that only one of the status structs is set.
 type PlatformStatus struct {
 	// type is the underlying infrastructure provider for the cluster. This
 	// value controls whether infrastructure automation such as service load
 	// balancers, dynamic volume provisioning, machine creation and deletion, and
 	// other integrations are enabled. If None, no infrastructure automation is
 	// enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
 	// "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support
 	// all platforms, and must handle unrecognized platforms as None if they do
 	// not support that platform.
 	Type PlatformType `json:"type"`
 	// AWS contains settings specific to the Amazon Web Services infrastructure provider.
 	// +optional
 	AWS *AWSPlatformStatus `json:"aws,omitempty"`
 	// Azure contains settings specific to the Azure infrastructure provider.
 	// +optional
 	Azure *AzurePlatformStatus `json:"azure,omitempty"`
 	// GCP contains settings specific to the Google Cloud Platform infrastructure provider.
 	// +optional
 	GCP *GCPPlatformStatus `json:"gcp,omitempty"`
 	// BareMetal contains settings specific to the BareMetal platform.
 	// +optional
 	BareMetal *BareMetalPlatformStatus `json:"baremetal,omitempty"`
 	// OpenStack contains settings specific to the OpenStack infrastructure provider.
 	// +optional
 	OpenStack *OpenStackPlatformStatus `json:"openstack,omitempty"`
 	// Ovirt contains settings specific to the oVirt infrastructure provider.
 	// +optional
 	Ovirt *OvirtPlatformStatus `json:"ovirt,omitempty"`
 }
 // AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.
 type AWSPlatformStatus struct {
 	// region holds the default AWS region for new AWS resources created by the cluster.
 	Region string `json:"region"`
 }
 // AzurePlatformStatus holds the current status of the Azure infrastructure provider.
 type AzurePlatformStatus struct {
 	// resourceGroupName is the Resource Group for new Azure resources created for the cluster.
 	ResourceGroupName string `json:"resourceGroupName"`
 	// networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster.
 	// If empty, the value is same as ResourceGroupName.
 	// +optional
 	NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"`
 }
 // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.
 type GCPPlatformStatus struct {
 	// resourceGroupName is the Project ID for new GCP resources created for the cluster.
 	ProjectID string `json:"projectID"`
 	// region holds the region for new GCP resources created for the cluster.
 	Region string `json:"region"`
 }
 // BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider.
 // For more information about the network architecture used with the BareMetal platform type, see:
 // https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md
 type BareMetalPlatformStatus struct {
 	// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
 	// by components inside the cluster, like kubelets using the infrastructure rather
 	// than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
 	// points to. It is the IP for a self-hosted load balancer in front of the API servers.
 	APIServerInternalIP string `json:"apiServerInternalIP,omitempty"`
 	// ingressIP is an external IP which routes to the default ingress controller.
 	// The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
 	IngressIP string `json:"ingressIP,omitempty"`
 	// nodeDNSIP is the IP address for the internal DNS used by the
 	// nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
 	// provides name resolution for the nodes themselves. There is no DNS-as-a-service for
 	// BareMetal deployments. In order to minimize necessary changes to the
 	// datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
 	// to the nodes in the cluster.
 	NodeDNSIP string `json:"nodeDNSIP,omitempty"`
 }
 // OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.
 type OpenStackPlatformStatus struct {
 	// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
 	// by components inside the cluster, like kubelets using the infrastructure rather
 	// than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
 	// points to. It is the IP for a self-hosted load balancer in front of the API servers.
 	APIServerInternalIP string `json:"apiServerInternalIP,omitempty"`
 	// cloudName is the name of the desired OpenStack cloud in the
 	// client configuration file (`clouds.yaml`).
 	CloudName string `json:"cloudName,omitempty"`
 	// ingressIP is an external IP which routes to the default ingress controller.
 	// The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
 	IngressIP string `json:"ingressIP,omitempty"`
 	// nodeDNSIP is the IP address for the internal DNS used by the
 	// nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
 	// provides name resolution for the nodes themselves. There is no DNS-as-a-service for
 	// OpenStack deployments. In order to minimize necessary changes to the
 	// datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
 	// to the nodes in the cluster.
 	NodeDNSIP string `json:"nodeDNSIP,omitempty"`
 }
 // OvirtPlatformStatus holds the current status of the  oVirt infrastructure provider.
 type OvirtPlatformStatus struct {
 	// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
 	// by components inside the cluster, like kubelets using the infrastructure rather
 	// than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
 	// points to. It is the IP for a self-hosted load balancer in front of the API servers.
 	APIServerInternalIP string `json:"apiServerInternalIP,omitempty"`
 	// ingressIP is an external IP which routes to the default ingress controller.
 	// The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
 	IngressIP string `json:"ingressIP,omitempty"`
 	// nodeDNSIP is the IP address for the internal DNS used by the
 	// nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
 	// provides name resolution for the nodes themselves. There is no DNS-as-a-service for
 	// oVirt deployments. In order to minimize necessary changes to the
 	// datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
 	// to the nodes in the cluster.
 	NodeDNSIP string `json:"nodeDNSIP,omitempty"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // InfrastructureList is
 type InfrastructureList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Infrastructure `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_ingress.go
+++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go
@ -1,46 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Ingress holds cluster-wide information about ingress, including the default ingress domain
 // used for routes. The canonical name is `cluster`.
 type Ingress struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec IngressSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status IngressStatus `json:"status"`
 }
 type IngressSpec struct {
 	// domain is used to generate a default host name for a route when the
 	// route's host name is empty. The generated host name will follow this
 	// pattern: "<route-name>.<route-namespace>.<domain>".
 	//
 	// It is also used as the default wildcard domain suffix for ingress. The
 	// default ingresscontroller domain will follow this pattern: "*.<domain>".
 	//
 	// Once set, changing domain is not currently supported.
 	Domain string `json:"domain"`
 }
 type IngressStatus struct {
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type IngressList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Ingress `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_network.go
+++ b/vendor/github.com/openshift/api/config/v1/types_network.go
@ -1,122 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc.
 // Please view network.spec for an explanation on what applies when configuring this resource.
 type Network struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration.
 	// As a general rule, this SHOULD NOT be read directly. Instead, you should
 	// consume the NetworkStatus, as it indicates the currently deployed configuration.
 	// Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
 	// +kubebuilder:validation:Required
 	// +required
 	Spec NetworkSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status NetworkStatus `json:"status"`
 }
 // NetworkSpec is the desired network configuration.
 // As a general rule, this SHOULD NOT be read directly. Instead, you should
 // consume the NetworkStatus, as it indicates the currently deployed configuration.
 // Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
 type NetworkSpec struct {
 	// IP address pool to use for pod IPs.
 	// This field is immutable after installation.
 	ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"`
 	// IP address pool for services.
 	// Currently, we only support a single entry here.
 	// This field is immutable after installation.
 	ServiceNetwork []string `json:"serviceNetwork"`
 	// NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN).
 	// This should match a value that the cluster-network-operator understands,
 	// or else no networking will be installed.
 	// Currently supported values are:
 	// - OpenShiftSDN
 	// This field is immutable after installation.
 	NetworkType string `json:"networkType"`
 	// externalIP defines configuration for controllers that
 	// affect Service.ExternalIP. If nil, then ExternalIP is
 	// not allowed to be set.
 	// +optional
 	ExternalIP *ExternalIPConfig `json:"externalIP,omitempty"`
 }
 // NetworkStatus is the current network configuration.
 type NetworkStatus struct {
 	// IP address pool to use for pod IPs.
 	ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork,omitempty"`
 	// IP address pool for services.
 	// Currently, we only support a single entry here.
 	ServiceNetwork []string `json:"serviceNetwork,omitempty"`
 	// NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
 	NetworkType string `json:"networkType,omitempty"`
 	// ClusterNetworkMTU is the MTU for inter-pod networking.
 	ClusterNetworkMTU int `json:"clusterNetworkMTU,omitempty"`
 }
 // ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
 // are allocated.
 type ClusterNetworkEntry struct {
 	// The complete block for pod IPs.
 	CIDR string `json:"cidr"`
 	// The size (prefix) of block to allocate to each node.
 	// +kubebuilder:validation:Minimum=0
 	HostPrefix uint32 `json:"hostPrefix"`
 }
 // ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field
 // of a Service resource.
 type ExternalIPConfig struct {
 	// policy is a set of restrictions applied to the ExternalIP field.
 	// If nil or empty, then ExternalIP is not allowed to be set.
 	// +optional
 	Policy *ExternalIPPolicy `json:"policy,omitempty"`
 	// autoAssignCIDRs is a list of CIDRs from which to automatically assign
 	// Service.ExternalIP. These are assigned when the service is of type
 	// LoadBalancer. In general, this is only useful for bare-metal clusters.
 	// In Openshift 3.x, this was misleadingly called "IngressIPs".
 	// Automatically assigned External IPs are not affected by any
 	// ExternalIPPolicy rules.
 	// Currently, only one entry may be provided.
 	// +optional
 	AutoAssignCIDRs []string `json:"autoAssignCIDRs,omitempty"`
 }
 // ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP
 // field in a Service. If the zero struct is supplied, then none are permitted.
 // The policy controller always allows automatically assigned external IPs.
 type ExternalIPPolicy struct {
 	// allowedCIDRs is the list of allowed CIDRs.
 	AllowedCIDRs []string `json:"allowedCIDRs,omitempty"`
 	// rejectedCIDRs is the list of disallowed CIDRs. These take precedence
 	// over allowedCIDRs.
 	// +optional
 	RejectedCIDRs []string `json:"rejectedCIDRs,omitempty"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type NetworkList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Network `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_oauth.go
+++ b/vendor/github.com/openshift/api/config/v1/types_oauth.go
@ -1,557 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // OAuth Server and Identity Provider Config
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // OAuth holds cluster-wide information about OAuth.  The canonical name is `cluster`.
 // It is used to configure the integrated OAuth server.
 // This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.
 type OAuth struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata"`
 	// +kubebuilder:validation:Required
 	// +required
 	Spec OAuthSpec `json:"spec"`
 	// +optional
 	Status OAuthStatus `json:"status"`
 }
 // OAuthSpec contains desired cluster auth configuration
 type OAuthSpec struct {
 	// identityProviders is an ordered list of ways for a user to identify themselves.
 	// When this list is empty, no identities are provisioned for users.
 	// +optional
 	IdentityProviders []IdentityProvider `json:"identityProviders,omitempty"`
 	// tokenConfig contains options for authorization and access tokens
 	TokenConfig TokenConfig `json:"tokenConfig"`
 	// templates allow you to customize pages like the login page.
 	// +optional
 	Templates OAuthTemplates `json:"templates"`
 }
 // OAuthStatus shows current known state of OAuth server in the cluster
 type OAuthStatus struct {
 	// TODO Fill in with status of identityProviders and templates (and maybe tokenConfig)
 }
 // TokenConfig holds the necessary configuration options for authorization and access tokens
 type TokenConfig struct {
 	// accessTokenMaxAgeSeconds defines the maximum age of access tokens
 	AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds"`
 	// accessTokenInactivityTimeoutSeconds defines the default token
 	// inactivity timeout for tokens granted by any client.
 	// The value represents the maximum amount of time that can occur between
 	// consecutive uses of the token. Tokens become invalid if they are not
 	// used within this temporal window. The user will need to acquire a new
 	// token to regain access once a token times out.
 	// Valid values are integer values:
 	//   x < 0  Tokens time out is enabled but tokens never timeout unless configured per client (e.g. `-1`)
 	//   x = 0  Tokens time out is disabled (default)
 	//   x > 0  Tokens time out if there is no activity for x seconds
 	// The current minimum allowed value for X is 300 (5 minutes)
 	// +optional
 	AccessTokenInactivityTimeoutSeconds int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty"`
 }
 const (
 	// LoginTemplateKey is the key of the login template in a secret
 	LoginTemplateKey = "login.html"
 	// ProviderSelectionTemplateKey is the key for the provider selection template in a secret
 	ProviderSelectionTemplateKey = "providers.html"
 	// ErrorsTemplateKey is the key for the errors template in a secret
 	ErrorsTemplateKey = "errors.html"
 	// BindPasswordKey is the key for the LDAP bind password in a secret
 	BindPasswordKey = "bindPassword"
 	// ClientSecretKey is the key for the oauth client secret data in a secret
 	ClientSecretKey = "clientSecret"
 	// HTPasswdDataKey is the key for the htpasswd file data in a secret
 	HTPasswdDataKey = "htpasswd"
 )
 // OAuthTemplates allow for customization of pages like the login page
 type OAuthTemplates struct {
 	// login is the name of a secret that specifies a go template to use to render the login page.
 	// The key "login.html" is used to locate the template data.
 	// If specified and the secret or expected key is not found, the default login page is used.
 	// If the specified template is not valid, the default login page is used.
 	// If unspecified, the default login page is used.
 	// The namespace for this secret is openshift-config.
 	// +optional
 	Login SecretNameReference `json:"login"`
 	// providerSelection is the name of a secret that specifies a go template to use to render
 	// the provider selection page.
 	// The key "providers.html" is used to locate the template data.
 	// If specified and the secret or expected key is not found, the default provider selection page is used.
 	// If the specified template is not valid, the default provider selection page is used.
 	// If unspecified, the default provider selection page is used.
 	// The namespace for this secret is openshift-config.
 	// +optional
 	ProviderSelection SecretNameReference `json:"providerSelection"`
 	// error is the name of a secret that specifies a go template to use to render error pages
 	// during the authentication or grant flow.
 	// The key "errors.html" is used to locate the template data.
 	// If specified and the secret or expected key is not found, the default error page is used.
 	// If the specified template is not valid, the default error page is used.
 	// If unspecified, the default error page is used.
 	// The namespace for this secret is openshift-config.
 	// +optional
 	Error SecretNameReference `json:"error"`
 }
 // IdentityProvider provides identities for users authenticating using credentials
 type IdentityProvider struct {
 	// name is used to qualify the identities returned by this provider.
 	// - It MUST be unique and not shared by any other identity provider used
 	// - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":"
 	//   Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName
 	Name string `json:"name"`
 	// mappingMethod determines how identities from this provider are mapped to users
 	// Defaults to "claim"
 	// +optional
 	MappingMethod MappingMethodType `json:"mappingMethod,omitempty"`
 	IdentityProviderConfig `json:",inline"`
 }
 // MappingMethodType specifies how new identities should be mapped to users when they log in
 type MappingMethodType string
 const (
 	// MappingMethodClaim provisions a user with the identity’s preferred user name. Fails if a user
 	// with that user name is already mapped to another identity.
 	// Default.
 	MappingMethodClaim MappingMethodType = "claim"
 	// MappingMethodLookup looks up existing users already mapped to an identity but does not
 	// automatically provision users or identities. Requires identities and users be set up
 	// manually or using an external process.
 	MappingMethodLookup MappingMethodType = "lookup"
 	// MappingMethodAdd provisions a user with the identity’s preferred user name. If a user with
 	// that user name already exists, the identity is mapped to the existing user, adding to any
 	// existing identity mappings for the user.
 	MappingMethodAdd MappingMethodType = "add"
 )
 type IdentityProviderType string
 const (
 	// IdentityProviderTypeBasicAuth provides identities for users authenticating with HTTP Basic Auth
 	IdentityProviderTypeBasicAuth IdentityProviderType = "BasicAuth"
 	// IdentityProviderTypeGitHub provides identities for users authenticating using GitHub credentials
 	IdentityProviderTypeGitHub IdentityProviderType = "GitHub"
 	// IdentityProviderTypeGitLab provides identities for users authenticating using GitLab credentials
 	IdentityProviderTypeGitLab IdentityProviderType = "GitLab"
 	// IdentityProviderTypeGoogle provides identities for users authenticating using Google credentials
 	IdentityProviderTypeGoogle IdentityProviderType = "Google"
 	// IdentityProviderTypeHTPasswd provides identities from an HTPasswd file
 	IdentityProviderTypeHTPasswd IdentityProviderType = "HTPasswd"
 	// IdentityProviderTypeKeystone provides identitities for users authenticating using keystone password credentials
 	IdentityProviderTypeKeystone IdentityProviderType = "Keystone"
 	// IdentityProviderTypeLDAP provides identities for users authenticating using LDAP credentials
 	IdentityProviderTypeLDAP IdentityProviderType = "LDAP"
 	// IdentityProviderTypeOpenID provides identities for users authenticating using OpenID credentials
 	IdentityProviderTypeOpenID IdentityProviderType = "OpenID"
 	// IdentityProviderTypeRequestHeader provides identities for users authenticating using request header credentials
 	IdentityProviderTypeRequestHeader IdentityProviderType = "RequestHeader"
 )
 // IdentityProviderConfig contains configuration for using a specific identity provider
 type IdentityProviderConfig struct {
 	// type identifies the identity provider type for this entry.
 	Type IdentityProviderType `json:"type"`
 	// Provider-specific configuration
 	// The json tag MUST match the `Type` specified above, case-insensitively
 	// e.g. For `Type: "LDAP"`, the `ldap` configuration should be provided
 	// basicAuth contains configuration options for the BasicAuth IdP
 	// +optional
 	BasicAuth *BasicAuthIdentityProvider `json:"basicAuth,omitempty"`
 	// github enables user authentication using GitHub credentials
 	// +optional
 	GitHub *GitHubIdentityProvider `json:"github,omitempty"`
 	// gitlab enables user authentication using GitLab credentials
 	// +optional
 	GitLab *GitLabIdentityProvider `json:"gitlab,omitempty"`
 	// google enables user authentication using Google credentials
 	// +optional
 	Google *GoogleIdentityProvider `json:"google,omitempty"`
 	// htpasswd enables user authentication using an HTPasswd file to validate credentials
 	// +optional
 	HTPasswd *HTPasswdIdentityProvider `json:"htpasswd,omitempty"`
 	// keystone enables user authentication using keystone password credentials
 	// +optional
 	Keystone *KeystoneIdentityProvider `json:"keystone,omitempty"`
 	// ldap enables user authentication using LDAP credentials
 	// +optional
 	LDAP *LDAPIdentityProvider `json:"ldap,omitempty"`
 	// openID enables user authentication using OpenID credentials
 	// +optional
 	OpenID *OpenIDIdentityProvider `json:"openID,omitempty"`
 	// requestHeader enables user authentication using request header credentials
 	// +optional
 	RequestHeader *RequestHeaderIdentityProvider `json:"requestHeader,omitempty"`
 }
 // BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials
 type BasicAuthIdentityProvider struct {
 	// OAuthRemoteConnectionInfo contains information about how to connect to the external basic auth server
 	OAuthRemoteConnectionInfo `json:",inline"`
 }
 // OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection
 type OAuthRemoteConnectionInfo struct {
 	// url is the remote URL to connect to
 	URL string `json:"url"`
 	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
 	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
 	// The key "ca.crt" is used to locate the data.
 	// If specified and the config map or expected key is not found, the identity provider is not honored.
 	// If the specified ca data is not valid, the identity provider is not honored.
 	// If empty, the default system roots are used.
 	// The namespace for this config map is openshift-config.
 	// +optional
 	CA ConfigMapNameReference `json:"ca"`
 	// tlsClientCert is an optional reference to a secret by name that contains the
 	// PEM-encoded TLS client certificate to present when connecting to the server.
 	// The key "tls.crt" is used to locate the data.
 	// If specified and the secret or expected key is not found, the identity provider is not honored.
 	// If the specified certificate data is not valid, the identity provider is not honored.
 	// The namespace for this secret is openshift-config.
 	// +optional
 	TLSClientCert SecretNameReference `json:"tlsClientCert"`
 	// tlsClientKey is an optional reference to a secret by name that contains the
 	// PEM-encoded TLS private key for the client certificate referenced in tlsClientCert.
 	// The key "tls.key" is used to locate the data.
 	// If specified and the secret or expected key is not found, the identity provider is not honored.
 	// If the specified certificate data is not valid, the identity provider is not honored.
 	// The namespace for this secret is openshift-config.
 	// +optional
 	TLSClientKey SecretNameReference `json:"tlsClientKey"`
 }
 // HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials
 type HTPasswdIdentityProvider struct {
 	// fileData is a required reference to a secret by name containing the data to use as the htpasswd file.
 	// The key "htpasswd" is used to locate the data.
 	// If the secret or expected key is not found, the identity provider is not honored.
 	// If the specified htpasswd data is not valid, the identity provider is not honored.
 	// The namespace for this secret is openshift-config.
 	FileData SecretNameReference `json:"fileData"`
 }
 // LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials
 type LDAPIdentityProvider struct {
 	// url is an RFC 2255 URL which specifies the LDAP search parameters to use.
 	// The syntax of the URL is:
 	// ldap://host:port/basedn?attribute?scope?filter
 	URL string `json:"url"`
 	// bindDN is an optional DN to bind with during the search phase.
 	// +optional
 	BindDN string `json:"bindDN"`
 	// bindPassword is an optional reference to a secret by name
 	// containing a password to bind with during the search phase.
 	// The key "bindPassword" is used to locate the data.
 	// If specified and the secret or expected key is not found, the identity provider is not honored.
 	// The namespace for this secret is openshift-config.
 	// +optional
 	BindPassword SecretNameReference `json:"bindPassword"`
 	// insecure, if true, indicates the connection should not use TLS
 	// WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always
 	//          attempt to connect using TLS, even when `insecure` is set to `true`
 	// When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to
 	// a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.
 	Insecure bool `json:"insecure"`
 	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
 	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
 	// The key "ca.crt" is used to locate the data.
 	// If specified and the config map or expected key is not found, the identity provider is not honored.
 	// If the specified ca data is not valid, the identity provider is not honored.
 	// If empty, the default system roots are used.
 	// The namespace for this config map is openshift-config.
 	// +optional
 	CA ConfigMapNameReference `json:"ca"`
 	// attributes maps LDAP attributes to identities
 	Attributes LDAPAttributeMapping `json:"attributes"`
 }
 // LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields
 type LDAPAttributeMapping struct {
 	// id is the list of attributes whose values should be used as the user ID. Required.
 	// First non-empty attribute is used. At least one attribute is required. If none of the listed
 	// attribute have a value, authentication fails.
 	// LDAP standard identity attribute is "dn"
 	ID []string `json:"id"`
 	// preferredUsername is the list of attributes whose values should be used as the preferred username.
 	// LDAP standard login attribute is "uid"
 	// +optional
 	PreferredUsername []string `json:"preferredUsername,omitempty"`
 	// name is the list of attributes whose values should be used as the display name. Optional.
 	// If unspecified, no display name is set for the identity
 	// LDAP standard display name attribute is "cn"
 	// +optional
 	Name []string `json:"name,omitempty"`
 	// email is the list of attributes whose values should be used as the email address. Optional.
 	// If unspecified, no email is set for the identity
 	// +optional
 	Email []string `json:"email,omitempty"`
 }
 // KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials
 type KeystoneIdentityProvider struct {
 	// OAuthRemoteConnectionInfo contains information about how to connect to the keystone server
 	OAuthRemoteConnectionInfo `json:",inline"`
 	// domainName is required for keystone v3
 	DomainName string `json:"domainName"`
 	// TODO if we ever add support for 3.11 to 4.0 upgrades, add this configuration
 	// useUsernameIdentity indicates that users should be authenticated by username, not keystone ID
 	// DEPRECATED - only use this option for legacy systems to ensure backwards compatibility
 	// +optional
 	// UseUsernameIdentity bool `json:"useUsernameIdentity"`
 }
 // RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials
 type RequestHeaderIdentityProvider struct {
 	// loginURL is a URL to redirect unauthenticated /authorize requests to
 	// Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here
 	// ${url} is replaced with the current URL, escaped to be safe in a query parameter
 	//   https://www.example.com/sso-login?then=${url}
 	// ${query} is replaced with the current query string
 	//   https://www.example.com/auth-proxy/oauth/authorize?${query}
 	// Required when login is set to true.
 	LoginURL string `json:"loginURL"`
 	// challengeURL is a URL to redirect unauthenticated /authorize requests to
 	// Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be
 	// redirected here.
 	// ${url} is replaced with the current URL, escaped to be safe in a query parameter
 	//   https://www.example.com/sso-login?then=${url}
 	// ${query} is replaced with the current query string
 	//   https://www.example.com/auth-proxy/oauth/authorize?${query}
 	// Required when challenge is set to true.
 	ChallengeURL string `json:"challengeURL"`
 	// ca is a required reference to a config map by name containing the PEM-encoded CA bundle.
 	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
 	// Specifically, it allows verification of incoming requests to prevent header spoofing.
 	// The key "ca.crt" is used to locate the data.
 	// If the config map or expected key is not found, the identity provider is not honored.
 	// If the specified ca data is not valid, the identity provider is not honored.
 	// The namespace for this config map is openshift-config.
 	ClientCA ConfigMapNameReference `json:"ca"`
 	// clientCommonNames is an optional list of common names to require a match from. If empty, any
 	// client certificate validated against the clientCA bundle is considered authoritative.
 	// +optional
 	ClientCommonNames []string `json:"clientCommonNames,omitempty"`
 	// headers is the set of headers to check for identity information
 	Headers []string `json:"headers"`
 	// preferredUsernameHeaders is the set of headers to check for the preferred username
 	PreferredUsernameHeaders []string `json:"preferredUsernameHeaders"`
 	// nameHeaders is the set of headers to check for the display name
 	NameHeaders []string `json:"nameHeaders"`
 	// emailHeaders is the set of headers to check for the email address
 	EmailHeaders []string `json:"emailHeaders"`
 }
 // GitHubIdentityProvider provides identities for users authenticating using GitHub credentials
 type GitHubIdentityProvider struct {
 	// clientID is the oauth client ID
 	ClientID string `json:"clientID"`
 	// clientSecret is a required reference to the secret by name containing the oauth client secret.
 	// The key "clientSecret" is used to locate the data.
 	// If the secret or expected key is not found, the identity provider is not honored.
 	// The namespace for this secret is openshift-config.
 	ClientSecret SecretNameReference `json:"clientSecret"`
 	// organizations optionally restricts which organizations are allowed to log in
 	// +optional
 	Organizations []string `json:"organizations,omitempty"`
 	// teams optionally restricts which teams are allowed to log in. Format is <org>/<team>.
 	// +optional
 	Teams []string `json:"teams,omitempty"`
 	// hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of
 	// GitHub Enterprise.
 	// It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.
 	// +optional
 	Hostname string `json:"hostname"`
 	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
 	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
 	// The key "ca.crt" is used to locate the data.
 	// If specified and the config map or expected key is not found, the identity provider is not honored.
 	// If the specified ca data is not valid, the identity provider is not honored.
 	// If empty, the default system roots are used.
 	// This can only be configured when hostname is set to a non-empty value.
 	// The namespace for this config map is openshift-config.
 	// +optional
 	CA ConfigMapNameReference `json:"ca"`
 }
 // GitLabIdentityProvider provides identities for users authenticating using GitLab credentials
 type GitLabIdentityProvider struct {
 	// clientID is the oauth client ID
 	ClientID string `json:"clientID"`
 	// clientSecret is a required reference to the secret by name containing the oauth client secret.
 	// The key "clientSecret" is used to locate the data.
 	// If the secret or expected key is not found, the identity provider is not honored.
 	// The namespace for this secret is openshift-config.
 	ClientSecret SecretNameReference `json:"clientSecret"`
 	// url is the oauth server base URL
 	URL string `json:"url"`
 	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
 	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
 	// The key "ca.crt" is used to locate the data.
 	// If specified and the config map or expected key is not found, the identity provider is not honored.
 	// If the specified ca data is not valid, the identity provider is not honored.
 	// If empty, the default system roots are used.
 	// The namespace for this config map is openshift-config.
 	// +optional
 	CA ConfigMapNameReference `json:"ca"`
 }
 // GoogleIdentityProvider provides identities for users authenticating using Google credentials
 type GoogleIdentityProvider struct {
 	// clientID is the oauth client ID
 	ClientID string `json:"clientID"`
 	// clientSecret is a required reference to the secret by name containing the oauth client secret.
 	// The key "clientSecret" is used to locate the data.
 	// If the secret or expected key is not found, the identity provider is not honored.
 	// The namespace for this secret is openshift-config.
 	ClientSecret SecretNameReference `json:"clientSecret"`
 	// hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to
 	// +optional
 	HostedDomain string `json:"hostedDomain"`
 }
 // OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials
 type OpenIDIdentityProvider struct {
 	// clientID is the oauth client ID
 	ClientID string `json:"clientID"`
 	// clientSecret is a required reference to the secret by name containing the oauth client secret.
 	// The key "clientSecret" is used to locate the data.
 	// If the secret or expected key is not found, the identity provider is not honored.
 	// The namespace for this secret is openshift-config.
 	ClientSecret SecretNameReference `json:"clientSecret"`
 	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
 	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
 	// The key "ca.crt" is used to locate the data.
 	// If specified and the config map or expected key is not found, the identity provider is not honored.
 	// If the specified ca data is not valid, the identity provider is not honored.
 	// If empty, the default system roots are used.
 	// The namespace for this config map is openshift-config.
 	// +optional
 	CA ConfigMapNameReference `json:"ca"`
 	// extraScopes are any scopes to request in addition to the standard "openid" scope.
 	// +optional
 	ExtraScopes []string `json:"extraScopes,omitempty"`
 	// extraAuthorizeParameters are any custom parameters to add to the authorize request.
 	// +optional
 	ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters,omitempty"`
 	// issuer is the URL that the OpenID Provider asserts as its Issuer Identifier.
 	// It must use the https scheme with no query or fragment component.
 	Issuer string `json:"issuer"`
 	// claims mappings
 	Claims OpenIDClaims `json:"claims"`
 }
 // UserIDClaim is the claim used to provide a stable identifier for OIDC identities.
 // Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability
 //  "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can
 //   rely upon as a stable identifier for the End-User, since the sub Claim MUST be locally unique
 //   and never reassigned within the Issuer for a particular End-User, as described in Section 2.
 //   Therefore, the only guaranteed unique identifier for a given End-User is the combination of the
 //   iss Claim and the sub Claim."
 const UserIDClaim = "sub"
 // OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider
 type OpenIDClaims struct {
 	// preferredUsername is the list of claims whose values should be used as the preferred username.
 	// If unspecified, the preferred username is determined from the value of the sub claim
 	// +optional
 	PreferredUsername []string `json:"preferredUsername,omitempty"`
 	// name is the list of claims whose values should be used as the display name. Optional.
 	// If unspecified, no display name is set for the identity
 	// +optional
 	Name []string `json:"name,omitempty"`
 	// email is the list of claims whose values should be used as the email address. Optional.
 	// If unspecified, no email is set for the identity
 	// +optional
 	Email []string `json:"email,omitempty"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type OAuthList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []OAuth `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go
+++ b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go
@ -1,78 +0,0 @@
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 // OperatorHubSpec defines the desired state of OperatorHub
 type OperatorHubSpec struct {
 	// disableAllDefaultSources allows you to disable all the default hub
 	// sources. If this is true, a specific entry in sources can be used to
 	// enable a default source. If this is false, a specific entry in
 	// sources can be used to disable or enable a default source.
 	// +optional
 	DisableAllDefaultSources bool `json:"disableAllDefaultSources,omitempty"`
 	// sources is the list of default hub sources and their configuration.
 	// If the list is empty, it implies that the default hub sources are
 	// enabled on the cluster unless disableAllDefaultSources is true.
 	// If disableAllDefaultSources is true and sources is not empty,
 	// the configuration present in sources will take precedence. The list of
 	// default hub sources and their current state will always be reflected in
 	// the status block.
 	// +optional
 	Sources []HubSource `json:"sources,omitempty"`
 }
 // OperatorHubStatus defines the observed state of OperatorHub. The current
 // state of the default hub sources will always be reflected here.
 type OperatorHubStatus struct {
 	// sources encapsulates the result of applying the configuration for each
 	// hub source
 	Sources []HubSourceStatus `json:"sources,omitempty"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // OperatorHub is the Schema for the operatorhubs API. It can be used to change
 // the state of the default hub sources for OperatorHub on the cluster from
 // enabled to disabled and vice versa.
 // +kubebuilder:subresource:status
 // +genclient:nonNamespaced
 type OperatorHub struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata"`
 	Spec   OperatorHubSpec   `json:"spec"`
 	Status OperatorHubStatus `json:"status"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // OperatorHubList contains a list of OperatorHub
 type OperatorHubList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items           []OperatorHub `json:"items"`
 }
 // HubSource is used to specify the hub source and its configuration
 type HubSource struct {
 	// name is the name of one of the default hub sources
 	// +kubebuilder:validation:MaxLength=253
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:Required
 	Name string `json:"name"`
 	// disabled is used to disable a default hub source on cluster
 	// +kubebuilder:Required
 	Disabled bool `json:"disabled"`
 }
 // HubSourceStatus is used to reflect the current state of applying the
 // configuration to a default source
 type HubSourceStatus struct {
 	HubSource `json:",omitempty"`
 	// status indicates success or failure in applying the configuration
 	Status string `json:"status,omitempty"`
 	// message provides more information regarding failures
 	Message string `json:"message,omitempty"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_project.go
+++ b/vendor/github.com/openshift/api/config/v1/types_project.go
@ -1,54 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Project holds cluster-wide information about Project.  The canonical name is `cluster`
 type Project struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec ProjectSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status ProjectStatus `json:"status"`
 }
 // TemplateReference references a template in a specific namespace.
 // The namespace must be specified at the point of use.
 type TemplateReference struct {
 	// name is the metadata.name of the referenced project request template
 	Name string `json:"name"`
 }
 // ProjectSpec holds the project creation configuration.
 type ProjectSpec struct {
 	// projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint
 	// +optional
 	ProjectRequestMessage string `json:"projectRequestMessage"`
 	// projectRequestTemplate is the template to use for creating projects in response to projectrequest.
 	// This must point to a template in 'openshift-config' namespace. It is optional.
 	// If it is not specified, a default template is used.
 	//
 	// +optional
 	ProjectRequestTemplate TemplateReference `json:"projectRequestTemplate"`
 }
 type ProjectStatus struct {
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type ProjectList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Project `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_proxy.go
+++ b/vendor/github.com/openshift/api/config/v1/types_proxy.go
@ -1,90 +0,0 @@
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`
 type Proxy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// Spec holds user-settable values for the proxy configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec ProxySpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status ProxyStatus `json:"status"`
 }
 // ProxySpec contains cluster proxy creation configuration.
 type ProxySpec struct {
 	// httpProxy is the URL of the proxy for HTTP requests.  Empty means unset and will not result in an env var.
 	// +optional
 	HTTPProxy string `json:"httpProxy,omitempty"`
 	// httpsProxy is the URL of the proxy for HTTPS requests.  Empty means unset and will not result in an env var.
 	// +optional
 	HTTPSProxy string `json:"httpsProxy,omitempty"`
 	// noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
 	// Empty means unset and will not result in an env var.
 	// +optional
 	NoProxy string `json:"noProxy,omitempty"`
 	// readinessEndpoints is a list of endpoints used to verify readiness of the proxy.
 	// +optional
 	ReadinessEndpoints []string `json:"readinessEndpoints,omitempty"`
 	// trustedCA is a reference to a ConfigMap containing a CA certificate bundle used
 	// for client egress HTTPS connections. The certificate bundle must be from the CA
 	// that signed the proxy's certificate and be signed for everything. The trustedCA
 	// field should only be consumed by a proxy validator. The validator is responsible
 	// for reading the certificate bundle from required key "ca-bundle.crt" and copying
 	// it to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed"
 	// namespace. The namespace for the ConfigMap referenced by trustedCA is
 	// "openshift-config". Here is an example ConfigMap (in yaml):
 	//
 	// apiVersion: v1
 	// kind: ConfigMap
 	// metadata:
 	//  name: user-ca-bundle
 	//  namespace: openshift-config
 	//  data:
 	//    ca-bundle.crt: |
 	//      -----BEGIN CERTIFICATE-----
 	//      Custom CA certificate bundle.
 	//      -----END CERTIFICATE-----
 	//
 	// +optional
 	TrustedCA ConfigMapNameReference `json:"trustedCA,omitempty"`
 }
 // ProxyStatus shows current known state of the cluster proxy.
 type ProxyStatus struct {
 	// httpProxy is the URL of the proxy for HTTP requests.
 	// +optional
 	HTTPProxy string `json:"httpProxy,omitempty"`
 	// httpsProxy is the URL of the proxy for HTTPS requests.
 	// +optional
 	HTTPSProxy string `json:"httpsProxy,omitempty"`
 	// noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
 	// +optional
 	NoProxy string `json:"noProxy,omitempty"`
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type ProxyList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Proxy `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go
+++ b/vendor/github.com/openshift/api/config/v1/types_scheduling.go
@ -1,74 +0,0 @@
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Scheduler holds cluster-wide config information to run the Kubernetes Scheduler
 // and influence its placement decisions. The canonical name for this config is `cluster`.
 type Scheduler struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	// spec holds user settable values for configuration
 	// +kubebuilder:validation:Required
 	// +required
 	Spec SchedulerSpec `json:"spec"`
 	// status holds observed values from the cluster. They may not be overridden.
 	// +optional
 	Status SchedulerStatus `json:"status"`
 }
 type SchedulerSpec struct {
 	// policy is a reference to a ConfigMap containing scheduler policy which has
 	// user specified predicates and priorities. If this ConfigMap is not available
 	// scheduler will default to use DefaultAlgorithmProvider.
 	// The namespace for this configmap is openshift-config.
 	// +optional
 	Policy ConfigMapNameReference `json:"policy"`
 	// defaultNodeSelector helps set the cluster-wide default node selector to
 	// restrict pod placement to specific nodes. This is applied to the pods
 	// created in all namespaces without a specified nodeSelector value.
 	// For example,
 	// defaultNodeSelector: "type=user-node,region=east" would set nodeSelector
 	// field in pod spec to "type=user-node,region=east" to all pods created
 	// in all namespaces. Namespaces having project-wide node selectors won't be
 	// impacted even if this field is set. This adds an annotation section to
 	// the namespace.
 	// For example, if a new namespace is created with
 	// node-selector='type=user-node,region=east',
 	// the annotation openshift.io/node-selector: type=user-node,region=east
 	// gets added to the project. When the openshift.io/node-selector annotation
 	// is set on the project the value is used in preference to the value we are setting
 	// for defaultNodeSelector field.
 	// For instance,
 	// openshift.io/node-selector: "type=user-node,region=west" means
 	// that the default of "type=user-node,region=east" set in defaultNodeSelector
 	// would not be applied.
 	// +optional
 	DefaultNodeSelector string `json:"defaultNodeSelector,omitempty"`
 	// MastersSchedulable allows masters nodes to be schedulable. When this flag is
 	// turned on, all the master nodes in the cluster will be made schedulable,
 	// so that workload pods can run on them. The default value for this field is false,
 	// meaning none of the master nodes are schedulable.
 	// Important Note: Once the workload pods start running on the master nodes,
 	// extreme care must be taken to ensure that cluster-critical control plane components
 	// are not impacted.
 	// Please turn on this field after doing due diligence.
 	// +optional
 	MastersSchedulable bool `json:"mastersSchedulable"`
 }
 type SchedulerStatus struct {
 }
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type SchedulerList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata"`
 	Items []Scheduler `json:"items"`
 }
--- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go
+++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go
@ -1,260 +0,0 @@
 package v1
 // TLSSecurityProfile defines the schema for a TLS security profile. This object
 // is used by operators to apply TLS security settings to operands.
 // +union
 type TLSSecurityProfile struct {
 	// type is one of Old, Intermediate, Modern or Custom. Custom provides
 	// the ability to specify individual TLS security profile parameters.
 	// Old, Intermediate and Modern are TLS security profiles based on:
 	//
 	// https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
 	//
 	// The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
 	// are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be
 	// reduced.
 	//
 	// Note that the Modern profile is currently not supported because it is not
 	// yet well adopted by common software libraries.
 	//
 	// +unionDiscriminator
 	// +optional
 	Type TLSProfileType `json:"type"`
 	// old is a TLS security profile based on:
 	//
 	// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
 	//
 	// and looks like this (yaml):
 	//
 	//   ciphers:
 	//     - TLS_AES_128_GCM_SHA256
 	//     - TLS_AES_256_GCM_SHA384
 	//     - TLS_CHACHA20_POLY1305_SHA256
 	//     - ECDHE-ECDSA-AES128-GCM-SHA256
 	//     - ECDHE-RSA-AES128-GCM-SHA256
 	//     - ECDHE-ECDSA-AES256-GCM-SHA384
 	//     - ECDHE-RSA-AES256-GCM-SHA384
 	//     - ECDHE-ECDSA-CHACHA20-POLY1305
 	//     - ECDHE-RSA-CHACHA20-POLY1305
 	//     - DHE-RSA-AES128-GCM-SHA256
 	//     - DHE-RSA-AES256-GCM-SHA384
 	//     - DHE-RSA-CHACHA20-POLY1305
 	//     - ECDHE-ECDSA-AES128-SHA256
 	//     - ECDHE-RSA-AES128-SHA256
 	//     - ECDHE-ECDSA-AES128-SHA
 	//     - ECDHE-RSA-AES128-SHA
 	//     - ECDHE-ECDSA-AES256-SHA384
 	//     - ECDHE-RSA-AES256-SHA384
 	//     - ECDHE-ECDSA-AES256-SHA
 	//     - ECDHE-RSA-AES256-SHA
 	//     - DHE-RSA-AES128-SHA256
 	//     - DHE-RSA-AES256-SHA256
 	//     - AES128-GCM-SHA256
 	//     - AES256-GCM-SHA384
 	//     - AES128-SHA256
 	//     - AES256-SHA256
 	//     - AES128-SHA
 	//     - AES256-SHA
 	//     - DES-CBC3-SHA
 	//   minTLSVersion: TLSv1.0
 	//
 	// +optional
 	// +nullable
 	Old *OldTLSProfile `json:"old,omitempty"`
 	// intermediate is a TLS security profile based on:
 	//
 	// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
 	//
 	// and looks like this (yaml):
 	//
 	//   ciphers:
 	//     - TLS_AES_128_GCM_SHA256
 	//     - TLS_AES_256_GCM_SHA384
 	//     - TLS_CHACHA20_POLY1305_SHA256
 	//     - ECDHE-ECDSA-AES128-GCM-SHA256
 	//     - ECDHE-RSA-AES128-GCM-SHA256
 	//     - ECDHE-ECDSA-AES256-GCM-SHA384
 	//     - ECDHE-RSA-AES256-GCM-SHA384
 	//     - ECDHE-ECDSA-CHACHA20-POLY1305
 	//     - ECDHE-RSA-CHACHA20-POLY1305
 	//     - DHE-RSA-AES128-GCM-SHA256
 	//     - DHE-RSA-AES256-GCM-SHA384
 	//   minTLSVersion: TLSv1.2
 	//
 	// +optional
 	// +nullable
 	Intermediate *IntermediateTLSProfile `json:"intermediate,omitempty"`
 	// modern is a TLS security profile based on:
 	//
 	// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
 	//
 	// and looks like this (yaml):
 	//
 	//   ciphers:
 	//     - TLS_AES_128_GCM_SHA256
 	//     - TLS_AES_256_GCM_SHA384
 	//     - TLS_CHACHA20_POLY1305_SHA256
 	//   minTLSVersion: TLSv1.3
 	//
 	// NOTE: Currently unsupported.
 	//
 	// +optional
 	// +nullable
 	Modern *ModernTLSProfile `json:"modern,omitempty"`
 	// custom is a user-defined TLS security profile. Be extremely careful using a custom
 	// profile as invalid configurations can be catastrophic. An example custom profile
 	// looks like this:
 	//
 	//   ciphers:
 	//     - ECDHE-ECDSA-CHACHA20-POLY1305
 	//     - ECDHE-RSA-CHACHA20-POLY1305
 	//     - ECDHE-RSA-AES128-GCM-SHA256
 	//     - ECDHE-ECDSA-AES128-GCM-SHA256
 	//   minTLSVersion: TLSv1.1
 	//
 	// +optional
 	// +nullable
 	Custom *CustomTLSProfile `json:"custom,omitempty"`
 }
 // OldTLSProfile is a TLS security profile based on:
 // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
 type OldTLSProfile struct{}
 // IntermediateTLSProfile is a TLS security profile based on:
 // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
 type IntermediateTLSProfile struct{}
 // ModernTLSProfile is a TLS security profile based on:
 // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
 type ModernTLSProfile struct{}
 // CustomTLSProfile is a user-defined TLS security profile. Be extremely careful
 // using a custom TLS profile as invalid configurations can be catastrophic.
 type CustomTLSProfile struct {
 	TLSProfileSpec `json:",inline"`
 }
 // TLSProfileType defines a TLS security profile type.
 type TLSProfileType string
 const (
 	// Old is a TLS security profile based on:
 	// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
 	TLSProfileOldType TLSProfileType = "Old"
 	// Intermediate is a TLS security profile based on:
 	// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
 	TLSProfileIntermediateType TLSProfileType = "Intermediate"
 	// Modern is a TLS security profile based on:
 	// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
 	TLSProfileModernType TLSProfileType = "Modern"
 	// Custom is a TLS security profile that allows for user-defined parameters.
 	TLSProfileCustomType TLSProfileType = "Custom"
 )
 // TLSProfileSpec is the desired behavior of a TLSSecurityProfile.
 type TLSProfileSpec struct {
 	// ciphers is used to specify the cipher algorithms that are negotiated
 	// during the TLS handshake.  Operators may remove entries their operands
 	// do not support.  For example, to use DES-CBC3-SHA  (yaml):
 	//
 	//   ciphers:
 	//     - DES-CBC3-SHA
 	//
 	Ciphers []string `json:"ciphers"`
 	// minTLSVersion is used to specify the minimal version of the TLS protocol
 	// that is negotiated during the TLS handshake. For example, to use TLS
 	// versions 1.1, 1.2 and 1.3 (yaml):
 	//
 	//   minTLSVersion: TLSv1.1
 	//
 	// NOTE: currently the highest minTLSVersion allowed is VersionTLS12
 	//
 	MinTLSVersion TLSProtocolVersion `json:"minTLSVersion"`
 }
 // TLSProtocolVersion is a way to specify the protocol version used for TLS connections.
 // Protocol versions are based on the following most common TLS configurations:
 //
 //   https://ssl-config.mozilla.org/
 //
 // Note that SSLv3.0 is not a supported protocol version due to well known
 // vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
 type TLSProtocolVersion string
 const (
 	// VersionTLSv10 is version 1.0 of the TLS security protocol.
 	VersionTLS10 TLSProtocolVersion = "VersionTLS10"
 	// VersionTLSv11 is version 1.1 of the TLS security protocol.
 	VersionTLS11 TLSProtocolVersion = "VersionTLS11"
 	// VersionTLSv12 is version 1.2 of the TLS security protocol.
 	VersionTLS12 TLSProtocolVersion = "VersionTLS12"
 	// VersionTLSv13 is version 1.3 of the TLS security protocol.
 	VersionTLS13 TLSProtocolVersion = "VersionTLS13"
 )
 // TLSProfiles Contains a map of TLSProfileType names to TLSProfileSpec.
 //
 // NOTE: The caller needs to make sure to check that these constants are valid for their binary. Not all
 // entries map to values for all binaries.  In the case of ties, the kube-apiserver wins.  Do not fail,
 // just be sure to whitelist only and everything will be ok.
 var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{
 	TLSProfileOldType: {
 		Ciphers: []string{
 			"TLS_AES_128_GCM_SHA256",
 			"TLS_AES_256_GCM_SHA384",
 			"TLS_CHACHA20_POLY1305_SHA256",
 			"ECDHE-ECDSA-AES128-GCM-SHA256",
 			"ECDHE-RSA-AES128-GCM-SHA256",
 			"ECDHE-ECDSA-AES256-GCM-SHA384",
 			"ECDHE-RSA-AES256-GCM-SHA384",
 			"ECDHE-ECDSA-CHACHA20-POLY1305",
 			"ECDHE-RSA-CHACHA20-POLY1305",
 			"DHE-RSA-AES128-GCM-SHA256",
 			"DHE-RSA-AES256-GCM-SHA384",
 			"DHE-RSA-CHACHA20-POLY1305",
 			"ECDHE-ECDSA-AES128-SHA256",
 			"ECDHE-RSA-AES128-SHA256",
 			"ECDHE-ECDSA-AES128-SHA",
 			"ECDHE-RSA-AES128-SHA",
 			"ECDHE-ECDSA-AES256-SHA384",
 			"ECDHE-RSA-AES256-SHA384",
 			"ECDHE-ECDSA-AES256-SHA",
 			"ECDHE-RSA-AES256-SHA",
 			"DHE-RSA-AES128-SHA256",
 			"DHE-RSA-AES256-SHA256",
 			"AES128-GCM-SHA256",
 			"AES256-GCM-SHA384",
 			"AES128-SHA256",
 			"AES256-SHA256",
 			"AES128-SHA",
 			"AES256-SHA",
 			"DES-CBC3-SHA",
 		},
 		MinTLSVersion: VersionTLS10,
 	},
 	TLSProfileIntermediateType: {
 		Ciphers: []string{
 			"TLS_AES_128_GCM_SHA256",
 			"TLS_AES_256_GCM_SHA384",
 			"TLS_CHACHA20_POLY1305_SHA256",
 			"ECDHE-ECDSA-AES128-GCM-SHA256",
 			"ECDHE-RSA-AES128-GCM-SHA256",
 			"ECDHE-ECDSA-AES256-GCM-SHA384",
 			"ECDHE-RSA-AES256-GCM-SHA384",
 			"ECDHE-ECDSA-CHACHA20-POLY1305",
 			"ECDHE-RSA-CHACHA20-POLY1305",
 			"DHE-RSA-AES128-GCM-SHA256",
 			"DHE-RSA-AES256-GCM-SHA384",
 		},
 		MinTLSVersion: VersionTLS12,
 	},
 	TLSProfileModernType: {
 		Ciphers: []string{
 			"TLS_AES_128_GCM_SHA256",
 			"TLS_AES_256_GCM_SHA384",
 			"TLS_CHACHA20_POLY1305_SHA256",
 		},
 		MinTLSVersion: VersionTLS13,
 	},
 }
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -66,7 +66,7 @@ github.com/containernetworking/plugins/pkg/utils/hwaddr
 github.com/containernetworking/plugins/pkg/utils/sysctl
 github.com/containernetworking/plugins/plugins/ipam/host-local/backend
 github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator
-# github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9
+# github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224
 github.com/containers/buildah
 github.com/containers/buildah/bind
 github.com/containers/buildah/chroot
@ -425,8 +425,6 @@ github.com/opencontainers/runtime-tools/validate
 github.com/opencontainers/selinux/go-selinux
 github.com/opencontainers/selinux/go-selinux/label
 github.com/opencontainers/selinux/pkg/pwalk
 # github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316
 github.com/openshift/api/config/v1
 # github.com/openshift/imagebuilder v1.1.4
 github.com/openshift/imagebuilder
 github.com/openshift/imagebuilder/dockerfile/command
		`@ -0,0 +1,3 @@`
							`## Security and Disclosure Information Policy for the Buildah Project`

							`The Buildah Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the Containers Projects.`