diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/capi/cni/calico/manifests/calico.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/capi/cni/calico/manifests/calico.yaml
deleted file mode 100644
index 066b20b..0000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/capi/cni/calico/manifests/calico.yaml
+++ /dev/null
@@ -1,5143 +0,0 @@
----
-# Source: calico/templates/calico-kube-controllers.yaml
-# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict
-
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: calico-kube-controllers
-  namespace: kube-system
-  labels:
-    k8s-app: calico-kube-controllers
-spec:
-  maxUnavailable: 1
-  selector:
-    matchLabels:
-      k8s-app: calico-kube-controllers
----
-# Source: calico/templates/calico-kube-controllers.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: calico-kube-controllers
-  namespace: kube-system
----
-# Source: calico/templates/calico-node.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: calico-node
-  namespace: kube-system
----
-# Source: calico/templates/calico-node.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: calico-cni-plugin
-  namespace: kube-system
----
-# Source: calico/templates/calico-config.yaml
-# This ConfigMap is used to configure a self-hosted Calico installation.
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: calico-config
-  namespace: kube-system
-data:
-  # Typha is disabled.
-  typha_service_name: "none"
-  # Configure the backend to use.
-  calico_backend: "bird"
-
-  # Configure the MTU to use for workload interfaces and tunnels.
-  # By default, MTU is auto-detected, and explicitly setting this field should not be required.
-  # You can override auto-detection by providing a non-zero value.
-  veth_mtu: "0"
-
-  # The CNI network configuration to install on each node. The special
-  # values in this config will be automatically populated.
-  cni_network_config: |-
-    {
-      "name": "k8s-pod-network",
-      "cniVersion": "0.3.1",
-      "plugins": [
-        {
-          "type": "calico",
-          "log_level": "info",
-          "log_file_path": "/var/log/calico/cni/cni.log",
-          "datastore_type": "kubernetes",
-          "nodename": "__KUBERNETES_NODE_NAME__",
-          "mtu": __CNI_MTU__,
-          "ipam": {
-              "type": "calico-ipam"
-          },
-          "policy": {
-              "type": "k8s"
-          },
-          "kubernetes": {
-              "kubeconfig": "__KUBECONFIG_FILEPATH__"
-          }
-        },
-        {
-          "type": "portmap",
-          "snat": true,
-          "capabilities": {"portMappings": true}
-        },
-        {
-          "type": "bandwidth",
-          "capabilities": {"bandwidth": true}
-        }
-      ]
-    }
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: bgpconfigurations.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: BGPConfiguration
-    listKind: BGPConfigurationList
-    plural: bgpconfigurations
-    singular: bgpconfiguration
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: BGPConfiguration contains the configuration for any BGP routing.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: BGPConfigurationSpec contains the values of the BGP configuration.
-            properties:
-              asNumber:
-                description: 'ASNumber is the default AS number used by a node. [Default:
-                  64512]'
-                format: int32
-                type: integer
-              bindMode:
-                description: BindMode indicates whether to listen for BGP connections
-                  on all addresses (None) or only on the node's canonical IP address
-                  Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen
-                  for BGP connections on all addresses.
-                type: string
-              communities:
-                description: Communities is a list of BGP community values and their
-                  arbitrary names for tagging routes.
-                items:
-                  description: Community contains standard or large community value
-                    and its name.
-                  properties:
-                    name:
-                      description: Name given to community value.
-                      type: string
-                    value:
-                      description: Value must be of format `aa:nn` or `aa:nn:mm`.
-                        For standard community use `aa:nn` format, where `aa` and
-                        `nn` are 16 bit number. For large community use `aa:nn:mm`
-                        format, where `aa`, `nn` and `mm` are 32 bit number. Where,
-                        `aa` is an AS Number, `nn` and `mm` are per-AS identifier.
-                      pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$
-                      type: string
-                  type: object
-                type: array
-              ignoredInterfaces:
-                description: IgnoredInterfaces indicates the network interfaces that
-                  needs to be excluded when reading device routes.
-                items:
-                  type: string
-                type: array
-              listenPort:
-                description: ListenPort is the port where BGP protocol should listen.
-                  Defaults to 179
-                maximum: 65535
-                minimum: 1
-                type: integer
-              logSeverityScreen:
-                description: 'LogSeverityScreen is the log severity above which logs
-                  are sent to the stdout. [Default: INFO]'
-                type: string
-              nodeMeshMaxRestartTime:
-                description: Time to allow for software restart for node-to-mesh peerings.  When
-                  specified, this is configured as the graceful restart timeout.  When
-                  not specified, the BIRD default of 120s is used. This field can
-                  only be set on the default BGPConfiguration instance and requires
-                  that NodeMesh is enabled
-                type: string
-              nodeMeshPassword:
-                description: Optional BGP password for full node-to-mesh peerings.
-                  This field can only be set on the default BGPConfiguration instance
-                  and requires that NodeMesh is enabled
-                properties:
-                  secretKeyRef:
-                    description: Selects a key of a secret in the node pod's namespace.
-                    properties:
-                      key:
-                        description: The key of the secret to select from.  Must be
-                          a valid secret key.
-                        type: string
-                      name:
-                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                          TODO: Add other useful fields. apiVersion, kind, uid?'
-                        type: string
-                      optional:
-                        description: Specify whether the Secret or its key must be
-                          defined
-                        type: boolean
-                    required:
-                    - key
-                    type: object
-                type: object
-              nodeToNodeMeshEnabled:
-                description: 'NodeToNodeMeshEnabled sets whether full node to node
-                  BGP mesh is enabled. [Default: true]'
-                type: boolean
-              prefixAdvertisements:
-                description: PrefixAdvertisements contains per-prefix advertisement
-                  configuration.
-                items:
-                  description: PrefixAdvertisement configures advertisement properties
-                    for the specified CIDR.
-                  properties:
-                    cidr:
-                      description: CIDR for which properties should be advertised.
-                      type: string
-                    communities:
-                      description: Communities can be list of either community names
-                        already defined in `Specs.Communities` or community value
-                        of format `aa:nn` or `aa:nn:mm`. For standard community use
-                        `aa:nn` format, where `aa` and `nn` are 16 bit number. For
-                        large community use `aa:nn:mm` format, where `aa`, `nn` and
-                        `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and
-                        `mm` are per-AS identifier.
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-              serviceClusterIPs:
-                description: ServiceClusterIPs are the CIDR blocks from which service
-                  cluster IPs are allocated. If specified, Calico will advertise these
-                  blocks, as well as any cluster IPs within them.
-                items:
-                  description: ServiceClusterIPBlock represents a single allowed ClusterIP
-                    CIDR block.
-                  properties:
-                    cidr:
-                      type: string
-                  type: object
-                type: array
-              serviceExternalIPs:
-                description: ServiceExternalIPs are the CIDR blocks for Kubernetes
-                  Service External IPs. Kubernetes Service ExternalIPs will only be
-                  advertised if they are within one of these blocks.
-                items:
-                  description: ServiceExternalIPBlock represents a single allowed
-                    External IP CIDR block.
-                  properties:
-                    cidr:
-                      type: string
-                  type: object
-                type: array
-              serviceLoadBalancerIPs:
-                description: ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes
-                  Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress
-                  IPs will only be advertised if they are within one of these blocks.
-                items:
-                  description: ServiceLoadBalancerIPBlock represents a single allowed
-                    LoadBalancer IP CIDR block.
-                  properties:
-                    cidr:
-                      type: string
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: bgpfilters.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: BGPFilter
-    listKind: BGPFilterList
-    plural: bgpfilters
-    singular: bgpfilter
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: BGPFilterSpec contains the IPv4 and IPv6 filter rules of
-              the BGP Filter.
-            properties:
-              exportV4:
-                description: The ordered set of IPv4 BGPFilter rules acting on exporting
-                  routes to a peer.
-                items:
-                  description: BGPFilterRuleV4 defines a BGP filter rule consisting
-                    a single IPv4 CIDR block and a filter action for this CIDR.
-                  properties:
-                    action:
-                      type: string
-                    cidr:
-                      type: string
-                    interface:
-                      type: string
-                    matchOperator:
-                      type: string
-                    source:
-                      type: string
-                  required:
-                  - action
-                  type: object
-                type: array
-              exportV6:
-                description: The ordered set of IPv6 BGPFilter rules acting on exporting
-                  routes to a peer.
-                items:
-                  description: BGPFilterRuleV6 defines a BGP filter rule consisting
-                    a single IPv6 CIDR block and a filter action for this CIDR.
-                  properties:
-                    action:
-                      type: string
-                    cidr:
-                      type: string
-                    interface:
-                      type: string
-                    matchOperator:
-                      type: string
-                    source:
-                      type: string
-                  required:
-                  - action
-                  type: object
-                type: array
-              importV4:
-                description: The ordered set of IPv4 BGPFilter rules acting on importing
-                  routes from a peer.
-                items:
-                  description: BGPFilterRuleV4 defines a BGP filter rule consisting
-                    a single IPv4 CIDR block and a filter action for this CIDR.
-                  properties:
-                    action:
-                      type: string
-                    cidr:
-                      type: string
-                    interface:
-                      type: string
-                    matchOperator:
-                      type: string
-                    source:
-                      type: string
-                  required:
-                  - action
-                  type: object
-                type: array
-              importV6:
-                description: The ordered set of IPv6 BGPFilter rules acting on importing
-                  routes from a peer.
-                items:
-                  description: BGPFilterRuleV6 defines a BGP filter rule consisting
-                    a single IPv6 CIDR block and a filter action for this CIDR.
-                  properties:
-                    action:
-                      type: string
-                    cidr:
-                      type: string
-                    interface:
-                      type: string
-                    matchOperator:
-                      type: string
-                    source:
-                      type: string
-                  required:
-                  - action
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: bgppeers.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: BGPPeer
-    listKind: BGPPeerList
-    plural: bgppeers
-    singular: bgppeer
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: BGPPeerSpec contains the specification for a BGPPeer resource.
-            properties:
-              asNumber:
-                description: The AS Number of the peer.
-                format: int32
-                type: integer
-              filters:
-                description: The ordered set of BGPFilters applied on this BGP peer.
-                items:
-                  type: string
-                type: array
-              keepOriginalNextHop:
-                description: Option to keep the original nexthop field when routes
-                  are sent to a BGP Peer. Setting "true" configures the selected BGP
-                  Peers node to use the "next hop keep;" instead of "next hop self;"(default)
-                  in the specific branch of the Node on "bird.cfg".
-                type: boolean
-              maxRestartTime:
-                description: Time to allow for software restart.  When specified,
-                  this is configured as the graceful restart timeout.  When not specified,
-                  the BIRD default of 120s is used.
-                type: string
-              node:
-                description: The node name identifying the Calico node instance that
-                  is targeted by this peer. If this is not set, and no nodeSelector
-                  is specified, then this BGP peer selects all nodes in the cluster.
-                type: string
-              nodeSelector:
-                description: Selector for the nodes that should have this peering.  When
-                  this is set, the Node field must be empty.
-                type: string
-              numAllowedLocalASNumbers:
-                description: Maximum number of local AS numbers that are allowed in
-                  the AS path for received routes. This removes BGP loop prevention
-                  and should only be used if absolutely necessary.
-                format: int32
-                type: integer
-              password:
-                description: Optional BGP password for the peerings generated by this
-                  BGPPeer resource.
-                properties:
-                  secretKeyRef:
-                    description: Selects a key of a secret in the node pod's namespace.
-                    properties:
-                      key:
-                        description: The key of the secret to select from.  Must be
-                          a valid secret key.
-                        type: string
-                      name:
-                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                          TODO: Add other useful fields. apiVersion, kind, uid?'
-                        type: string
-                      optional:
-                        description: Specify whether the Secret or its key must be
-                          defined
-                        type: boolean
-                    required:
-                    - key
-                    type: object
-                type: object
-              peerIP:
-                description: The IP address of the peer followed by an optional port
-                  number to peer with. If port number is given, format should be `[<IPv6>]:port`
-                  or `<IPv4>:<port>` for IPv4. If optional port number is not set,
-                  and this peer IP and ASNumber belongs to a calico/node with ListenPort
-                  set in BGPConfiguration, then we use that port to peer.
-                type: string
-              peerSelector:
-                description: Selector for the remote nodes to peer with.  When this
-                  is set, the PeerIP and ASNumber fields must be empty.  For each
-                  peering between the local node and selected remote nodes, we configure
-                  an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified,
-                  and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified.  The
-                  remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
-                  or the global default if that is not set.
-                type: string
-              reachableBy:
-                description: Add an exact, i.e. /32, static route toward peer IP in
-                  order to prevent route flapping. ReachableBy contains the address
-                  of the gateway which peer can be reached by.
-                type: string
-              sourceAddress:
-                description: Specifies whether and how to configure a source address
-                  for the peerings generated by this BGPPeer resource.  Default value
-                  "UseNodeIP" means to configure the node IP as the source address.  "None"
-                  means not to configure a source address.
-                type: string
-              ttlSecurity:
-                description: TTLSecurity enables the generalized TTL security mechanism
-                  (GTSM) which protects against spoofed packets by ignoring received
-                  packets with a smaller than expected TTL value. The provided value
-                  is the number of hops (edges) between the peers.
-                type: integer
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: blockaffinities.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: BlockAffinity
-    listKind: BlockAffinityList
-    plural: blockaffinities
-    singular: blockaffinity
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: BlockAffinitySpec contains the specification for a BlockAffinity
-              resource.
-            properties:
-              cidr:
-                type: string
-              deleted:
-                description: Deleted indicates that this block affinity is being deleted.
-                  This field is a string for compatibility with older releases that
-                  mistakenly treat this field as a string.
-                type: string
-              node:
-                type: string
-              state:
-                type: string
-            required:
-            - cidr
-            - deleted
-            - node
-            - state
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: caliconodestatuses.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: CalicoNodeStatus
-    listKind: CalicoNodeStatusList
-    plural: caliconodestatuses
-    singular: caliconodestatus
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus
-              resource.
-            properties:
-              classes:
-                description: Classes declares the types of information to monitor
-                  for this calico/node, and allows for selective status reporting
-                  about certain subsets of information.
-                items:
-                  type: string
-                type: array
-              node:
-                description: The node name identifies the Calico node instance for
-                  node status.
-                type: string
-              updatePeriodSeconds:
-                description: UpdatePeriodSeconds is the period at which CalicoNodeStatus
-                  should be updated. Set to 0 to disable CalicoNodeStatus refresh.
-                  Maximum update period is one day.
-                format: int32
-                type: integer
-            type: object
-          status:
-            description: CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus.
-              No validation needed for status since it is updated by Calico.
-            properties:
-              agent:
-                description: Agent holds agent status on the node.
-                properties:
-                  birdV4:
-                    description: BIRDV4 represents the latest observed status of bird4.
-                    properties:
-                      lastBootTime:
-                        description: LastBootTime holds the value of lastBootTime
-                          from bird.ctl output.
-                        type: string
-                      lastReconfigurationTime:
-                        description: LastReconfigurationTime holds the value of lastReconfigTime
-                          from bird.ctl output.
-                        type: string
-                      routerID:
-                        description: Router ID used by bird.
-                        type: string
-                      state:
-                        description: The state of the BGP Daemon.
-                        type: string
-                      version:
-                        description: Version of the BGP daemon
-                        type: string
-                    type: object
-                  birdV6:
-                    description: BIRDV6 represents the latest observed status of bird6.
-                    properties:
-                      lastBootTime:
-                        description: LastBootTime holds the value of lastBootTime
-                          from bird.ctl output.
-                        type: string
-                      lastReconfigurationTime:
-                        description: LastReconfigurationTime holds the value of lastReconfigTime
-                          from bird.ctl output.
-                        type: string
-                      routerID:
-                        description: Router ID used by bird.
-                        type: string
-                      state:
-                        description: The state of the BGP Daemon.
-                        type: string
-                      version:
-                        description: Version of the BGP daemon
-                        type: string
-                    type: object
-                type: object
-              bgp:
-                description: BGP holds node BGP status.
-                properties:
-                  numberEstablishedV4:
-                    description: The total number of IPv4 established bgp sessions.
-                    type: integer
-                  numberEstablishedV6:
-                    description: The total number of IPv6 established bgp sessions.
-                    type: integer
-                  numberNotEstablishedV4:
-                    description: The total number of IPv4 non-established bgp sessions.
-                    type: integer
-                  numberNotEstablishedV6:
-                    description: The total number of IPv6 non-established bgp sessions.
-                    type: integer
-                  peersV4:
-                    description: PeersV4 represents IPv4 BGP peers status on the node.
-                    items:
-                      description: CalicoNodePeer contains the status of BGP peers
-                        on the node.
-                      properties:
-                        peerIP:
-                          description: IP address of the peer whose condition we are
-                            reporting.
-                          type: string
-                        since:
-                          description: Since the state or reason last changed.
-                          type: string
-                        state:
-                          description: State is the BGP session state.
-                          type: string
-                        type:
-                          description: Type indicates whether this peer is configured
-                            via the node-to-node mesh, or via en explicit global or
-                            per-node BGPPeer object.
-                          type: string
-                      type: object
-                    type: array
-                  peersV6:
-                    description: PeersV6 represents IPv6 BGP peers status on the node.
-                    items:
-                      description: CalicoNodePeer contains the status of BGP peers
-                        on the node.
-                      properties:
-                        peerIP:
-                          description: IP address of the peer whose condition we are
-                            reporting.
-                          type: string
-                        since:
-                          description: Since the state or reason last changed.
-                          type: string
-                        state:
-                          description: State is the BGP session state.
-                          type: string
-                        type:
-                          description: Type indicates whether this peer is configured
-                            via the node-to-node mesh, or via en explicit global or
-                            per-node BGPPeer object.
-                          type: string
-                      type: object
-                    type: array
-                required:
-                - numberEstablishedV4
-                - numberEstablishedV6
-                - numberNotEstablishedV4
-                - numberNotEstablishedV6
-                type: object
-              lastUpdated:
-                description: LastUpdated is a timestamp representing the server time
-                  when CalicoNodeStatus object last updated. It is represented in
-                  RFC3339 form and is in UTC.
-                format: date-time
-                nullable: true
-                type: string
-              routes:
-                description: Routes reports routes known to the Calico BGP daemon
-                  on the node.
-                properties:
-                  routesV4:
-                    description: RoutesV4 represents IPv4 routes on the node.
-                    items:
-                      description: CalicoNodeRoute contains the status of BGP routes
-                        on the node.
-                      properties:
-                        destination:
-                          description: Destination of the route.
-                          type: string
-                        gateway:
-                          description: Gateway for the destination.
-                          type: string
-                        interface:
-                          description: Interface for the destination
-                          type: string
-                        learnedFrom:
-                          description: LearnedFrom contains information regarding
-                            where this route originated.
-                          properties:
-                            peerIP:
-                              description: If sourceType is NodeMesh or BGPPeer, IP
-                                address of the router that sent us this route.
-                              type: string
-                            sourceType:
-                              description: Type of the source where a route is learned
-                                from.
-                              type: string
-                          type: object
-                        type:
-                          description: Type indicates if the route is being used for
-                            forwarding or not.
-                          type: string
-                      type: object
-                    type: array
-                  routesV6:
-                    description: RoutesV6 represents IPv6 routes on the node.
-                    items:
-                      description: CalicoNodeRoute contains the status of BGP routes
-                        on the node.
-                      properties:
-                        destination:
-                          description: Destination of the route.
-                          type: string
-                        gateway:
-                          description: Gateway for the destination.
-                          type: string
-                        interface:
-                          description: Interface for the destination
-                          type: string
-                        learnedFrom:
-                          description: LearnedFrom contains information regarding
-                            where this route originated.
-                          properties:
-                            peerIP:
-                              description: If sourceType is NodeMesh or BGPPeer, IP
-                                address of the router that sent us this route.
-                              type: string
-                            sourceType:
-                              description: Type of the source where a route is learned
-                                from.
-                              type: string
-                          type: object
-                        type:
-                          description: Type indicates if the route is being used for
-                            forwarding or not.
-                          type: string
-                      type: object
-                    type: array
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterinformations.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: ClusterInformation
-    listKind: ClusterInformationList
-    plural: clusterinformations
-    singular: clusterinformation
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: ClusterInformation contains the cluster specific information.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterInformationSpec contains the values of describing
-              the cluster.
-            properties:
-              calicoVersion:
-                description: CalicoVersion is the version of Calico that the cluster
-                  is running
-                type: string
-              clusterGUID:
-                description: ClusterGUID is the GUID of the cluster
-                type: string
-              clusterType:
-                description: ClusterType describes the type of the cluster
-                type: string
-              datastoreReady:
-                description: DatastoreReady is used during significant datastore migrations
-                  to signal to components such as Felix that it should wait before
-                  accessing the datastore.
-                type: boolean
-              variant:
-                description: Variant declares which variant of Calico should be active.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: felixconfigurations.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: FelixConfiguration
-    listKind: FelixConfigurationList
-    plural: felixconfigurations
-    singular: felixconfiguration
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: Felix Configuration contains the configuration for Felix.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: FelixConfigurationSpec contains the values of the Felix configuration.
-            properties:
-              allowIPIPPacketsFromWorkloads:
-                description: 'AllowIPIPPacketsFromWorkloads controls whether Felix
-                  will add a rule to drop IPIP encapsulated traffic from workloads
-                  [Default: false]'
-                type: boolean
-              allowVXLANPacketsFromWorkloads:
-                description: 'AllowVXLANPacketsFromWorkloads controls whether Felix
-                  will add a rule to drop VXLAN encapsulated traffic from workloads
-                  [Default: false]'
-                type: boolean
-              awsSrcDstCheck:
-                description: 'Set source-destination-check on AWS EC2 instances. Accepted
-                  value must be one of "DoNothing", "Enable" or "Disable". [Default:
-                  DoNothing]'
-                enum:
-                - DoNothing
-                - Enable
-                - Disable
-                type: string
-              bpfCTLBLogFilter:
-                description: 'BPFCTLBLogFilter specifies, what is logged by connect
-                  time load balancer when BPFLogLevel is debug. Currently has to be
-                  specified as ''all'' when BPFLogFilters is set to see CTLB logs.
-                  [Default: unset - means logs are emitted when BPFLogLevel id debug
-                  and BPFLogFilters not set.]'
-                type: string
-              bpfConnectTimeLoadBalancing:
-                description: 'BPFConnectTimeLoadBalancing when in BPF mode, controls
-                  whether Felix installs the connect-time load balancer. The connect-time
-                  load balancer is required for the host to be able to reach Kubernetes
-                  services and it improves the performance of pod-to-service connections.When
-                  set to TCP, connect time load balancing is available only for services
-                  with TCP ports. [Default: TCP]'
-                enum:
-                - TCP
-                - Enabled
-                - Disabled
-                type: string
-              bpfConnectTimeLoadBalancingEnabled:
-                description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode,
-                  controls whether Felix installs the connection-time load balancer.  The
-                  connect-time load balancer is required for the host to be able to
-                  reach Kubernetes services and it improves the performance of pod-to-service
-                  connections.  The only reason to disable it is for debugging purposes.
-                  This will be deprecated. Use BPFConnectTimeLoadBalancing [Default:
-                  true]'
-                type: boolean
-              bpfDSROptoutCIDRs:
-                description: BPFDSROptoutCIDRs is a list of CIDRs which are excluded
-                  from DSR. That is, clients in those CIDRs will accesses nodeports
-                  as if BPFExternalServiceMode was set to Tunnel.
-                items:
-                  type: string
-                type: array
-              bpfDataIfacePattern:
-                description: BPFDataIfacePattern is a regular expression that controls
-                  which interfaces Felix should attach BPF programs to in order to
-                  catch traffic to/from the network.  This needs to match the interfaces
-                  that Calico workload traffic flows over as well as any interfaces
-                  that handle incoming traffic to nodeports and services from outside
-                  the cluster.  It should not match the workload interfaces (usually
-                  named cali...).
-                type: string
-              bpfDisableGROForIfaces:
-                description: BPFDisableGROForIfaces is a regular expression that controls
-                  which interfaces Felix should disable the Generic Receive Offload
-                  [GRO] option.  It should not match the workload interfaces (usually
-                  named cali...).
-                type: string
-              bpfDisableUnprivileged:
-                description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled
-                  sysctl to disable unprivileged use of BPF.  This ensures that unprivileged
-                  users cannot access Calico''s BPF maps and cannot insert their own
-                  BPF programs to interfere with Calico''s. [Default: true]'
-                type: boolean
-              bpfEnabled:
-                description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
-                  [Default: false]'
-                type: boolean
-              bpfEnforceRPF:
-                description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
-                  with BPF programs regardless of what is the per-interfaces or global
-                  setting. Possible values are Disabled, Strict or Loose. [Default:
-                  Loose]'
-                pattern: ^(?i)(Disabled|Strict|Loose)?$
-                type: string
-              bpfExcludeCIDRsFromNAT:
-                description: BPFExcludeCIDRsFromNAT is a list of CIDRs that are to
-                  be excluded from NAT resolution so that host can handle them. A
-                  typical usecase is node local DNS cache.
-                items:
-                  type: string
-                type: array
-              bpfExtToServiceConnmark:
-                description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
-                  mark that is set on connections from an external client to a local
-                  service. This mark allows us to control how packets of that connection
-                  are routed within the host and how is routing interpreted by RPF
-                  check. [Default: 0]'
-                type: integer
-              bpfExternalServiceMode:
-                description: 'BPFExternalServiceMode in BPF mode, controls how connections
-                  from outside the cluster to services (node ports and cluster IPs)
-                  are forwarded to remote workloads.  If set to "Tunnel" then both
-                  request and response traffic is tunneled to the remote node.  If
-                  set to "DSR", the request traffic is tunneled but the response traffic
-                  is sent directly from the remote node.  In "DSR" mode, the remote
-                  node appears to use the IP of the ingress node; this requires a
-                  permissive L2 network.  [Default: Tunnel]'
-                pattern: ^(?i)(Tunnel|DSR)?$
-                type: string
-              bpfForceTrackPacketsFromIfaces:
-                description: 'BPFForceTrackPacketsFromIfaces in BPF mode, forces traffic
-                  from these interfaces to skip Calico''s iptables NOTRACK rule, allowing
-                  traffic from those interfaces to be tracked by Linux conntrack.  Should
-                  only be used for interfaces that are not used for the Calico fabric.  For
-                  example, a docker bridge device for non-Calico-networked containers.
-                  [Default: docker+]'
-                items:
-                  type: string
-                type: array
-              bpfHostConntrackBypass:
-                description: 'BPFHostConntrackBypass Controls whether to bypass Linux
-                  conntrack in BPF mode for workloads and services. [Default: true
-                  - bypass Linux conntrack]'
-                type: boolean
-              bpfHostNetworkedNATWithoutCTLB:
-                description: 'BPFHostNetworkedNATWithoutCTLB when in BPF mode, controls
-                  whether Felix does a NAT without CTLB. This along with BPFConnectTimeLoadBalancing
-                  determines the CTLB behavior. [Default: Enabled]'
-                enum:
-                - Enabled
-                - Disabled
-                type: string
-              bpfKubeProxyEndpointSlicesEnabled:
-                description: BPFKubeProxyEndpointSlicesEnabled is deprecated and has
-                  no effect. BPF kube-proxy always accepts endpoint slices. This option
-                  will be removed in the next release.
-                type: boolean
-              bpfKubeProxyIptablesCleanupEnabled:
-                description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF
-                  mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s
-                  iptables chains.  Should only be enabled if kube-proxy is not running.  [Default:
-                  true]'
-                type: boolean
-              bpfKubeProxyMinSyncPeriod:
-                description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the
-                  minimum time between updates to the dataplane for Felix''s embedded
-                  kube-proxy.  Lower values give reduced set-up latency.  Higher values
-                  reduce Felix CPU usage by batching up more work.  [Default: 1s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              bpfL3IfacePattern:
-                description: BPFL3IfacePattern is a regular expression that allows
-                  to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
-                  in addition to BPFDataIfacePattern. That is, tunnel interfaces not
-                  created by Calico, that Calico workload traffic flows over as well
-                  as any interfaces that handle incoming traffic to nodeports and
-                  services from outside the cluster.
-                type: string
-              bpfLogFilters:
-                additionalProperties:
-                  type: string
-                description: "BPFLogFilters is a map of key=values where the value
-                  is a pcap filter expression and the key is an interface name with
-                  'all' denoting all interfaces, 'weps' all workload endpoints and
-                  'heps' all host endpoints. \n When specified as an env var, it accepts
-                  a comma-separated list of key=values. [Default: unset - means all
-                  debug logs are emitted]"
-                type: object
-              bpfLogLevel:
-                description: 'BPFLogLevel controls the log level of the BPF programs
-                  when in BPF dataplane mode.  One of "Off", "Info", or "Debug".  The
-                  logs are emitted to the BPF trace pipe, accessible with the command
-                  `tc exec bpf debug`. [Default: Off].'
-                pattern: ^(?i)(Off|Info|Debug)?$
-                type: string
-              bpfMapSizeConntrack:
-                description: 'BPFMapSizeConntrack sets the size for the conntrack
-                  map.  This map must be large enough to hold an entry for each active
-                  connection.  Warning: changing the size of the conntrack map can
-                  cause disruption.'
-                type: integer
-              bpfMapSizeIPSets:
-                description: BPFMapSizeIPSets sets the size for ipsets map.  The IP
-                  sets map must be large enough to hold an entry for each endpoint
-                  matched by every selector in the source/destination matches in network
-                  policy.  Selectors such as "all()" can result in large numbers of
-                  entries (one entry per endpoint in that case).
-                type: integer
-              bpfMapSizeIfState:
-                description: BPFMapSizeIfState sets the size for ifstate map.  The
-                  ifstate map must be large enough to hold an entry for each device
-                  (host + workloads) on a host.
-                type: integer
-              bpfMapSizeNATAffinity:
-                type: integer
-              bpfMapSizeNATBackend:
-                description: BPFMapSizeNATBackend sets the size for nat back end map.
-                  This is the total number of endpoints. This is mostly more than
-                  the size of the number of services.
-                type: integer
-              bpfMapSizeNATFrontend:
-                description: BPFMapSizeNATFrontend sets the size for nat front end
-                  map. FrontendMap should be large enough to hold an entry for each
-                  nodeport, external IP and each port in each service.
-                type: integer
-              bpfMapSizeRoute:
-                description: BPFMapSizeRoute sets the size for the routes map.  The
-                  routes map should be large enough to hold one entry per workload
-                  and a handful of entries per host (enough to cover its own IPs and
-                  tunnel IPs).
-                type: integer
-              bpfPSNATPorts:
-                anyOf:
-                - type: integer
-                - type: string
-                description: 'BPFPSNATPorts sets the range from which we randomly
-                  pick a port if there is a source port collision. This should be
-                  within the ephemeral range as defined by RFC 6056 (1024–65535) and
-                  preferably outside the  ephemeral ranges used by common operating
-                  systems. Linux uses 32768–60999, while others mostly use the IANA
-                  defined range 49152–65535. It is not necessarily a problem if this
-                  range overlaps with the operating systems. Both ends of the range
-                  are inclusive. [Default: 20000:29999]'
-                pattern: ^.*
-                x-kubernetes-int-or-string: true
-              bpfPolicyDebugEnabled:
-                description: BPFPolicyDebugEnabled when true, Felix records detailed
-                  information about the BPF policy programs, which can be examined
-                  with the calico-bpf command-line tool.
-                type: boolean
-              chainInsertMode:
-                description: 'ChainInsertMode controls whether Felix hooks the kernel''s
-                  top-level iptables chains by inserting a rule at the top of the
-                  chain or by appending a rule at the bottom. insert is the safe default
-                  since it prevents Calico''s rules from being bypassed. If you switch
-                  to append mode, be sure that the other rules in the chains signal
-                  acceptance by falling through to the Calico rules, otherwise the
-                  Calico policy will be bypassed. [Default: insert]'
-                pattern: ^(?i)(insert|append)?$
-                type: string
-              dataplaneDriver:
-                description: DataplaneDriver filename of the external dataplane driver
-                  to use.  Only used if UseInternalDataplaneDriver is set to false.
-                type: string
-              dataplaneWatchdogTimeout:
-                description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
-                  used for Felix's (internal) dataplane driver. Increase this value
-                  if you experience spurious non-ready or non-live events when Felix
-                  is under heavy load. Decrease the value to get felix to report non-live
-                  or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
-                  by the generic HealthTimeoutOverrides."
-                type: string
-              debugDisableLogDropping:
-                type: boolean
-              debugHost:
-                description: DebugHost is the host IP or hostname to bind the debug
-                  port to.  Only used if DebugPort is set. [Default:localhost]
-                type: string
-              debugMemoryProfilePath:
-                type: string
-              debugPort:
-                description: DebugPort if set, enables Felix's debug HTTP port, which
-                  allows memory and CPU profiles to be retrieved.  The debug port
-                  is not secure, it should not be exposed to the internet.
-                type: integer
-              debugSimulateCalcGraphHangAfter:
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              debugSimulateDataplaneApplyDelay:
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              debugSimulateDataplaneHangAfter:
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              defaultEndpointToHostAction:
-                description: 'DefaultEndpointToHostAction controls what happens to
-                  traffic that goes from a workload endpoint to the host itself (after
-                  the traffic hits the endpoint egress policy). By default Calico
-                  blocks traffic from workload endpoints to the host itself with an
-                  iptables "DROP" action. If you want to allow some or all traffic
-                  from endpoint to host, set this parameter to RETURN or ACCEPT. Use
-                  RETURN if you have your own rules in the iptables "INPUT" chain;
-                  Calico will insert its rules at the top of that chain, then "RETURN"
-                  packets to the "INPUT" chain once it has completed processing workload
-                  endpoint egress policy. Use ACCEPT to unconditionally accept packets
-                  from workloads after processing workload endpoint egress policy.
-                  [Default: Drop]'
-                pattern: ^(?i)(Drop|Accept|Return)?$
-                type: string
-              deviceRouteProtocol:
-                description: This defines the route protocol added to programmed device
-                  routes, by default this will be RTPROT_BOOT when left blank.
-                type: integer
-              deviceRouteSourceAddress:
-                description: This is the IPv4 source address to use on programmed
-                  device routes. By default the source address is left blank, leaving
-                  the kernel to choose the source address used.
-                type: string
-              deviceRouteSourceAddressIPv6:
-                description: This is the IPv6 source address to use on programmed
-                  device routes. By default the source address is left blank, leaving
-                  the kernel to choose the source address used.
-                type: string
-              disableConntrackInvalidCheck:
-                type: boolean
-              endpointReportingDelay:
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              endpointReportingEnabled:
-                type: boolean
-              endpointStatusPathPrefix:
-                description: "EndpointStatusPathPrefix is the path to the directory
-                  where endpoint status will be written. Endpoint status file reporting
-                  is disabled if field is left empty. \n Chosen directory should match
-                  the directory used by the CNI for PodStartupDelay. [Default: \"\"]"
-                type: string
-              externalNodesList:
-                description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes
-                  which may source tunnel traffic and have the tunneled traffic be
-                  accepted at calico nodes.
-                items:
-                  type: string
-                type: array
-              failsafeInboundHostPorts:
-                description: 'FailsafeInboundHostPorts is a list of UDP/TCP ports
-                  and CIDRs that Felix will allow incoming traffic to host endpoints
-                  on irrespective of the security policy. This is useful to avoid
-                  accidentally cutting off a host with incorrect configuration. For
-                  back-compatibility, if the protocol is not specified, it defaults
-                  to "tcp". If a CIDR is not specified, it will allow traffic from
-                  all addresses. To disable all inbound host ports, use the value
-                  none. The default value allows ssh access and DHCP. [Default: tcp:22,
-                  udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]'
-                items:
-                  description: ProtoPort is combination of protocol, port, and CIDR.
-                    Protocol and port must be specified.
-                  properties:
-                    net:
-                      type: string
-                    port:
-                      type: integer
-                    protocol:
-                      type: string
-                  required:
-                  - port
-                  - protocol
-                  type: object
-                type: array
-              failsafeOutboundHostPorts:
-                description: 'FailsafeOutboundHostPorts is a list of UDP/TCP ports
-                  and CIDRs that Felix will allow outgoing traffic from host endpoints
-                  to irrespective of the security policy. This is useful to avoid
-                  accidentally cutting off a host with incorrect configuration. For
-                  back-compatibility, if the protocol is not specified, it defaults
-                  to "tcp". If a CIDR is not specified, it will allow traffic from
-                  all addresses. To disable all outbound host ports, use the value
-                  none. The default value opens etcd''s standard ports to ensure that
-                  Felix does not get cut off from etcd as well as allowing DHCP and
-                  DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666,
-                  tcp:6667, udp:53, udp:67]'
-                items:
-                  description: ProtoPort is combination of protocol, port, and CIDR.
-                    Protocol and port must be specified.
-                  properties:
-                    net:
-                      type: string
-                    port:
-                      type: integer
-                    protocol:
-                      type: string
-                  required:
-                  - port
-                  - protocol
-                  type: object
-                type: array
-              featureDetectOverride:
-                description: FeatureDetectOverride is used to override feature detection
-                  based on auto-detected platform capabilities.  Values are specified
-                  in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=".  "true"
-                  or "false" will force the feature, empty or omitted values are auto-detected.
-                pattern: ^([a-zA-Z0-9-_]+=(true|false|),)*([a-zA-Z0-9-_]+=(true|false|))?$
-                type: string
-              featureGates:
-                description: FeatureGates is used to enable or disable tech-preview
-                  Calico features. Values are specified in a comma separated list
-                  with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
-                  This is used to enable features that are not fully production ready.
-                pattern: ^([a-zA-Z0-9-_]+=([^=]+),)*([a-zA-Z0-9-_]+=([^=]+))?$
-                type: string
-              floatingIPs:
-                description: FloatingIPs configures whether or not Felix will program
-                  non-OpenStack floating IP addresses.  (OpenStack-derived floating
-                  IPs are always programmed, regardless of this setting.)
-                enum:
-                - Enabled
-                - Disabled
-                type: string
-              genericXDPEnabled:
-                description: 'GenericXDPEnabled enables Generic XDP so network cards
-                  that don''t support XDP offload or driver modes can use XDP. This
-                  is not recommended since it doesn''t provide better performance
-                  than iptables. [Default: false]'
-                type: boolean
-              healthEnabled:
-                type: boolean
-              healthHost:
-                type: string
-              healthPort:
-                type: integer
-              healthTimeoutOverrides:
-                description: HealthTimeoutOverrides allows the internal watchdog timeouts
-                  of individual subcomponents to be overridden.  This is useful for
-                  working around "false positive" liveness timeouts that can occur
-                  in particularly stressful workloads or if CPU is constrained.  For
-                  a list of active subcomponents, see Felix's logs.
-                items:
-                  properties:
-                    name:
-                      type: string
-                    timeout:
-                      type: string
-                  required:
-                  - name
-                  - timeout
-                  type: object
-                type: array
-              interfaceExclude:
-                description: 'InterfaceExclude is a comma-separated list of interfaces
-                  that Felix should exclude when monitoring for host endpoints. The
-                  default value ensures that Felix ignores Kubernetes'' IPVS dummy
-                  interface, which is used internally by kube-proxy. If you want to
-                  exclude multiple interface names using a single value, the list
-                  supports regular expressions. For regular expressions you must wrap
-                  the value with ''/''. For example having values ''/^kube/,veth1''
-                  will exclude all interfaces that begin with ''kube'' and also the
-                  interface ''veth1''. [Default: kube-ipvs0]'
-                type: string
-              interfacePrefix:
-                description: 'InterfacePrefix is the interface name prefix that identifies
-                  workload endpoints and so distinguishes them from host endpoint
-                  interfaces. Note: in environments other than bare metal, the orchestrators
-                  configure this appropriately. For example our Kubernetes and Docker
-                  integrations set the ''cali'' value, and our OpenStack integration
-                  sets the ''tap'' value. [Default: cali]'
-                type: string
-              interfaceRefreshInterval:
-                description: InterfaceRefreshInterval is the period at which Felix
-                  rescans local interfaces to verify their state. The rescan can be
-                  disabled by setting the interval to 0.
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              ipipEnabled:
-                description: 'IPIPEnabled overrides whether Felix should configure
-                  an IPIP interface on the host. Optional as Felix determines this
-                  based on the existing IP pools. [Default: nil (unset)]'
-                type: boolean
-              ipipMTU:
-                description: 'IPIPMTU is the MTU to set on the tunnel device. See
-                  Configuring MTU [Default: 1440]'
-                type: integer
-              ipsetsRefreshInterval:
-                description: 'IpsetsRefreshInterval is the period at which Felix re-checks
-                  all iptables state to ensure that no other process has accidentally
-                  broken Calico''s rules. Set to 0 to disable iptables refresh. [Default:
-                  90s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              iptablesBackend:
-                description: IptablesBackend specifies which backend of iptables will
-                  be used. The default is Auto.
-                pattern: ^(?i)(Auto|FelixConfiguration|FelixConfigurationList|Legacy|NFT)?$
-                type: string
-              iptablesFilterAllowAction:
-                pattern: ^(?i)(Accept|Return)?$
-                type: string
-              iptablesFilterDenyAction:
-                description: IptablesFilterDenyAction controls what happens to traffic
-                  that is denied by network policy. By default Calico blocks traffic
-                  with an iptables "DROP" action. If you want to use "REJECT" action
-                  instead you can configure it in here.
-                pattern: ^(?i)(Drop|Reject)?$
-                type: string
-              iptablesLockFilePath:
-                description: 'IptablesLockFilePath is the location of the iptables
-                  lock file. You may need to change this if the lock file is not in
-                  its standard location (for example if you have mapped it into Felix''s
-                  container at a different path). [Default: /run/xtables.lock]'
-                type: string
-              iptablesLockProbeInterval:
-                description: 'IptablesLockProbeInterval is the time that Felix will
-                  wait between attempts to acquire the iptables lock if it is not
-                  available. Lower values make Felix more responsive when the lock
-                  is contended, but use more CPU. [Default: 50ms]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              iptablesLockTimeout:
-                description: 'IptablesLockTimeout is the time that Felix will wait
-                  for the iptables lock, or 0, to disable. To use this feature, Felix
-                  must share the iptables lock file with all other processes that
-                  also take the lock. When running Felix inside a container, this
-                  requires the /run directory of the host to be mounted into the calico/node
-                  or calico/felix container. [Default: 0s disabled]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              iptablesMangleAllowAction:
-                pattern: ^(?i)(Accept|Return)?$
-                type: string
-              iptablesMarkMask:
-                description: 'IptablesMarkMask is the mask that Felix selects its
-                  IPTables Mark bits from. Should be a 32 bit hexadecimal number with
-                  at least 8 bits set, none of which clash with any other mark bits
-                  in use on the system. [Default: 0xff000000]'
-                format: int32
-                type: integer
-              iptablesNATOutgoingInterfaceFilter:
-                type: string
-              iptablesPostWriteCheckInterval:
-                description: 'IptablesPostWriteCheckInterval is the period after Felix
-                  has done a write to the dataplane that it schedules an extra read
-                  back in order to check the write was not clobbered by another process.
-                  This should only occur if another application on the system doesn''t
-                  respect the iptables lock. [Default: 1s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              iptablesRefreshInterval:
-                description: 'IptablesRefreshInterval is the period at which Felix
-                  re-checks the IP sets in the dataplane to ensure that no other process
-                  has accidentally broken Calico''s rules. Set to 0 to disable IP
-                  sets refresh. Note: the default for this value is lower than the
-                  other refresh intervals as a workaround for a Linux kernel bug that
-                  was fixed in kernel version 4.11. If you are using v4.11 or greater
-                  you may want to set this to, a higher value to reduce Felix CPU
-                  usage. [Default: 10s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              ipv6Support:
-                description: IPv6Support controls whether Felix enables support for
-                  IPv6 (if supported by the in-use dataplane).
-                type: boolean
-              kubeNodePortRanges:
-                description: 'KubeNodePortRanges holds list of port ranges used for
-                  service node ports. Only used if felix detects kube-proxy running
-                  in ipvs mode. Felix uses these ranges to separate host and workload
-                  traffic. [Default: 30000:32767].'
-                items:
-                  anyOf:
-                  - type: integer
-                  - type: string
-                  pattern: ^.*
-                  x-kubernetes-int-or-string: true
-                type: array
-              logDebugFilenameRegex:
-                description: LogDebugFilenameRegex controls which source code files
-                  have their Debug log output included in the logs. Only logs from
-                  files with names that match the given regular expression are included.  The
-                  filter only applies to Debug level logs.
-                type: string
-              logFilePath:
-                description: 'LogFilePath is the full path to the Felix log. Set to
-                  none to disable file logging. [Default: /var/log/calico/felix.log]'
-                type: string
-              logPrefix:
-                description: 'LogPrefix is the log prefix that Felix uses when rendering
-                  LOG rules. [Default: calico-packet]'
-                type: string
-              logSeverityFile:
-                description: 'LogSeverityFile is the log severity above which logs
-                  are sent to the log file. [Default: Info]'
-                pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
-                type: string
-              logSeverityScreen:
-                description: 'LogSeverityScreen is the log severity above which logs
-                  are sent to the stdout. [Default: Info]'
-                pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
-                type: string
-              logSeveritySys:
-                description: 'LogSeveritySys is the log severity above which logs
-                  are sent to the syslog. Set to None for no logging to syslog. [Default:
-                  Info]'
-                pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
-                type: string
-              maxIpsetSize:
-                type: integer
-              metadataAddr:
-                description: 'MetadataAddr is the IP address or domain name of the
-                  server that can answer VM queries for cloud-init metadata. In OpenStack,
-                  this corresponds to the machine running nova-api (or in Ubuntu,
-                  nova-api-metadata). A value of none (case-insensitive) means that
-                  Felix should not set up any NAT rule for the metadata path. [Default:
-                  127.0.0.1]'
-                type: string
-              metadataPort:
-                description: 'MetadataPort is the port of the metadata server. This,
-                  combined with global.MetadataAddr (if not ''None''), is used to
-                  set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort.
-                  In most cases this should not need to be changed [Default: 8775].'
-                type: integer
-              mtuIfacePattern:
-                description: MTUIfacePattern is a regular expression that controls
-                  which interfaces Felix should scan in order to calculate the host's
-                  MTU. This should not match workload interfaces (usually named cali...).
-                type: string
-              natOutgoingAddress:
-                description: NATOutgoingAddress specifies an address to use when performing
-                  source NAT for traffic in a natOutgoing pool that is leaving the
-                  network. By default the address used is an address on the interface
-                  the traffic is leaving on (ie it uses the iptables MASQUERADE target)
-                type: string
-              natPortRange:
-                anyOf:
-                - type: integer
-                - type: string
-                description: NATPortRange specifies the range of ports that is used
-                  for port mapping when doing outgoing NAT. When unset the default
-                  behavior of the network stack is used.
-                pattern: ^.*
-                x-kubernetes-int-or-string: true
-              netlinkTimeout:
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              openstackRegion:
-                description: 'OpenstackRegion is the name of the region that a particular
-                  Felix belongs to. In a multi-region Calico/OpenStack deployment,
-                  this must be configured somehow for each Felix (here in the datamodel,
-                  or in felix.cfg or the environment on each compute node), and must
-                  match the [calico] openstack_region value configured in neutron.conf
-                  on each node. [Default: Empty]'
-                type: string
-              policySyncPathPrefix:
-                description: 'PolicySyncPathPrefix is used to by Felix to communicate
-                  policy changes to external services, like Application layer policy.
-                  [Default: Empty]'
-                type: string
-              prometheusGoMetricsEnabled:
-                description: 'PrometheusGoMetricsEnabled disables Go runtime metrics
-                  collection, which the Prometheus client does by default, when set
-                  to false. This reduces the number of metrics reported, reducing
-                  Prometheus load. [Default: true]'
-                type: boolean
-              prometheusMetricsEnabled:
-                description: 'PrometheusMetricsEnabled enables the Prometheus metrics
-                  server in Felix if set to true. [Default: false]'
-                type: boolean
-              prometheusMetricsHost:
-                description: 'PrometheusMetricsHost is the host that the Prometheus
-                  metrics server should bind to. [Default: empty]'
-                type: string
-              prometheusMetricsPort:
-                description: 'PrometheusMetricsPort is the TCP port that the Prometheus
-                  metrics server should bind to. [Default: 9091]'
-                type: integer
-              prometheusProcessMetricsEnabled:
-                description: 'PrometheusProcessMetricsEnabled disables process metrics
-                  collection, which the Prometheus client does by default, when set
-                  to false. This reduces the number of metrics reported, reducing
-                  Prometheus load. [Default: true]'
-                type: boolean
-              prometheusWireGuardMetricsEnabled:
-                description: 'PrometheusWireGuardMetricsEnabled disables wireguard
-                  metrics collection, which the Prometheus client does by default,
-                  when set to false. This reduces the number of metrics reported,
-                  reducing Prometheus load. [Default: true]'
-                type: boolean
-              removeExternalRoutes:
-                description: Whether or not to remove device routes that have not
-                  been programmed by Felix. Disabling this will allow external applications
-                  to also add device routes. This is enabled by default which means
-                  we will remove externally added routes.
-                type: boolean
-              reportingInterval:
-                description: 'ReportingInterval is the interval at which Felix reports
-                  its status into the datastore or 0 to disable. Must be non-zero
-                  in OpenStack deployments. [Default: 30s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              reportingTTL:
-                description: 'ReportingTTL is the time-to-live setting for process-wide
-                  status reports. [Default: 90s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              routeRefreshInterval:
-                description: 'RouteRefreshInterval is the period at which Felix re-checks
-                  the routes in the dataplane to ensure that no other process has
-                  accidentally broken Calico''s rules. Set to 0 to disable route refresh.
-                  [Default: 90s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              routeSource:
-                description: 'RouteSource configures where Felix gets its routing
-                  information. - WorkloadIPs: use workload endpoints to construct
-                  routes. - CalicoIPAM: the default - use IPAM data to construct routes.'
-                pattern: ^(?i)(WorkloadIPs|CalicoIPAM)?$
-                type: string
-              routeSyncDisabled:
-                description: RouteSyncDisabled will disable all operations performed
-                  on the route table. Set to true to run in network-policy mode only.
-                type: boolean
-              routeTableRange:
-                description: Deprecated in favor of RouteTableRanges. Calico programs
-                  additional Linux route tables for various purposes. RouteTableRange
-                  specifies the indices of the route tables that Calico should use.
-                properties:
-                  max:
-                    type: integer
-                  min:
-                    type: integer
-                required:
-                - max
-                - min
-                type: object
-              routeTableRanges:
-                description: Calico programs additional Linux route tables for various
-                  purposes. RouteTableRanges specifies a set of table index ranges
-                  that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`.
-                items:
-                  properties:
-                    max:
-                      type: integer
-                    min:
-                      type: integer
-                  required:
-                  - max
-                  - min
-                  type: object
-                type: array
-              serviceLoopPrevention:
-                description: 'When service IP advertisement is enabled, prevent routing
-                  loops to service IPs that are not in use, by dropping or rejecting
-                  packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled",
-                  in which case such routing loops continue to be allowed. [Default:
-                  Drop]'
-                pattern: ^(?i)(Drop|Reject|Disabled)?$
-                type: string
-              sidecarAccelerationEnabled:
-                description: 'SidecarAccelerationEnabled enables experimental sidecar
-                  acceleration [Default: false]'
-                type: boolean
-              usageReportingEnabled:
-                description: 'UsageReportingEnabled reports anonymous Calico version
-                  number and cluster size to projectcalico.org. Logs warnings returned
-                  by the usage server. For example, if a significant security vulnerability
-                  has been discovered in the version of Calico being used. [Default:
-                  true]'
-                type: boolean
-              usageReportingInitialDelay:
-                description: 'UsageReportingInitialDelay controls the minimum delay
-                  before Felix makes a report. [Default: 300s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              usageReportingInterval:
-                description: 'UsageReportingInterval controls the interval at which
-                  Felix makes reports. [Default: 86400s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              useInternalDataplaneDriver:
-                description: UseInternalDataplaneDriver, if true, Felix will use its
-                  internal dataplane programming logic.  If false, it will launch
-                  an external dataplane driver and communicate with it over protobuf.
-                type: boolean
-              vxlanEnabled:
-                description: 'VXLANEnabled overrides whether Felix should create the
-                  VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix
-                  determines this based on the existing IP pools. [Default: nil (unset)]'
-                type: boolean
-              vxlanMTU:
-                description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
-                  device. See Configuring MTU [Default: 1410]'
-                type: integer
-              vxlanMTUV6:
-                description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel
-                  device. See Configuring MTU [Default: 1390]'
-                type: integer
-              vxlanPort:
-                type: integer
-              vxlanVNI:
-                type: integer
-              windowsManageFirewallRules:
-                description: 'WindowsManageFirewallRules configures whether or not
-                  Felix will program Windows Firewall rules. (to allow inbound access
-                  to its own metrics ports) [Default: Disabled]'
-                enum:
-                - Enabled
-                - Disabled
-                type: string
-              wireguardEnabled:
-                description: 'WireguardEnabled controls whether Wireguard is enabled
-                  for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network).
-                  [Default: false]'
-                type: boolean
-              wireguardEnabledV6:
-                description: 'WireguardEnabledV6 controls whether Wireguard is enabled
-                  for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network).
-                  [Default: false]'
-                type: boolean
-              wireguardHostEncryptionEnabled:
-                description: 'WireguardHostEncryptionEnabled controls whether Wireguard
-                  host-to-host encryption is enabled. [Default: false]'
-                type: boolean
-              wireguardInterfaceName:
-                description: 'WireguardInterfaceName specifies the name to use for
-                  the IPv4 Wireguard interface. [Default: wireguard.cali]'
-                type: string
-              wireguardInterfaceNameV6:
-                description: 'WireguardInterfaceNameV6 specifies the name to use for
-                  the IPv6 Wireguard interface. [Default: wg-v6.cali]'
-                type: string
-              wireguardKeepAlive:
-                description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive
-                  option. Set 0 to disable. [Default: 0]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-              wireguardListeningPort:
-                description: 'WireguardListeningPort controls the listening port used
-                  by IPv4 Wireguard. [Default: 51820]'
-                type: integer
-              wireguardListeningPortV6:
-                description: 'WireguardListeningPortV6 controls the listening port
-                  used by IPv6 Wireguard. [Default: 51821]'
-                type: integer
-              wireguardMTU:
-                description: 'WireguardMTU controls the MTU on the IPv4 Wireguard
-                  interface. See Configuring MTU [Default: 1440]'
-                type: integer
-              wireguardMTUV6:
-                description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard
-                  interface. See Configuring MTU [Default: 1420]'
-                type: integer
-              wireguardRoutingRulePriority:
-                description: 'WireguardRoutingRulePriority controls the priority value
-                  to use for the Wireguard routing rule. [Default: 99]'
-                type: integer
-              wireguardThreadingEnabled:
-                description: 'WireguardThreadingEnabled controls whether Wireguard
-                  has NAPI threading enabled. [Default: false]'
-                type: boolean
-              workloadSourceSpoofing:
-                description: WorkloadSourceSpoofing controls whether pods can use
-                  the allowedSourcePrefixes annotation to send traffic with a source
-                  IP address that is not theirs. This is disabled by default. When
-                  set to "Any", pods can request any prefix.
-                pattern: ^(?i)(Disabled|Any)?$
-                type: string
-              xdpEnabled:
-                description: 'XDPEnabled enables XDP acceleration for suitable untracked
-                  incoming deny rules. [Default: true]'
-                type: boolean
-              xdpRefreshInterval:
-                description: 'XDPRefreshInterval is the period at which Felix re-checks
-                  all XDP state to ensure that no other process has accidentally broken
-                  Calico''s BPF maps or attached programs. Set to 0 to disable XDP
-                  refresh. [Default: 90s]'
-                pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: globalnetworkpolicies.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: GlobalNetworkPolicy
-    listKind: GlobalNetworkPolicyList
-    plural: globalnetworkpolicies
-    singular: globalnetworkpolicy
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            properties:
-              applyOnForward:
-                description: ApplyOnForward indicates to apply the rules in this policy
-                  on forward traffic.
-                type: boolean
-              doNotTrack:
-                description: DoNotTrack indicates whether packets matched by the rules
-                  in this policy should go through the data plane's connection tracking,
-                  such as Linux conntrack.  If True, the rules in this policy are
-                  applied before any data plane connection tracking, and packets allowed
-                  by this policy are marked as not to be tracked.
-                type: boolean
-              egress:
-                description: The ordered set of egress rules.  Each rule contains
-                  a set of packet match criteria and a corresponding action to apply.
-                items:
-                  description: "A Rule encapsulates a set of match criteria and an
-                    action.  Both selector-based security Policy and security Profiles
-                    reference rules - separated out as a list of rules for both ingress
-                    and egress packet matching. \n Each positive match criteria has
-                    a negated version, prefixed with \"Not\". All the match criteria
-                    within a rule must be satisfied for a packet to match. A single
-                    rule can contain the positive and negative version of a match
-                    and both must be satisfied for the rule to match."
-                  properties:
-                    action:
-                      type: string
-                    destination:
-                      description: Destination contains the match criteria that apply
-                        to destination entity.
-                      properties:
-                        namespaceSelector:
-                          description: "NamespaceSelector is an optional field that
-                            contains a selector expression. Only traffic that originates
-                            from (or terminates at) endpoints within the selected
-                            namespaces will be matched. When both NamespaceSelector
-                            and another selector are defined on the same rule, then
-                            only workload endpoints that are matched by both selectors
-                            will be selected by the rule. \n For NetworkPolicy, an
-                            empty NamespaceSelector implies that the Selector is limited
-                            to selecting only workload endpoints in the same namespace
-                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
-                            NamespaceSelector implies that the Selector is limited
-                            to selecting only GlobalNetworkSet or HostEndpoint. \n
-                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
-                            the Selector applies to workload endpoints across all
-                            namespaces."
-                          type: string
-                        nets:
-                          description: Nets is an optional field that restricts the
-                            rule to only apply to traffic that originates from (or
-                            terminates at) IP addresses in any of the given subnets.
-                          items:
-                            type: string
-                          type: array
-                        notNets:
-                          description: NotNets is the negated version of the Nets
-                            field.
-                          items:
-                            type: string
-                          type: array
-                        notPorts:
-                          description: NotPorts is the negated version of the Ports
-                            field. Since only some protocols have ports, if any ports
-                            are specified it requires the Protocol match in the Rule
-                            to be set to "TCP" or "UDP".
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        notSelector:
-                          description: NotSelector is the negated version of the Selector
-                            field.  See Selector field for subtleties with negated
-                            selectors.
-                          type: string
-                        ports:
-                          description: "Ports is an optional field that restricts
-                            the rule to only apply to traffic that has a source (destination)
-                            port that matches one of these ranges/values. This value
-                            is a list of integers or strings that represent ranges
-                            of ports. \n Since only some protocols have ports, if
-                            any ports are specified it requires the Protocol match
-                            in the Rule to be set to \"TCP\" or \"UDP\"."
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        selector:
-                          description: "Selector is an optional field that contains
-                            a selector expression (see Policy for sample syntax).
-                            \ Only traffic that originates from (terminates at) endpoints
-                            matching the selector will be matched. \n Note that: in
-                            addition to the negated version of the Selector (see NotSelector
-                            below), the selector expression syntax itself supports
-                            negation.  The two types of negation are subtly different.
-                            One negates the set of matched endpoints, the other negates
-                            the whole match: \n \tSelector = \"!has(my_label)\" matches
-                            packets that are from other Calico-controlled \tendpoints
-                            that do not have the label \"my_label\". \n \tNotSelector
-                            = \"has(my_label)\" matches packets that are not from
-                            Calico-controlled \tendpoints that do have the label \"my_label\".
-                            \n The effect is that the latter will accept packets from
-                            non-Calico sources whereas the former is limited to packets
-                            from Calico-controlled endpoints."
-                          type: string
-                        serviceAccounts:
-                          description: ServiceAccounts is an optional field that restricts
-                            the rule to only apply to traffic that originates from
-                            (or terminates at) a pod running as a matching service
-                            account.
-                          properties:
-                            names:
-                              description: Names is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account whose name is in the list.
-                              items:
-                                type: string
-                              type: array
-                            selector:
-                              description: Selector is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account that matches the given label selector. If
-                                both Names and Selector are specified then they are
-                                AND'ed.
-                              type: string
-                          type: object
-                        services:
-                          description: "Services is an optional field that contains
-                            options for matching Kubernetes Services. If specified,
-                            only traffic that originates from or terminates at endpoints
-                            within the selected service(s) will be matched, and only
-                            to/from each endpoint's port. \n Services cannot be specified
-                            on the same rule as Selector, NotSelector, NamespaceSelector,
-                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
-                            can only be specified with Services on ingress rules."
-                          properties:
-                            name:
-                              description: Name specifies the name of a Kubernetes
-                                Service to match.
-                              type: string
-                            namespace:
-                              description: Namespace specifies the namespace of the
-                                given Service. If left empty, the rule will match
-                                within this policy's namespace.
-                              type: string
-                          type: object
-                      type: object
-                    http:
-                      description: HTTP contains match criteria that apply to HTTP
-                        requests.
-                      properties:
-                        methods:
-                          description: Methods is an optional field that restricts
-                            the rule to apply only to HTTP requests that use one of
-                            the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
-                            methods are OR'd together.
-                          items:
-                            type: string
-                          type: array
-                        paths:
-                          description: 'Paths is an optional field that restricts
-                            the rule to apply to HTTP requests that use one of the
-                            listed HTTP Paths. Multiple paths are OR''d together.
-                            e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
-                            ONLY specify either a `exact` or a `prefix` match. The
-                            validator will check for it.'
-                          items:
-                            description: 'HTTPPath specifies an HTTP path to match.
-                              It may be either of the form: exact: <path>: which matches
-                              the path exactly or prefix: <path-prefix>: which matches
-                              the path prefix'
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                            type: object
-                          type: array
-                      type: object
-                    icmp:
-                      description: ICMP is an optional field that restricts the rule
-                        to apply to a specific type and code of ICMP traffic.  This
-                        should only be specified if the Protocol field is set to "ICMP"
-                        or "ICMPv6".
-                      properties:
-                        code:
-                          description: Match on a specific ICMP code.  If specified,
-                            the Type value must also be specified. This is a technical
-                            limitation imposed by the kernel's iptables firewall,
-                            which Calico uses to enforce the rule.
-                          type: integer
-                        type:
-                          description: Match on a specific ICMP type.  For example
-                            a value of 8 refers to ICMP Echo Request (i.e. pings).
-                          type: integer
-                      type: object
-                    ipVersion:
-                      description: IPVersion is an optional field that restricts the
-                        rule to only match a specific IP version.
-                      type: integer
-                    metadata:
-                      description: Metadata contains additional information for this
-                        rule
-                      properties:
-                        annotations:
-                          additionalProperties:
-                            type: string
-                          description: Annotations is a set of key value pairs that
-                            give extra information about the rule
-                          type: object
-                      type: object
-                    notICMP:
-                      description: NotICMP is the negated version of the ICMP field.
-                      properties:
-                        code:
-                          description: Match on a specific ICMP code.  If specified,
-                            the Type value must also be specified. This is a technical
-                            limitation imposed by the kernel's iptables firewall,
-                            which Calico uses to enforce the rule.
-                          type: integer
-                        type:
-                          description: Match on a specific ICMP type.  For example
-                            a value of 8 refers to ICMP Echo Request (i.e. pings).
-                          type: integer
-                      type: object
-                    notProtocol:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: NotProtocol is the negated version of the Protocol
-                        field.
-                      pattern: ^.*
-                      x-kubernetes-int-or-string: true
-                    protocol:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: "Protocol is an optional field that restricts the
-                        rule to only apply to traffic of a specific IP protocol. Required
-                        if any of the EntityRules contain Ports (because ports only
-                        apply to certain protocols). \n Must be one of these string
-                        values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
-                        \"UDPLite\" or an integer in the range 1-255."
-                      pattern: ^.*
-                      x-kubernetes-int-or-string: true
-                    source:
-                      description: Source contains the match criteria that apply to
-                        source entity.
-                      properties:
-                        namespaceSelector:
-                          description: "NamespaceSelector is an optional field that
-                            contains a selector expression. Only traffic that originates
-                            from (or terminates at) endpoints within the selected
-                            namespaces will be matched. When both NamespaceSelector
-                            and another selector are defined on the same rule, then
-                            only workload endpoints that are matched by both selectors
-                            will be selected by the rule. \n For NetworkPolicy, an
-                            empty NamespaceSelector implies that the Selector is limited
-                            to selecting only workload endpoints in the same namespace
-                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
-                            NamespaceSelector implies that the Selector is limited
-                            to selecting only GlobalNetworkSet or HostEndpoint. \n
-                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
-                            the Selector applies to workload endpoints across all
-                            namespaces."
-                          type: string
-                        nets:
-                          description: Nets is an optional field that restricts the
-                            rule to only apply to traffic that originates from (or
-                            terminates at) IP addresses in any of the given subnets.
-                          items:
-                            type: string
-                          type: array
-                        notNets:
-                          description: NotNets is the negated version of the Nets
-                            field.
-                          items:
-                            type: string
-                          type: array
-                        notPorts:
-                          description: NotPorts is the negated version of the Ports
-                            field. Since only some protocols have ports, if any ports
-                            are specified it requires the Protocol match in the Rule
-                            to be set to "TCP" or "UDP".
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        notSelector:
-                          description: NotSelector is the negated version of the Selector
-                            field.  See Selector field for subtleties with negated
-                            selectors.
-                          type: string
-                        ports:
-                          description: "Ports is an optional field that restricts
-                            the rule to only apply to traffic that has a source (destination)
-                            port that matches one of these ranges/values. This value
-                            is a list of integers or strings that represent ranges
-                            of ports. \n Since only some protocols have ports, if
-                            any ports are specified it requires the Protocol match
-                            in the Rule to be set to \"TCP\" or \"UDP\"."
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        selector:
-                          description: "Selector is an optional field that contains
-                            a selector expression (see Policy for sample syntax).
-                            \ Only traffic that originates from (terminates at) endpoints
-                            matching the selector will be matched. \n Note that: in
-                            addition to the negated version of the Selector (see NotSelector
-                            below), the selector expression syntax itself supports
-                            negation.  The two types of negation are subtly different.
-                            One negates the set of matched endpoints, the other negates
-                            the whole match: \n \tSelector = \"!has(my_label)\" matches
-                            packets that are from other Calico-controlled \tendpoints
-                            that do not have the label \"my_label\". \n \tNotSelector
-                            = \"has(my_label)\" matches packets that are not from
-                            Calico-controlled \tendpoints that do have the label \"my_label\".
-                            \n The effect is that the latter will accept packets from
-                            non-Calico sources whereas the former is limited to packets
-                            from Calico-controlled endpoints."
-                          type: string
-                        serviceAccounts:
-                          description: ServiceAccounts is an optional field that restricts
-                            the rule to only apply to traffic that originates from
-                            (or terminates at) a pod running as a matching service
-                            account.
-                          properties:
-                            names:
-                              description: Names is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account whose name is in the list.
-                              items:
-                                type: string
-                              type: array
-                            selector:
-                              description: Selector is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account that matches the given label selector. If
-                                both Names and Selector are specified then they are
-                                AND'ed.
-                              type: string
-                          type: object
-                        services:
-                          description: "Services is an optional field that contains
-                            options for matching Kubernetes Services. If specified,
-                            only traffic that originates from or terminates at endpoints
-                            within the selected service(s) will be matched, and only
-                            to/from each endpoint's port. \n Services cannot be specified
-                            on the same rule as Selector, NotSelector, NamespaceSelector,
-                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
-                            can only be specified with Services on ingress rules."
-                          properties:
-                            name:
-                              description: Name specifies the name of a Kubernetes
-                                Service to match.
-                              type: string
-                            namespace:
-                              description: Namespace specifies the namespace of the
-                                given Service. If left empty, the rule will match
-                                within this policy's namespace.
-                              type: string
-                          type: object
-                      type: object
-                  required:
-                  - action
-                  type: object
-                type: array
-              ingress:
-                description: The ordered set of ingress rules.  Each rule contains
-                  a set of packet match criteria and a corresponding action to apply.
-                items:
-                  description: "A Rule encapsulates a set of match criteria and an
-                    action.  Both selector-based security Policy and security Profiles
-                    reference rules - separated out as a list of rules for both ingress
-                    and egress packet matching. \n Each positive match criteria has
-                    a negated version, prefixed with \"Not\". All the match criteria
-                    within a rule must be satisfied for a packet to match. A single
-                    rule can contain the positive and negative version of a match
-                    and both must be satisfied for the rule to match."
-                  properties:
-                    action:
-                      type: string
-                    destination:
-                      description: Destination contains the match criteria that apply
-                        to destination entity.
-                      properties:
-                        namespaceSelector:
-                          description: "NamespaceSelector is an optional field that
-                            contains a selector expression. Only traffic that originates
-                            from (or terminates at) endpoints within the selected
-                            namespaces will be matched. When both NamespaceSelector
-                            and another selector are defined on the same rule, then
-                            only workload endpoints that are matched by both selectors
-                            will be selected by the rule. \n For NetworkPolicy, an
-                            empty NamespaceSelector implies that the Selector is limited
-                            to selecting only workload endpoints in the same namespace
-                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
-                            NamespaceSelector implies that the Selector is limited
-                            to selecting only GlobalNetworkSet or HostEndpoint. \n
-                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
-                            the Selector applies to workload endpoints across all
-                            namespaces."
-                          type: string
-                        nets:
-                          description: Nets is an optional field that restricts the
-                            rule to only apply to traffic that originates from (or
-                            terminates at) IP addresses in any of the given subnets.
-                          items:
-                            type: string
-                          type: array
-                        notNets:
-                          description: NotNets is the negated version of the Nets
-                            field.
-                          items:
-                            type: string
-                          type: array
-                        notPorts:
-                          description: NotPorts is the negated version of the Ports
-                            field. Since only some protocols have ports, if any ports
-                            are specified it requires the Protocol match in the Rule
-                            to be set to "TCP" or "UDP".
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        notSelector:
-                          description: NotSelector is the negated version of the Selector
-                            field.  See Selector field for subtleties with negated
-                            selectors.
-                          type: string
-                        ports:
-                          description: "Ports is an optional field that restricts
-                            the rule to only apply to traffic that has a source (destination)
-                            port that matches one of these ranges/values. This value
-                            is a list of integers or strings that represent ranges
-                            of ports. \n Since only some protocols have ports, if
-                            any ports are specified it requires the Protocol match
-                            in the Rule to be set to \"TCP\" or \"UDP\"."
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        selector:
-                          description: "Selector is an optional field that contains
-                            a selector expression (see Policy for sample syntax).
-                            \ Only traffic that originates from (terminates at) endpoints
-                            matching the selector will be matched. \n Note that: in
-                            addition to the negated version of the Selector (see NotSelector
-                            below), the selector expression syntax itself supports
-                            negation.  The two types of negation are subtly different.
-                            One negates the set of matched endpoints, the other negates
-                            the whole match: \n \tSelector = \"!has(my_label)\" matches
-                            packets that are from other Calico-controlled \tendpoints
-                            that do not have the label \"my_label\". \n \tNotSelector
-                            = \"has(my_label)\" matches packets that are not from
-                            Calico-controlled \tendpoints that do have the label \"my_label\".
-                            \n The effect is that the latter will accept packets from
-                            non-Calico sources whereas the former is limited to packets
-                            from Calico-controlled endpoints."
-                          type: string
-                        serviceAccounts:
-                          description: ServiceAccounts is an optional field that restricts
-                            the rule to only apply to traffic that originates from
-                            (or terminates at) a pod running as a matching service
-                            account.
-                          properties:
-                            names:
-                              description: Names is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account whose name is in the list.
-                              items:
-                                type: string
-                              type: array
-                            selector:
-                              description: Selector is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account that matches the given label selector. If
-                                both Names and Selector are specified then they are
-                                AND'ed.
-                              type: string
-                          type: object
-                        services:
-                          description: "Services is an optional field that contains
-                            options for matching Kubernetes Services. If specified,
-                            only traffic that originates from or terminates at endpoints
-                            within the selected service(s) will be matched, and only
-                            to/from each endpoint's port. \n Services cannot be specified
-                            on the same rule as Selector, NotSelector, NamespaceSelector,
-                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
-                            can only be specified with Services on ingress rules."
-                          properties:
-                            name:
-                              description: Name specifies the name of a Kubernetes
-                                Service to match.
-                              type: string
-                            namespace:
-                              description: Namespace specifies the namespace of the
-                                given Service. If left empty, the rule will match
-                                within this policy's namespace.
-                              type: string
-                          type: object
-                      type: object
-                    http:
-                      description: HTTP contains match criteria that apply to HTTP
-                        requests.
-                      properties:
-                        methods:
-                          description: Methods is an optional field that restricts
-                            the rule to apply only to HTTP requests that use one of
-                            the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
-                            methods are OR'd together.
-                          items:
-                            type: string
-                          type: array
-                        paths:
-                          description: 'Paths is an optional field that restricts
-                            the rule to apply to HTTP requests that use one of the
-                            listed HTTP Paths. Multiple paths are OR''d together.
-                            e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
-                            ONLY specify either a `exact` or a `prefix` match. The
-                            validator will check for it.'
-                          items:
-                            description: 'HTTPPath specifies an HTTP path to match.
-                              It may be either of the form: exact: <path>: which matches
-                              the path exactly or prefix: <path-prefix>: which matches
-                              the path prefix'
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                            type: object
-                          type: array
-                      type: object
-                    icmp:
-                      description: ICMP is an optional field that restricts the rule
-                        to apply to a specific type and code of ICMP traffic.  This
-                        should only be specified if the Protocol field is set to "ICMP"
-                        or "ICMPv6".
-                      properties:
-                        code:
-                          description: Match on a specific ICMP code.  If specified,
-                            the Type value must also be specified. This is a technical
-                            limitation imposed by the kernel's iptables firewall,
-                            which Calico uses to enforce the rule.
-                          type: integer
-                        type:
-                          description: Match on a specific ICMP type.  For example
-                            a value of 8 refers to ICMP Echo Request (i.e. pings).
-                          type: integer
-                      type: object
-                    ipVersion:
-                      description: IPVersion is an optional field that restricts the
-                        rule to only match a specific IP version.
-                      type: integer
-                    metadata:
-                      description: Metadata contains additional information for this
-                        rule
-                      properties:
-                        annotations:
-                          additionalProperties:
-                            type: string
-                          description: Annotations is a set of key value pairs that
-                            give extra information about the rule
-                          type: object
-                      type: object
-                    notICMP:
-                      description: NotICMP is the negated version of the ICMP field.
-                      properties:
-                        code:
-                          description: Match on a specific ICMP code.  If specified,
-                            the Type value must also be specified. This is a technical
-                            limitation imposed by the kernel's iptables firewall,
-                            which Calico uses to enforce the rule.
-                          type: integer
-                        type:
-                          description: Match on a specific ICMP type.  For example
-                            a value of 8 refers to ICMP Echo Request (i.e. pings).
-                          type: integer
-                      type: object
-                    notProtocol:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: NotProtocol is the negated version of the Protocol
-                        field.
-                      pattern: ^.*
-                      x-kubernetes-int-or-string: true
-                    protocol:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: "Protocol is an optional field that restricts the
-                        rule to only apply to traffic of a specific IP protocol. Required
-                        if any of the EntityRules contain Ports (because ports only
-                        apply to certain protocols). \n Must be one of these string
-                        values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
-                        \"UDPLite\" or an integer in the range 1-255."
-                      pattern: ^.*
-                      x-kubernetes-int-or-string: true
-                    source:
-                      description: Source contains the match criteria that apply to
-                        source entity.
-                      properties:
-                        namespaceSelector:
-                          description: "NamespaceSelector is an optional field that
-                            contains a selector expression. Only traffic that originates
-                            from (or terminates at) endpoints within the selected
-                            namespaces will be matched. When both NamespaceSelector
-                            and another selector are defined on the same rule, then
-                            only workload endpoints that are matched by both selectors
-                            will be selected by the rule. \n For NetworkPolicy, an
-                            empty NamespaceSelector implies that the Selector is limited
-                            to selecting only workload endpoints in the same namespace
-                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
-                            NamespaceSelector implies that the Selector is limited
-                            to selecting only GlobalNetworkSet or HostEndpoint. \n
-                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
-                            the Selector applies to workload endpoints across all
-                            namespaces."
-                          type: string
-                        nets:
-                          description: Nets is an optional field that restricts the
-                            rule to only apply to traffic that originates from (or
-                            terminates at) IP addresses in any of the given subnets.
-                          items:
-                            type: string
-                          type: array
-                        notNets:
-                          description: NotNets is the negated version of the Nets
-                            field.
-                          items:
-                            type: string
-                          type: array
-                        notPorts:
-                          description: NotPorts is the negated version of the Ports
-                            field. Since only some protocols have ports, if any ports
-                            are specified it requires the Protocol match in the Rule
-                            to be set to "TCP" or "UDP".
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        notSelector:
-                          description: NotSelector is the negated version of the Selector
-                            field.  See Selector field for subtleties with negated
-                            selectors.
-                          type: string
-                        ports:
-                          description: "Ports is an optional field that restricts
-                            the rule to only apply to traffic that has a source (destination)
-                            port that matches one of these ranges/values. This value
-                            is a list of integers or strings that represent ranges
-                            of ports. \n Since only some protocols have ports, if
-                            any ports are specified it requires the Protocol match
-                            in the Rule to be set to \"TCP\" or \"UDP\"."
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        selector:
-                          description: "Selector is an optional field that contains
-                            a selector expression (see Policy for sample syntax).
-                            \ Only traffic that originates from (terminates at) endpoints
-                            matching the selector will be matched. \n Note that: in
-                            addition to the negated version of the Selector (see NotSelector
-                            below), the selector expression syntax itself supports
-                            negation.  The two types of negation are subtly different.
-                            One negates the set of matched endpoints, the other negates
-                            the whole match: \n \tSelector = \"!has(my_label)\" matches
-                            packets that are from other Calico-controlled \tendpoints
-                            that do not have the label \"my_label\". \n \tNotSelector
-                            = \"has(my_label)\" matches packets that are not from
-                            Calico-controlled \tendpoints that do have the label \"my_label\".
-                            \n The effect is that the latter will accept packets from
-                            non-Calico sources whereas the former is limited to packets
-                            from Calico-controlled endpoints."
-                          type: string
-                        serviceAccounts:
-                          description: ServiceAccounts is an optional field that restricts
-                            the rule to only apply to traffic that originates from
-                            (or terminates at) a pod running as a matching service
-                            account.
-                          properties:
-                            names:
-                              description: Names is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account whose name is in the list.
-                              items:
-                                type: string
-                              type: array
-                            selector:
-                              description: Selector is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account that matches the given label selector. If
-                                both Names and Selector are specified then they are
-                                AND'ed.
-                              type: string
-                          type: object
-                        services:
-                          description: "Services is an optional field that contains
-                            options for matching Kubernetes Services. If specified,
-                            only traffic that originates from or terminates at endpoints
-                            within the selected service(s) will be matched, and only
-                            to/from each endpoint's port. \n Services cannot be specified
-                            on the same rule as Selector, NotSelector, NamespaceSelector,
-                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
-                            can only be specified with Services on ingress rules."
-                          properties:
-                            name:
-                              description: Name specifies the name of a Kubernetes
-                                Service to match.
-                              type: string
-                            namespace:
-                              description: Namespace specifies the namespace of the
-                                given Service. If left empty, the rule will match
-                                within this policy's namespace.
-                              type: string
-                          type: object
-                      type: object
-                  required:
-                  - action
-                  type: object
-                type: array
-              namespaceSelector:
-                description: NamespaceSelector is an optional field for an expression
-                  used to select a pod based on namespaces.
-                type: string
-              order:
-                description: Order is an optional field that specifies the order in
-                  which the policy is applied. Policies with higher "order" are applied
-                  after those with lower order.  If the order is omitted, it may be
-                  considered to be "infinite" - i.e. the policy will be applied last.  Policies
-                  with identical order will be applied in alphanumerical order based
-                  on the Policy "Name".
-                type: number
-              performanceHints:
-                description: "PerformanceHints contains a list of hints to Calico's
-                  policy engine to help process the policy more efficiently.  Hints
-                  never change the enforcement behaviour of the policy. \n Currently,
-                  the only available hint is \"AssumeNeededOnEveryNode\".  When that
-                  hint is set on a policy, Felix will act as if the policy matches
-                  a local endpoint even if it does not. This is useful for \"preloading\"
-                  any large static policies that are known to be used on every node.
-                  If the policy is _not_ used on a particular node then the work done
-                  to preload the policy (and to maintain it) is wasted."
-                items:
-                  type: string
-                type: array
-              preDNAT:
-                description: PreDNAT indicates to apply the rules in this policy before
-                  any DNAT.
-                type: boolean
-              selector:
-                description: "The selector is an expression used to pick out the endpoints
-                  that the policy should be applied to. \n Selector expressions follow
-                  this syntax: \n \tlabel == \"string_literal\"  ->  comparison, e.g.
-                  my_label == \"foo bar\" \tlabel != \"string_literal\"   ->  not
-                  equal; also matches if label is not present \tlabel in { \"a\",
-                  \"b\", \"c\", ... }  ->  true if the value of label X is one of
-                  \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... }
-                  \ ->  true if the value of label X is not one of \"a\", \"b\", \"c\"
-                  \thas(label_name)  -> True if that label is present \t! expr ->
-                  negation of expr \texpr && expr  -> Short-circuit and \texpr ||
-                  expr  -> Short-circuit or \t( expr ) -> parens for grouping \tall()
-                  or the empty selector -> matches all endpoints. \n Label names are
-                  allowed to contain alphanumerics, -, _ and /. String literals are
-                  more permissive but they do not support escape characters. \n Examples
-                  (with made-up labels): \n \ttype == \"webserver\" && deployment
-                  == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment !=
-                  \"dev\" \t! has(label_name)"
-                type: string
-              serviceAccountSelector:
-                description: ServiceAccountSelector is an optional field for an expression
-                  used to select a pod based on service accounts.
-                type: string
-              types:
-                description: "Types indicates whether this policy applies to ingress,
-                  or to egress, or to both.  When not explicitly specified (and so
-                  the value on creation is empty or nil), Calico defaults Types according
-                  to what Ingress and Egress rules are present in the policy.  The
-                  default is: \n - [ PolicyTypeIngress ], if there are no Egress rules
-                  (including the case where there are   also no Ingress rules) \n
-                  - [ PolicyTypeEgress ], if there are Egress rules but no Ingress
-                  rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are
-                  both Ingress and Egress rules. \n When the policy is read back again,
-                  Types will always be one of these values, never empty or nil."
-                items:
-                  description: PolicyType enumerates the possible values of the PolicySpec
-                    Types field.
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: globalnetworksets.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: GlobalNetworkSet
-    listKind: GlobalNetworkSetList
-    plural: globalnetworksets
-    singular: globalnetworkset
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs
-          that share labels to allow rules to refer to them via selectors.  The labels
-          of GlobalNetworkSet are not namespaced.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: GlobalNetworkSetSpec contains the specification for a NetworkSet
-              resource.
-            properties:
-              nets:
-                description: The list of IP networks that belong to this set.
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: hostendpoints.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: HostEndpoint
-    listKind: HostEndpointList
-    plural: hostendpoints
-    singular: hostendpoint
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: HostEndpointSpec contains the specification for a HostEndpoint
-              resource.
-            properties:
-              expectedIPs:
-                description: "The expected IP addresses (IPv4 and IPv6) of the endpoint.
-                  If \"InterfaceName\" is not present, Calico will look for an interface
-                  matching any of the IPs in the list and apply policy to that. Note:
-                  \tWhen using the selector match criteria in an ingress or egress
-                  security Policy \tor Profile, Calico converts the selector into
-                  a set of IP addresses. For host \tendpoints, the ExpectedIPs field
-                  is used for that purpose. (If only the interface \tname is specified,
-                  Calico does not learn the IPs of the interface for use in match
-                  \tcriteria.)"
-                items:
-                  type: string
-                type: array
-              interfaceName:
-                description: "Either \"*\", or the name of a specific Linux interface
-                  to apply policy to; or empty.  \"*\" indicates that this HostEndpoint
-                  governs all traffic to, from or through the default network namespace
-                  of the host named by the \"Node\" field; entering and leaving that
-                  namespace via any interface, including those from/to non-host-networked
-                  local workloads. \n If InterfaceName is not \"*\", this HostEndpoint
-                  only governs traffic that enters or leaves the host through the
-                  specific interface named by InterfaceName, or - when InterfaceName
-                  is empty - through the specific interface that has one of the IPs
-                  in ExpectedIPs. Therefore, when InterfaceName is empty, at least
-                  one expected IP must be specified.  Only external interfaces (such
-                  as \"eth0\") are supported here; it isn't possible for a HostEndpoint
-                  to protect traffic through a specific local workload interface.
-                  \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints;
-                  initially just pre-DNAT policy.  Please check Calico documentation
-                  for the latest position."
-                type: string
-              node:
-                description: The node name identifying the Calico node instance.
-                type: string
-              ports:
-                description: Ports contains the endpoint's named ports, which may
-                  be referenced in security policy rules.
-                items:
-                  properties:
-                    name:
-                      type: string
-                    port:
-                      type: integer
-                    protocol:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      pattern: ^.*
-                      x-kubernetes-int-or-string: true
-                  required:
-                  - name
-                  - port
-                  - protocol
-                  type: object
-                type: array
-              profiles:
-                description: A list of identifiers of security Profile objects that
-                  apply to this endpoint. Each profile is applied in the order that
-                  they appear in this list.  Profile rules are applied after the selector-based
-                  security policy.
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: ipamblocks.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: IPAMBlock
-    listKind: IPAMBlockList
-    plural: ipamblocks
-    singular: ipamblock
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: IPAMBlockSpec contains the specification for an IPAMBlock
-              resource.
-            properties:
-              affinity:
-                description: Affinity of the block, if this block has one. If set,
-                  it will be of the form "host:<hostname>". If not set, this block
-                  is not affine to a host.
-                type: string
-              allocations:
-                description: Array of allocations in-use within this block. nil entries
-                  mean the allocation is free. For non-nil entries at index i, the
-                  index is the ordinal of the allocation within this block and the
-                  value is the index of the associated attributes in the Attributes
-                  array.
-                items:
-                  type: integer
-                  # TODO: This nullable is manually added in. We should update controller-gen
-                  # to handle []*int properly itself.
-                  nullable: true
-                type: array
-              attributes:
-                description: Attributes is an array of arbitrary metadata associated
-                  with allocations in the block. To find attributes for a given allocation,
-                  use the value of the allocation's entry in the Allocations array
-                  as the index of the element in this array.
-                items:
-                  properties:
-                    handle_id:
-                      type: string
-                    secondary:
-                      additionalProperties:
-                        type: string
-                      type: object
-                  type: object
-                type: array
-              cidr:
-                description: The block's CIDR.
-                type: string
-              deleted:
-                description: Deleted is an internal boolean used to workaround a limitation
-                  in the Kubernetes API whereby deletion will not return a conflict
-                  error if the block has been updated. It should not be set manually.
-                type: boolean
-              sequenceNumber:
-                default: 0
-                description: We store a sequence number that is updated each time
-                  the block is written. Each allocation will also store the sequence
-                  number of the block at the time of its creation. When releasing
-                  an IP, passing the sequence number associated with the allocation
-                  allows us to protect against a race condition and ensure the IP
-                  hasn't been released and re-allocated since the release request.
-                format: int64
-                type: integer
-              sequenceNumberForAllocation:
-                additionalProperties:
-                  format: int64
-                  type: integer
-                description: Map of allocated ordinal within the block to sequence
-                  number of the block at the time of allocation. Kubernetes does not
-                  allow numerical keys for maps, so the key is cast to a string.
-                type: object
-              strictAffinity:
-                description: StrictAffinity on the IPAMBlock is deprecated and no
-                  longer used by the code. Use IPAMConfig StrictAffinity instead.
-                type: boolean
-              unallocated:
-                description: Unallocated is an ordered list of allocations which are
-                  free in the block.
-                items:
-                  type: integer
-                type: array
-            required:
-            - allocations
-            - attributes
-            - cidr
-            - strictAffinity
-            - unallocated
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: ipamconfigs.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: IPAMConfig
-    listKind: IPAMConfigList
-    plural: ipamconfigs
-    singular: ipamconfig
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: IPAMConfigSpec contains the specification for an IPAMConfig
-              resource.
-            properties:
-              autoAllocateBlocks:
-                type: boolean
-              maxBlocksPerHost:
-                description: MaxBlocksPerHost, if non-zero, is the max number of blocks
-                  that can be affine to each host.
-                maximum: 2147483647
-                minimum: 0
-                type: integer
-              strictAffinity:
-                type: boolean
-            required:
-            - autoAllocateBlocks
-            - strictAffinity
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: ipamhandles.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: IPAMHandle
-    listKind: IPAMHandleList
-    plural: ipamhandles
-    singular: ipamhandle
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: IPAMHandleSpec contains the specification for an IPAMHandle
-              resource.
-            properties:
-              block:
-                additionalProperties:
-                  type: integer
-                type: object
-              deleted:
-                type: boolean
-              handleID:
-                type: string
-            required:
-            - block
-            - handleID
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: ippools.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: IPPool
-    listKind: IPPoolList
-    plural: ippools
-    singular: ippool
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: IPPoolSpec contains the specification for an IPPool resource.
-            properties:
-              allowedUses:
-                description: AllowedUse controls what the IP pool will be used for.  If
-                  not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility
-                items:
-                  type: string
-                type: array
-              blockSize:
-                description: The block size to use for IP address assignments from
-                  this pool. Defaults to 26 for IPv4 and 122 for IPv6.
-                type: integer
-              cidr:
-                description: The pool CIDR.
-                type: string
-              disableBGPExport:
-                description: 'Disable exporting routes from this IP Pool''s CIDR over
-                  BGP. [Default: false]'
-                type: boolean
-              disabled:
-                description: When disabled is true, Calico IPAM will not assign addresses
-                  from this pool.
-                type: boolean
-              ipip:
-                description: 'Deprecated: this field is only used for APIv1 backwards
-                  compatibility. Setting this field is not allowed, this field is
-                  for internal use only.'
-                properties:
-                  enabled:
-                    description: When enabled is true, ipip tunneling will be used
-                      to deliver packets to destinations within this pool.
-                    type: boolean
-                  mode:
-                    description: The IPIP mode.  This can be one of "always" or "cross-subnet".  A
-                      mode of "always" will also use IPIP tunneling for routing to
-                      destination IP addresses within this pool.  A mode of "cross-subnet"
-                      will only use IPIP tunneling when the destination node is on
-                      a different subnet to the originating node.  The default value
-                      (if not specified) is "always".
-                    type: string
-                type: object
-              ipipMode:
-                description: Contains configuration for IPIP tunneling for this pool.
-                  If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling
-                  is disabled).
-                type: string
-              nat-outgoing:
-                description: 'Deprecated: this field is only used for APIv1 backwards
-                  compatibility. Setting this field is not allowed, this field is
-                  for internal use only.'
-                type: boolean
-              natOutgoing:
-                description: When natOutgoing is true, packets sent from Calico networked
-                  containers in this pool to destinations outside of this pool will
-                  be masqueraded.
-                type: boolean
-              nodeSelector:
-                description: Allows IPPool to allocate for a specific node by label
-                  selector.
-                type: string
-              vxlanMode:
-                description: Contains configuration for VXLAN tunneling for this pool.
-                  If not specified, then this is defaulted to "Never" (i.e. VXLAN
-                  tunneling is disabled).
-                type: string
-            required:
-            - cidr
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: ipreservations.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: IPReservation
-    listKind: IPReservationList
-    plural: ipreservations
-    singular: ipreservation
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: IPReservationSpec contains the specification for an IPReservation
-              resource.
-            properties:
-              reservedCIDRs:
-                description: ReservedCIDRs is a list of CIDRs and/or IP addresses
-                  that Calico IPAM will exclude from new allocations.
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: kubecontrollersconfigurations.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: KubeControllersConfiguration
-    listKind: KubeControllersConfigurationList
-    plural: kubecontrollersconfigurations
-    singular: kubecontrollersconfiguration
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubeControllersConfigurationSpec contains the values of the
-              Kubernetes controllers configuration.
-            properties:
-              controllers:
-                description: Controllers enables and configures individual Kubernetes
-                  controllers
-                properties:
-                  namespace:
-                    description: Namespace enables and configures the namespace controller.
-                      Enabled by default, set to nil to disable.
-                    properties:
-                      reconcilerPeriod:
-                        description: 'ReconcilerPeriod is the period to perform reconciliation
-                          with the Calico datastore. [Default: 5m]'
-                        type: string
-                    type: object
-                  node:
-                    description: Node enables and configures the node controller.
-                      Enabled by default, set to nil to disable.
-                    properties:
-                      hostEndpoint:
-                        description: HostEndpoint controls syncing nodes to host endpoints.
-                          Disabled by default, set to nil to disable.
-                        properties:
-                          autoCreate:
-                            description: 'AutoCreate enables automatic creation of
-                              host endpoints for every node. [Default: Disabled]'
-                            type: string
-                        type: object
-                      leakGracePeriod:
-                        description: 'LeakGracePeriod is the period used by the controller
-                          to determine if an IP address has been leaked. Set to 0
-                          to disable IP garbage collection. [Default: 15m]'
-                        type: string
-                      reconcilerPeriod:
-                        description: 'ReconcilerPeriod is the period to perform reconciliation
-                          with the Calico datastore. [Default: 5m]'
-                        type: string
-                      syncLabels:
-                        description: 'SyncLabels controls whether to copy Kubernetes
-                          node labels to Calico nodes. [Default: Enabled]'
-                        type: string
-                    type: object
-                  policy:
-                    description: Policy enables and configures the policy controller.
-                      Enabled by default, set to nil to disable.
-                    properties:
-                      reconcilerPeriod:
-                        description: 'ReconcilerPeriod is the period to perform reconciliation
-                          with the Calico datastore. [Default: 5m]'
-                        type: string
-                    type: object
-                  serviceAccount:
-                    description: ServiceAccount enables and configures the service
-                      account controller. Enabled by default, set to nil to disable.
-                    properties:
-                      reconcilerPeriod:
-                        description: 'ReconcilerPeriod is the period to perform reconciliation
-                          with the Calico datastore. [Default: 5m]'
-                        type: string
-                    type: object
-                  workloadEndpoint:
-                    description: WorkloadEndpoint enables and configures the workload
-                      endpoint controller. Enabled by default, set to nil to disable.
-                    properties:
-                      reconcilerPeriod:
-                        description: 'ReconcilerPeriod is the period to perform reconciliation
-                          with the Calico datastore. [Default: 5m]'
-                        type: string
-                    type: object
-                type: object
-              debugProfilePort:
-                description: DebugProfilePort configures the port to serve memory
-                  and cpu profiles on. If not specified, profiling is disabled.
-                format: int32
-                type: integer
-              etcdV3CompactionPeriod:
-                description: 'EtcdV3CompactionPeriod is the period between etcdv3
-                  compaction requests. Set to 0 to disable. [Default: 10m]'
-                type: string
-              healthChecks:
-                description: 'HealthChecks enables or disables support for health
-                  checks [Default: Enabled]'
-                type: string
-              logSeverityScreen:
-                description: 'LogSeverityScreen is the log severity above which logs
-                  are sent to the stdout. [Default: Info]'
-                type: string
-              prometheusMetricsPort:
-                description: 'PrometheusMetricsPort is the TCP port that the Prometheus
-                  metrics server should bind to. Set to 0 to disable. [Default: 9094]'
-                type: integer
-            required:
-            - controllers
-            type: object
-          status:
-            description: KubeControllersConfigurationStatus represents the status
-              of the configuration. It's useful for admins to be able to see the actual
-              config that was applied, which can be modified by environment variables
-              on the kube-controllers process.
-            properties:
-              environmentVars:
-                additionalProperties:
-                  type: string
-                description: EnvironmentVars contains the environment variables on
-                  the kube-controllers that influenced the RunningConfig.
-                type: object
-              runningConfig:
-                description: RunningConfig contains the effective config that is running
-                  in the kube-controllers pod, after merging the API resource with
-                  any environment variables.
-                properties:
-                  controllers:
-                    description: Controllers enables and configures individual Kubernetes
-                      controllers
-                    properties:
-                      namespace:
-                        description: Namespace enables and configures the namespace
-                          controller. Enabled by default, set to nil to disable.
-                        properties:
-                          reconcilerPeriod:
-                            description: 'ReconcilerPeriod is the period to perform
-                              reconciliation with the Calico datastore. [Default:
-                              5m]'
-                            type: string
-                        type: object
-                      node:
-                        description: Node enables and configures the node controller.
-                          Enabled by default, set to nil to disable.
-                        properties:
-                          hostEndpoint:
-                            description: HostEndpoint controls syncing nodes to host
-                              endpoints. Disabled by default, set to nil to disable.
-                            properties:
-                              autoCreate:
-                                description: 'AutoCreate enables automatic creation
-                                  of host endpoints for every node. [Default: Disabled]'
-                                type: string
-                            type: object
-                          leakGracePeriod:
-                            description: 'LeakGracePeriod is the period used by the
-                              controller to determine if an IP address has been leaked.
-                              Set to 0 to disable IP garbage collection. [Default:
-                              15m]'
-                            type: string
-                          reconcilerPeriod:
-                            description: 'ReconcilerPeriod is the period to perform
-                              reconciliation with the Calico datastore. [Default:
-                              5m]'
-                            type: string
-                          syncLabels:
-                            description: 'SyncLabels controls whether to copy Kubernetes
-                              node labels to Calico nodes. [Default: Enabled]'
-                            type: string
-                        type: object
-                      policy:
-                        description: Policy enables and configures the policy controller.
-                          Enabled by default, set to nil to disable.
-                        properties:
-                          reconcilerPeriod:
-                            description: 'ReconcilerPeriod is the period to perform
-                              reconciliation with the Calico datastore. [Default:
-                              5m]'
-                            type: string
-                        type: object
-                      serviceAccount:
-                        description: ServiceAccount enables and configures the service
-                          account controller. Enabled by default, set to nil to disable.
-                        properties:
-                          reconcilerPeriod:
-                            description: 'ReconcilerPeriod is the period to perform
-                              reconciliation with the Calico datastore. [Default:
-                              5m]'
-                            type: string
-                        type: object
-                      workloadEndpoint:
-                        description: WorkloadEndpoint enables and configures the workload
-                          endpoint controller. Enabled by default, set to nil to disable.
-                        properties:
-                          reconcilerPeriod:
-                            description: 'ReconcilerPeriod is the period to perform
-                              reconciliation with the Calico datastore. [Default:
-                              5m]'
-                            type: string
-                        type: object
-                    type: object
-                  debugProfilePort:
-                    description: DebugProfilePort configures the port to serve memory
-                      and cpu profiles on. If not specified, profiling is disabled.
-                    format: int32
-                    type: integer
-                  etcdV3CompactionPeriod:
-                    description: 'EtcdV3CompactionPeriod is the period between etcdv3
-                      compaction requests. Set to 0 to disable. [Default: 10m]'
-                    type: string
-                  healthChecks:
-                    description: 'HealthChecks enables or disables support for health
-                      checks [Default: Enabled]'
-                    type: string
-                  logSeverityScreen:
-                    description: 'LogSeverityScreen is the log severity above which
-                      logs are sent to the stdout. [Default: Info]'
-                    type: string
-                  prometheusMetricsPort:
-                    description: 'PrometheusMetricsPort is the TCP port that the Prometheus
-                      metrics server should bind to. Set to 0 to disable. [Default:
-                      9094]'
-                    type: integer
-                required:
-                - controllers
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: networkpolicies.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: NetworkPolicy
-    listKind: NetworkPolicyList
-    plural: networkpolicies
-    singular: networkpolicy
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            properties:
-              egress:
-                description: The ordered set of egress rules.  Each rule contains
-                  a set of packet match criteria and a corresponding action to apply.
-                items:
-                  description: "A Rule encapsulates a set of match criteria and an
-                    action.  Both selector-based security Policy and security Profiles
-                    reference rules - separated out as a list of rules for both ingress
-                    and egress packet matching. \n Each positive match criteria has
-                    a negated version, prefixed with \"Not\". All the match criteria
-                    within a rule must be satisfied for a packet to match. A single
-                    rule can contain the positive and negative version of a match
-                    and both must be satisfied for the rule to match."
-                  properties:
-                    action:
-                      type: string
-                    destination:
-                      description: Destination contains the match criteria that apply
-                        to destination entity.
-                      properties:
-                        namespaceSelector:
-                          description: "NamespaceSelector is an optional field that
-                            contains a selector expression. Only traffic that originates
-                            from (or terminates at) endpoints within the selected
-                            namespaces will be matched. When both NamespaceSelector
-                            and another selector are defined on the same rule, then
-                            only workload endpoints that are matched by both selectors
-                            will be selected by the rule. \n For NetworkPolicy, an
-                            empty NamespaceSelector implies that the Selector is limited
-                            to selecting only workload endpoints in the same namespace
-                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
-                            NamespaceSelector implies that the Selector is limited
-                            to selecting only GlobalNetworkSet or HostEndpoint. \n
-                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
-                            the Selector applies to workload endpoints across all
-                            namespaces."
-                          type: string
-                        nets:
-                          description: Nets is an optional field that restricts the
-                            rule to only apply to traffic that originates from (or
-                            terminates at) IP addresses in any of the given subnets.
-                          items:
-                            type: string
-                          type: array
-                        notNets:
-                          description: NotNets is the negated version of the Nets
-                            field.
-                          items:
-                            type: string
-                          type: array
-                        notPorts:
-                          description: NotPorts is the negated version of the Ports
-                            field. Since only some protocols have ports, if any ports
-                            are specified it requires the Protocol match in the Rule
-                            to be set to "TCP" or "UDP".
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        notSelector:
-                          description: NotSelector is the negated version of the Selector
-                            field.  See Selector field for subtleties with negated
-                            selectors.
-                          type: string
-                        ports:
-                          description: "Ports is an optional field that restricts
-                            the rule to only apply to traffic that has a source (destination)
-                            port that matches one of these ranges/values. This value
-                            is a list of integers or strings that represent ranges
-                            of ports. \n Since only some protocols have ports, if
-                            any ports are specified it requires the Protocol match
-                            in the Rule to be set to \"TCP\" or \"UDP\"."
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        selector:
-                          description: "Selector is an optional field that contains
-                            a selector expression (see Policy for sample syntax).
-                            \ Only traffic that originates from (terminates at) endpoints
-                            matching the selector will be matched. \n Note that: in
-                            addition to the negated version of the Selector (see NotSelector
-                            below), the selector expression syntax itself supports
-                            negation.  The two types of negation are subtly different.
-                            One negates the set of matched endpoints, the other negates
-                            the whole match: \n \tSelector = \"!has(my_label)\" matches
-                            packets that are from other Calico-controlled \tendpoints
-                            that do not have the label \"my_label\". \n \tNotSelector
-                            = \"has(my_label)\" matches packets that are not from
-                            Calico-controlled \tendpoints that do have the label \"my_label\".
-                            \n The effect is that the latter will accept packets from
-                            non-Calico sources whereas the former is limited to packets
-                            from Calico-controlled endpoints."
-                          type: string
-                        serviceAccounts:
-                          description: ServiceAccounts is an optional field that restricts
-                            the rule to only apply to traffic that originates from
-                            (or terminates at) a pod running as a matching service
-                            account.
-                          properties:
-                            names:
-                              description: Names is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account whose name is in the list.
-                              items:
-                                type: string
-                              type: array
-                            selector:
-                              description: Selector is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account that matches the given label selector. If
-                                both Names and Selector are specified then they are
-                                AND'ed.
-                              type: string
-                          type: object
-                        services:
-                          description: "Services is an optional field that contains
-                            options for matching Kubernetes Services. If specified,
-                            only traffic that originates from or terminates at endpoints
-                            within the selected service(s) will be matched, and only
-                            to/from each endpoint's port. \n Services cannot be specified
-                            on the same rule as Selector, NotSelector, NamespaceSelector,
-                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
-                            can only be specified with Services on ingress rules."
-                          properties:
-                            name:
-                              description: Name specifies the name of a Kubernetes
-                                Service to match.
-                              type: string
-                            namespace:
-                              description: Namespace specifies the namespace of the
-                                given Service. If left empty, the rule will match
-                                within this policy's namespace.
-                              type: string
-                          type: object
-                      type: object
-                    http:
-                      description: HTTP contains match criteria that apply to HTTP
-                        requests.
-                      properties:
-                        methods:
-                          description: Methods is an optional field that restricts
-                            the rule to apply only to HTTP requests that use one of
-                            the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
-                            methods are OR'd together.
-                          items:
-                            type: string
-                          type: array
-                        paths:
-                          description: 'Paths is an optional field that restricts
-                            the rule to apply to HTTP requests that use one of the
-                            listed HTTP Paths. Multiple paths are OR''d together.
-                            e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
-                            ONLY specify either a `exact` or a `prefix` match. The
-                            validator will check for it.'
-                          items:
-                            description: 'HTTPPath specifies an HTTP path to match.
-                              It may be either of the form: exact: <path>: which matches
-                              the path exactly or prefix: <path-prefix>: which matches
-                              the path prefix'
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                            type: object
-                          type: array
-                      type: object
-                    icmp:
-                      description: ICMP is an optional field that restricts the rule
-                        to apply to a specific type and code of ICMP traffic.  This
-                        should only be specified if the Protocol field is set to "ICMP"
-                        or "ICMPv6".
-                      properties:
-                        code:
-                          description: Match on a specific ICMP code.  If specified,
-                            the Type value must also be specified. This is a technical
-                            limitation imposed by the kernel's iptables firewall,
-                            which Calico uses to enforce the rule.
-                          type: integer
-                        type:
-                          description: Match on a specific ICMP type.  For example
-                            a value of 8 refers to ICMP Echo Request (i.e. pings).
-                          type: integer
-                      type: object
-                    ipVersion:
-                      description: IPVersion is an optional field that restricts the
-                        rule to only match a specific IP version.
-                      type: integer
-                    metadata:
-                      description: Metadata contains additional information for this
-                        rule
-                      properties:
-                        annotations:
-                          additionalProperties:
-                            type: string
-                          description: Annotations is a set of key value pairs that
-                            give extra information about the rule
-                          type: object
-                      type: object
-                    notICMP:
-                      description: NotICMP is the negated version of the ICMP field.
-                      properties:
-                        code:
-                          description: Match on a specific ICMP code.  If specified,
-                            the Type value must also be specified. This is a technical
-                            limitation imposed by the kernel's iptables firewall,
-                            which Calico uses to enforce the rule.
-                          type: integer
-                        type:
-                          description: Match on a specific ICMP type.  For example
-                            a value of 8 refers to ICMP Echo Request (i.e. pings).
-                          type: integer
-                      type: object
-                    notProtocol:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: NotProtocol is the negated version of the Protocol
-                        field.
-                      pattern: ^.*
-                      x-kubernetes-int-or-string: true
-                    protocol:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: "Protocol is an optional field that restricts the
-                        rule to only apply to traffic of a specific IP protocol. Required
-                        if any of the EntityRules contain Ports (because ports only
-                        apply to certain protocols). \n Must be one of these string
-                        values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
-                        \"UDPLite\" or an integer in the range 1-255."
-                      pattern: ^.*
-                      x-kubernetes-int-or-string: true
-                    source:
-                      description: Source contains the match criteria that apply to
-                        source entity.
-                      properties:
-                        namespaceSelector:
-                          description: "NamespaceSelector is an optional field that
-                            contains a selector expression. Only traffic that originates
-                            from (or terminates at) endpoints within the selected
-                            namespaces will be matched. When both NamespaceSelector
-                            and another selector are defined on the same rule, then
-                            only workload endpoints that are matched by both selectors
-                            will be selected by the rule. \n For NetworkPolicy, an
-                            empty NamespaceSelector implies that the Selector is limited
-                            to selecting only workload endpoints in the same namespace
-                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
-                            NamespaceSelector implies that the Selector is limited
-                            to selecting only GlobalNetworkSet or HostEndpoint. \n
-                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
-                            the Selector applies to workload endpoints across all
-                            namespaces."
-                          type: string
-                        nets:
-                          description: Nets is an optional field that restricts the
-                            rule to only apply to traffic that originates from (or
-                            terminates at) IP addresses in any of the given subnets.
-                          items:
-                            type: string
-                          type: array
-                        notNets:
-                          description: NotNets is the negated version of the Nets
-                            field.
-                          items:
-                            type: string
-                          type: array
-                        notPorts:
-                          description: NotPorts is the negated version of the Ports
-                            field. Since only some protocols have ports, if any ports
-                            are specified it requires the Protocol match in the Rule
-                            to be set to "TCP" or "UDP".
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        notSelector:
-                          description: NotSelector is the negated version of the Selector
-                            field.  See Selector field for subtleties with negated
-                            selectors.
-                          type: string
-                        ports:
-                          description: "Ports is an optional field that restricts
-                            the rule to only apply to traffic that has a source (destination)
-                            port that matches one of these ranges/values. This value
-                            is a list of integers or strings that represent ranges
-                            of ports. \n Since only some protocols have ports, if
-                            any ports are specified it requires the Protocol match
-                            in the Rule to be set to \"TCP\" or \"UDP\"."
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        selector:
-                          description: "Selector is an optional field that contains
-                            a selector expression (see Policy for sample syntax).
-                            \ Only traffic that originates from (terminates at) endpoints
-                            matching the selector will be matched. \n Note that: in
-                            addition to the negated version of the Selector (see NotSelector
-                            below), the selector expression syntax itself supports
-                            negation.  The two types of negation are subtly different.
-                            One negates the set of matched endpoints, the other negates
-                            the whole match: \n \tSelector = \"!has(my_label)\" matches
-                            packets that are from other Calico-controlled \tendpoints
-                            that do not have the label \"my_label\". \n \tNotSelector
-                            = \"has(my_label)\" matches packets that are not from
-                            Calico-controlled \tendpoints that do have the label \"my_label\".
-                            \n The effect is that the latter will accept packets from
-                            non-Calico sources whereas the former is limited to packets
-                            from Calico-controlled endpoints."
-                          type: string
-                        serviceAccounts:
-                          description: ServiceAccounts is an optional field that restricts
-                            the rule to only apply to traffic that originates from
-                            (or terminates at) a pod running as a matching service
-                            account.
-                          properties:
-                            names:
-                              description: Names is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account whose name is in the list.
-                              items:
-                                type: string
-                              type: array
-                            selector:
-                              description: Selector is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account that matches the given label selector. If
-                                both Names and Selector are specified then they are
-                                AND'ed.
-                              type: string
-                          type: object
-                        services:
-                          description: "Services is an optional field that contains
-                            options for matching Kubernetes Services. If specified,
-                            only traffic that originates from or terminates at endpoints
-                            within the selected service(s) will be matched, and only
-                            to/from each endpoint's port. \n Services cannot be specified
-                            on the same rule as Selector, NotSelector, NamespaceSelector,
-                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
-                            can only be specified with Services on ingress rules."
-                          properties:
-                            name:
-                              description: Name specifies the name of a Kubernetes
-                                Service to match.
-                              type: string
-                            namespace:
-                              description: Namespace specifies the namespace of the
-                                given Service. If left empty, the rule will match
-                                within this policy's namespace.
-                              type: string
-                          type: object
-                      type: object
-                  required:
-                  - action
-                  type: object
-                type: array
-              ingress:
-                description: The ordered set of ingress rules.  Each rule contains
-                  a set of packet match criteria and a corresponding action to apply.
-                items:
-                  description: "A Rule encapsulates a set of match criteria and an
-                    action.  Both selector-based security Policy and security Profiles
-                    reference rules - separated out as a list of rules for both ingress
-                    and egress packet matching. \n Each positive match criteria has
-                    a negated version, prefixed with \"Not\". All the match criteria
-                    within a rule must be satisfied for a packet to match. A single
-                    rule can contain the positive and negative version of a match
-                    and both must be satisfied for the rule to match."
-                  properties:
-                    action:
-                      type: string
-                    destination:
-                      description: Destination contains the match criteria that apply
-                        to destination entity.
-                      properties:
-                        namespaceSelector:
-                          description: "NamespaceSelector is an optional field that
-                            contains a selector expression. Only traffic that originates
-                            from (or terminates at) endpoints within the selected
-                            namespaces will be matched. When both NamespaceSelector
-                            and another selector are defined on the same rule, then
-                            only workload endpoints that are matched by both selectors
-                            will be selected by the rule. \n For NetworkPolicy, an
-                            empty NamespaceSelector implies that the Selector is limited
-                            to selecting only workload endpoints in the same namespace
-                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
-                            NamespaceSelector implies that the Selector is limited
-                            to selecting only GlobalNetworkSet or HostEndpoint. \n
-                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
-                            the Selector applies to workload endpoints across all
-                            namespaces."
-                          type: string
-                        nets:
-                          description: Nets is an optional field that restricts the
-                            rule to only apply to traffic that originates from (or
-                            terminates at) IP addresses in any of the given subnets.
-                          items:
-                            type: string
-                          type: array
-                        notNets:
-                          description: NotNets is the negated version of the Nets
-                            field.
-                          items:
-                            type: string
-                          type: array
-                        notPorts:
-                          description: NotPorts is the negated version of the Ports
-                            field. Since only some protocols have ports, if any ports
-                            are specified it requires the Protocol match in the Rule
-                            to be set to "TCP" or "UDP".
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        notSelector:
-                          description: NotSelector is the negated version of the Selector
-                            field.  See Selector field for subtleties with negated
-                            selectors.
-                          type: string
-                        ports:
-                          description: "Ports is an optional field that restricts
-                            the rule to only apply to traffic that has a source (destination)
-                            port that matches one of these ranges/values. This value
-                            is a list of integers or strings that represent ranges
-                            of ports. \n Since only some protocols have ports, if
-                            any ports are specified it requires the Protocol match
-                            in the Rule to be set to \"TCP\" or \"UDP\"."
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        selector:
-                          description: "Selector is an optional field that contains
-                            a selector expression (see Policy for sample syntax).
-                            \ Only traffic that originates from (terminates at) endpoints
-                            matching the selector will be matched. \n Note that: in
-                            addition to the negated version of the Selector (see NotSelector
-                            below), the selector expression syntax itself supports
-                            negation.  The two types of negation are subtly different.
-                            One negates the set of matched endpoints, the other negates
-                            the whole match: \n \tSelector = \"!has(my_label)\" matches
-                            packets that are from other Calico-controlled \tendpoints
-                            that do not have the label \"my_label\". \n \tNotSelector
-                            = \"has(my_label)\" matches packets that are not from
-                            Calico-controlled \tendpoints that do have the label \"my_label\".
-                            \n The effect is that the latter will accept packets from
-                            non-Calico sources whereas the former is limited to packets
-                            from Calico-controlled endpoints."
-                          type: string
-                        serviceAccounts:
-                          description: ServiceAccounts is an optional field that restricts
-                            the rule to only apply to traffic that originates from
-                            (or terminates at) a pod running as a matching service
-                            account.
-                          properties:
-                            names:
-                              description: Names is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account whose name is in the list.
-                              items:
-                                type: string
-                              type: array
-                            selector:
-                              description: Selector is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account that matches the given label selector. If
-                                both Names and Selector are specified then they are
-                                AND'ed.
-                              type: string
-                          type: object
-                        services:
-                          description: "Services is an optional field that contains
-                            options for matching Kubernetes Services. If specified,
-                            only traffic that originates from or terminates at endpoints
-                            within the selected service(s) will be matched, and only
-                            to/from each endpoint's port. \n Services cannot be specified
-                            on the same rule as Selector, NotSelector, NamespaceSelector,
-                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
-                            can only be specified with Services on ingress rules."
-                          properties:
-                            name:
-                              description: Name specifies the name of a Kubernetes
-                                Service to match.
-                              type: string
-                            namespace:
-                              description: Namespace specifies the namespace of the
-                                given Service. If left empty, the rule will match
-                                within this policy's namespace.
-                              type: string
-                          type: object
-                      type: object
-                    http:
-                      description: HTTP contains match criteria that apply to HTTP
-                        requests.
-                      properties:
-                        methods:
-                          description: Methods is an optional field that restricts
-                            the rule to apply only to HTTP requests that use one of
-                            the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
-                            methods are OR'd together.
-                          items:
-                            type: string
-                          type: array
-                        paths:
-                          description: 'Paths is an optional field that restricts
-                            the rule to apply to HTTP requests that use one of the
-                            listed HTTP Paths. Multiple paths are OR''d together.
-                            e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
-                            ONLY specify either a `exact` or a `prefix` match. The
-                            validator will check for it.'
-                          items:
-                            description: 'HTTPPath specifies an HTTP path to match.
-                              It may be either of the form: exact: <path>: which matches
-                              the path exactly or prefix: <path-prefix>: which matches
-                              the path prefix'
-                            properties:
-                              exact:
-                                type: string
-                              prefix:
-                                type: string
-                            type: object
-                          type: array
-                      type: object
-                    icmp:
-                      description: ICMP is an optional field that restricts the rule
-                        to apply to a specific type and code of ICMP traffic.  This
-                        should only be specified if the Protocol field is set to "ICMP"
-                        or "ICMPv6".
-                      properties:
-                        code:
-                          description: Match on a specific ICMP code.  If specified,
-                            the Type value must also be specified. This is a technical
-                            limitation imposed by the kernel's iptables firewall,
-                            which Calico uses to enforce the rule.
-                          type: integer
-                        type:
-                          description: Match on a specific ICMP type.  For example
-                            a value of 8 refers to ICMP Echo Request (i.e. pings).
-                          type: integer
-                      type: object
-                    ipVersion:
-                      description: IPVersion is an optional field that restricts the
-                        rule to only match a specific IP version.
-                      type: integer
-                    metadata:
-                      description: Metadata contains additional information for this
-                        rule
-                      properties:
-                        annotations:
-                          additionalProperties:
-                            type: string
-                          description: Annotations is a set of key value pairs that
-                            give extra information about the rule
-                          type: object
-                      type: object
-                    notICMP:
-                      description: NotICMP is the negated version of the ICMP field.
-                      properties:
-                        code:
-                          description: Match on a specific ICMP code.  If specified,
-                            the Type value must also be specified. This is a technical
-                            limitation imposed by the kernel's iptables firewall,
-                            which Calico uses to enforce the rule.
-                          type: integer
-                        type:
-                          description: Match on a specific ICMP type.  For example
-                            a value of 8 refers to ICMP Echo Request (i.e. pings).
-                          type: integer
-                      type: object
-                    notProtocol:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: NotProtocol is the negated version of the Protocol
-                        field.
-                      pattern: ^.*
-                      x-kubernetes-int-or-string: true
-                    protocol:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: "Protocol is an optional field that restricts the
-                        rule to only apply to traffic of a specific IP protocol. Required
-                        if any of the EntityRules contain Ports (because ports only
-                        apply to certain protocols). \n Must be one of these string
-                        values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
-                        \"UDPLite\" or an integer in the range 1-255."
-                      pattern: ^.*
-                      x-kubernetes-int-or-string: true
-                    source:
-                      description: Source contains the match criteria that apply to
-                        source entity.
-                      properties:
-                        namespaceSelector:
-                          description: "NamespaceSelector is an optional field that
-                            contains a selector expression. Only traffic that originates
-                            from (or terminates at) endpoints within the selected
-                            namespaces will be matched. When both NamespaceSelector
-                            and another selector are defined on the same rule, then
-                            only workload endpoints that are matched by both selectors
-                            will be selected by the rule. \n For NetworkPolicy, an
-                            empty NamespaceSelector implies that the Selector is limited
-                            to selecting only workload endpoints in the same namespace
-                            as the NetworkPolicy. \n For NetworkPolicy, `global()`
-                            NamespaceSelector implies that the Selector is limited
-                            to selecting only GlobalNetworkSet or HostEndpoint. \n
-                            For GlobalNetworkPolicy, an empty NamespaceSelector implies
-                            the Selector applies to workload endpoints across all
-                            namespaces."
-                          type: string
-                        nets:
-                          description: Nets is an optional field that restricts the
-                            rule to only apply to traffic that originates from (or
-                            terminates at) IP addresses in any of the given subnets.
-                          items:
-                            type: string
-                          type: array
-                        notNets:
-                          description: NotNets is the negated version of the Nets
-                            field.
-                          items:
-                            type: string
-                          type: array
-                        notPorts:
-                          description: NotPorts is the negated version of the Ports
-                            field. Since only some protocols have ports, if any ports
-                            are specified it requires the Protocol match in the Rule
-                            to be set to "TCP" or "UDP".
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        notSelector:
-                          description: NotSelector is the negated version of the Selector
-                            field.  See Selector field for subtleties with negated
-                            selectors.
-                          type: string
-                        ports:
-                          description: "Ports is an optional field that restricts
-                            the rule to only apply to traffic that has a source (destination)
-                            port that matches one of these ranges/values. This value
-                            is a list of integers or strings that represent ranges
-                            of ports. \n Since only some protocols have ports, if
-                            any ports are specified it requires the Protocol match
-                            in the Rule to be set to \"TCP\" or \"UDP\"."
-                          items:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            pattern: ^.*
-                            x-kubernetes-int-or-string: true
-                          type: array
-                        selector:
-                          description: "Selector is an optional field that contains
-                            a selector expression (see Policy for sample syntax).
-                            \ Only traffic that originates from (terminates at) endpoints
-                            matching the selector will be matched. \n Note that: in
-                            addition to the negated version of the Selector (see NotSelector
-                            below), the selector expression syntax itself supports
-                            negation.  The two types of negation are subtly different.
-                            One negates the set of matched endpoints, the other negates
-                            the whole match: \n \tSelector = \"!has(my_label)\" matches
-                            packets that are from other Calico-controlled \tendpoints
-                            that do not have the label \"my_label\". \n \tNotSelector
-                            = \"has(my_label)\" matches packets that are not from
-                            Calico-controlled \tendpoints that do have the label \"my_label\".
-                            \n The effect is that the latter will accept packets from
-                            non-Calico sources whereas the former is limited to packets
-                            from Calico-controlled endpoints."
-                          type: string
-                        serviceAccounts:
-                          description: ServiceAccounts is an optional field that restricts
-                            the rule to only apply to traffic that originates from
-                            (or terminates at) a pod running as a matching service
-                            account.
-                          properties:
-                            names:
-                              description: Names is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account whose name is in the list.
-                              items:
-                                type: string
-                              type: array
-                            selector:
-                              description: Selector is an optional field that restricts
-                                the rule to only apply to traffic that originates
-                                from (or terminates at) a pod running as a service
-                                account that matches the given label selector. If
-                                both Names and Selector are specified then they are
-                                AND'ed.
-                              type: string
-                          type: object
-                        services:
-                          description: "Services is an optional field that contains
-                            options for matching Kubernetes Services. If specified,
-                            only traffic that originates from or terminates at endpoints
-                            within the selected service(s) will be matched, and only
-                            to/from each endpoint's port. \n Services cannot be specified
-                            on the same rule as Selector, NotSelector, NamespaceSelector,
-                            Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
-                            can only be specified with Services on ingress rules."
-                          properties:
-                            name:
-                              description: Name specifies the name of a Kubernetes
-                                Service to match.
-                              type: string
-                            namespace:
-                              description: Namespace specifies the namespace of the
-                                given Service. If left empty, the rule will match
-                                within this policy's namespace.
-                              type: string
-                          type: object
-                      type: object
-                  required:
-                  - action
-                  type: object
-                type: array
-              order:
-                description: Order is an optional field that specifies the order in
-                  which the policy is applied. Policies with higher "order" are applied
-                  after those with lower order.  If the order is omitted, it may be
-                  considered to be "infinite" - i.e. the policy will be applied last.  Policies
-                  with identical order will be applied in alphanumerical order based
-                  on the Policy "Name".
-                type: number
-              performanceHints:
-                description: "PerformanceHints contains a list of hints to Calico's
-                  policy engine to help process the policy more efficiently.  Hints
-                  never change the enforcement behaviour of the policy. \n Currently,
-                  the only available hint is \"AssumeNeededOnEveryNode\".  When that
-                  hint is set on a policy, Felix will act as if the policy matches
-                  a local endpoint even if it does not. This is useful for \"preloading\"
-                  any large static policies that are known to be used on every node.
-                  If the policy is _not_ used on a particular node then the work done
-                  to preload the policy (and to maintain it) is wasted."
-                items:
-                  type: string
-                type: array
-              selector:
-                description: "The selector is an expression used to pick out the endpoints
-                  that the policy should be applied to. \n Selector expressions follow
-                  this syntax: \n \tlabel == \"string_literal\"  ->  comparison, e.g.
-                  my_label == \"foo bar\" \tlabel != \"string_literal\"   ->  not
-                  equal; also matches if label is not present \tlabel in { \"a\",
-                  \"b\", \"c\", ... }  ->  true if the value of label X is one of
-                  \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... }
-                  \ ->  true if the value of label X is not one of \"a\", \"b\", \"c\"
-                  \thas(label_name)  -> True if that label is present \t! expr ->
-                  negation of expr \texpr && expr  -> Short-circuit and \texpr ||
-                  expr  -> Short-circuit or \t( expr ) -> parens for grouping \tall()
-                  or the empty selector -> matches all endpoints. \n Label names are
-                  allowed to contain alphanumerics, -, _ and /. String literals are
-                  more permissive but they do not support escape characters. \n Examples
-                  (with made-up labels): \n \ttype == \"webserver\" && deployment
-                  == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment !=
-                  \"dev\" \t! has(label_name)"
-                type: string
-              serviceAccountSelector:
-                description: ServiceAccountSelector is an optional field for an expression
-                  used to select a pod based on service accounts.
-                type: string
-              types:
-                description: "Types indicates whether this policy applies to ingress,
-                  or to egress, or to both.  When not explicitly specified (and so
-                  the value on creation is empty or nil), Calico defaults Types according
-                  to what Ingress and Egress are present in the policy.  The default
-                  is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including
-                  the case where there are   also no Ingress rules) \n - [ PolicyTypeEgress
-                  ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress,
-                  PolicyTypeEgress ], if there are both Ingress and Egress rules.
-                  \n When the policy is read back again, Types will always be one
-                  of these values, never empty or nil."
-                items:
-                  description: PolicyType enumerates the possible values of the PolicySpec
-                    Types field.
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: networksets.crd.projectcalico.org
-spec:
-  group: crd.projectcalico.org
-  names:
-    kind: NetworkSet
-    listKind: NetworkSetList
-    plural: networksets
-    singular: networkset
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: NetworkSetSpec contains the specification for a NetworkSet
-              resource.
-            properties:
-              nets:
-                description: The list of IP networks that belong to this set.
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-# Source: calico/templates/calico-kube-controllers-rbac.yaml
-# Include a clusterrole for the kube-controllers component,
-# and bind it to the calico-kube-controllers serviceaccount.
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: calico-kube-controllers
-rules:
-  # Nodes are watched to monitor for deletions.
-  - apiGroups: [""]
-    resources:
-      - nodes
-    verbs:
-      - watch
-      - list
-      - get
-  # Pods are watched to check for existence as part of IPAM controller.
-  - apiGroups: [""]
-    resources:
-      - pods
-    verbs:
-      - get
-      - list
-      - watch
-  # IPAM resources are manipulated in response to node and block updates, as well as periodic triggers.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - ipreservations
-    verbs:
-      - list
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - blockaffinities
-      - ipamblocks
-      - ipamhandles
-    verbs:
-      - get
-      - list
-      - create
-      - update
-      - delete
-      - watch
-  # Pools are watched to maintain a mapping of blocks to IP pools.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - ippools
-    verbs:
-      - list
-      - watch
-  # kube-controllers manages hostendpoints.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - hostendpoints
-    verbs:
-      - get
-      - list
-      - create
-      - update
-      - delete
-  # Needs access to update clusterinformations.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - clusterinformations
-    verbs:
-      - get
-      - list
-      - create
-      - update
-      - watch
-  # KubeControllersConfiguration is where it gets its config
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - kubecontrollersconfigurations
-    verbs:
-      # read its own config
-      - get
-      - list
-      # create a default if none exists
-      - create
-      # update status
-      - update
-      # watch for changes
-      - watch
----
-# Source: calico/templates/calico-node-rbac.yaml
-# Include a clusterrole for the calico-node DaemonSet,
-# and bind it to the calico-node serviceaccount.
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: calico-node
-rules:
-  # Used for creating service account tokens to be used by the CNI plugin
-  - apiGroups: [""]
-    resources:
-      - serviceaccounts/token
-    resourceNames:
-      - calico-cni-plugin
-    verbs:
-      - create
-  # The CNI plugin needs to get pods, nodes, and namespaces.
-  - apiGroups: [""]
-    resources:
-      - pods
-      - nodes
-      - namespaces
-    verbs:
-      - get
-  # EndpointSlices are used for Service-based network policy rule
-  # enforcement.
-  - apiGroups: ["discovery.k8s.io"]
-    resources:
-      - endpointslices
-    verbs:
-      - watch
-      - list
-  - apiGroups: [""]
-    resources:
-      - endpoints
-      - services
-    verbs:
-      # Used to discover service IPs for advertisement.
-      - watch
-      - list
-      # Used to discover Typhas.
-      - get
-  # Pod CIDR auto-detection on kubeadm needs access to config maps.
-  - apiGroups: [""]
-    resources:
-      - configmaps
-    verbs:
-      - get
-  - apiGroups: [""]
-    resources:
-      - nodes/status
-    verbs:
-      # Needed for clearing NodeNetworkUnavailable flag.
-      - patch
-      # Calico stores some configuration information in node annotations.
-      - update
-  # Watch for changes to Kubernetes NetworkPolicies.
-  - apiGroups: ["networking.k8s.io"]
-    resources:
-      - networkpolicies
-    verbs:
-      - watch
-      - list
-  # Used by Calico for policy information.
-  - apiGroups: [""]
-    resources:
-      - pods
-      - namespaces
-      - serviceaccounts
-    verbs:
-      - list
-      - watch
-  # The CNI plugin patches pods/status.
-  - apiGroups: [""]
-    resources:
-      - pods/status
-    verbs:
-      - patch
-  # Calico monitors various CRDs for config.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - globalfelixconfigs
-      - felixconfigurations
-      - bgppeers
-      - bgpfilters
-      - globalbgpconfigs
-      - bgpconfigurations
-      - ippools
-      - ipreservations
-      - ipamblocks
-      - globalnetworkpolicies
-      - globalnetworksets
-      - networkpolicies
-      - networksets
-      - clusterinformations
-      - hostendpoints
-      - blockaffinities
-      - caliconodestatuses
-    verbs:
-      - get
-      - list
-      - watch
-  # Calico must create and update some CRDs on startup.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - ippools
-      - felixconfigurations
-      - clusterinformations
-    verbs:
-      - create
-      - update
-  # Calico must update some CRDs.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - caliconodestatuses
-    verbs:
-      - update
-  # Calico stores some configuration information on the node.
-  - apiGroups: [""]
-    resources:
-      - nodes
-    verbs:
-      - get
-      - list
-      - watch
-  # These permissions are only required for upgrade from v2.6, and can
-  # be removed after upgrade or on fresh installations.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - bgpconfigurations
-      - bgppeers
-    verbs:
-      - create
-      - update
-  # These permissions are required for Calico CNI to perform IPAM allocations.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - blockaffinities
-      - ipamblocks
-      - ipamhandles
-    verbs:
-      - get
-      - list
-      - create
-      - update
-      - delete
-  # The CNI plugin and calico/node need to be able to create a default
-  # IPAMConfiguration
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - ipamconfigs
-    verbs:
-      - get
-      - create
-  # Block affinities must also be watchable by confd for route aggregation.
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - blockaffinities
-    verbs:
-      - watch
-  # The Calico IPAM migration needs to get daemonsets. These permissions can be
-  # removed if not upgrading from an installation using host-local IPAM.
-  - apiGroups: ["apps"]
-    resources:
-      - daemonsets
-    verbs:
-      - get
----
-# Source: calico/templates/calico-node-rbac.yaml
-# CNI cluster role
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: calico-cni-plugin
-rules:
-  - apiGroups: [""]
-    resources:
-      - pods
-      - nodes
-      - namespaces
-    verbs:
-      - get
-  - apiGroups: [""]
-    resources:
-      - pods/status
-    verbs:
-      - patch
-  - apiGroups: ["crd.projectcalico.org"]
-    resources:
-      - blockaffinities
-      - ipamblocks
-      - ipamhandles
-      - clusterinformations
-      - ippools
-      - ipreservations
-      - ipamconfigs
-    verbs:
-      - get
-      - list
-      - create
-      - update
-      - delete
----
-# Source: calico/templates/calico-kube-controllers-rbac.yaml
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: calico-kube-controllers
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: calico-kube-controllers
-subjects:
-- kind: ServiceAccount
-  name: calico-kube-controllers
-  namespace: kube-system
----
-# Source: calico/templates/calico-node-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: calico-node
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: calico-node
-subjects:
-- kind: ServiceAccount
-  name: calico-node
-  namespace: kube-system
----
-# Source: calico/templates/calico-node-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: calico-cni-plugin
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: calico-cni-plugin
-subjects:
-- kind: ServiceAccount
-  name: calico-cni-plugin
-  namespace: kube-system
----
-# Source: calico/templates/calico-node.yaml
-# This manifest installs the calico-node container, as well
-# as the CNI plugins and network config on
-# each master and worker node in a Kubernetes cluster.
-kind: DaemonSet
-apiVersion: apps/v1
-metadata:
-  name: calico-node
-  namespace: kube-system
-  labels:
-    k8s-app: calico-node
-spec:
-  selector:
-    matchLabels:
-      k8s-app: calico-node
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 1
-  template:
-    metadata:
-      labels:
-        k8s-app: calico-node
-    spec:
-      nodeSelector:
-        kubernetes.io/os: linux
-      hostNetwork: true
-      tolerations:
-        # Make sure calico-node gets scheduled on all nodes.
-        - effect: NoSchedule
-          operator: Exists
-        # Mark the pod as a critical add-on for rescheduling.
-        - key: CriticalAddonsOnly
-          operator: Exists
-        - effect: NoExecute
-          operator: Exists
-      serviceAccountName: calico-node
-      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
-      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
-      terminationGracePeriodSeconds: 0
-      priorityClassName: system-node-critical
-      initContainers:
-        # This container performs upgrade from host-local IPAM to calico-ipam.
-        # It can be deleted if this is a fresh installation, or if you have already
-        # upgraded to use calico-ipam.
-        - name: upgrade-ipam
-          image: docker.io/calico/cni:v3.28.3
-          imagePullPolicy: IfNotPresent
-          command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
-          envFrom:
-          - configMapRef:
-              # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
-              name: kubernetes-services-endpoint
-              optional: true
-          env:
-            - name: KUBERNETES_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: CALICO_NETWORKING_BACKEND
-              valueFrom:
-                configMapKeyRef:
-                  name: calico-config
-                  key: calico_backend
-          volumeMounts:
-            - mountPath: /var/lib/cni/networks
-              name: host-local-net-dir
-            - mountPath: /host/opt/cni/bin
-              name: cni-bin-dir
-          securityContext:
-            privileged: true
-        # This container installs the CNI binaries
-        # and CNI network config file on each node.
-        - name: install-cni
-          image: docker.io/calico/cni:v3.28.3
-          imagePullPolicy: IfNotPresent
-          command: ["/opt/cni/bin/install"]
-          envFrom:
-          - configMapRef:
-              # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
-              name: kubernetes-services-endpoint
-              optional: true
-          env:
-            # Name of the CNI config file to create.
-            - name: CNI_CONF_NAME
-              value: "10-calico.conflist"
-            # The CNI network config to install on each node.
-            - name: CNI_NETWORK_CONFIG
-              valueFrom:
-                configMapKeyRef:
-                  name: calico-config
-                  key: cni_network_config
-            # Set the hostname based on the k8s node name.
-            - name: KUBERNETES_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            # CNI MTU Config variable
-            - name: CNI_MTU
-              valueFrom:
-                configMapKeyRef:
-                  name: calico-config
-                  key: veth_mtu
-            # Prevents the container from sleeping forever.
-            - name: SLEEP
-              value: "false"
-          volumeMounts:
-            - mountPath: /host/opt/cni/bin
-              name: cni-bin-dir
-            - mountPath: /host/etc/cni/net.d
-              name: cni-net-dir
-          securityContext:
-            privileged: true
-        # This init container mounts the necessary filesystems needed by the BPF data plane
-        # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
-        # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
-        - name: "mount-bpffs"
-          image: docker.io/calico/node:v3.28.3
-          imagePullPolicy: IfNotPresent
-          command: ["calico-node", "-init", "-best-effort"]
-          volumeMounts:
-            - mountPath: /sys/fs
-              name: sys-fs
-              # Bidirectional is required to ensure that the new mount we make at /sys/fs/bpf propagates to the host
-              # so that it outlives the init container.
-              mountPropagation: Bidirectional
-            - mountPath: /var/run/calico
-              name: var-run-calico
-              # Bidirectional is required to ensure that the new mount we make at /run/calico/cgroup propagates to the host
-              # so that it outlives the init container.
-              mountPropagation: Bidirectional
-            # Mount /proc/ from host which usually is an init program at /nodeproc. It's needed by mountns binary,
-            # executed by calico-node, to mount root cgroup2 fs at /run/calico/cgroup to attach CTLB programs correctly.
-            - mountPath: /nodeproc
-              name: nodeproc
-              readOnly: true
-          securityContext:
-            privileged: true
-      containers:
-        # Runs calico-node container on each Kubernetes node. This
-        # container programs network policy and routes on each
-        # host.
-        - name: calico-node
-          image: docker.io/calico/node:v3.28.3
-          imagePullPolicy: IfNotPresent
-          envFrom:
-          - configMapRef:
-              # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
-              name: kubernetes-services-endpoint
-              optional: true
-          env:
-            # Use Kubernetes API as the backing datastore.
-            - name: DATASTORE_TYPE
-              value: "kubernetes"
-            # Wait for the datastore.
-            - name: WAIT_FOR_DATASTORE
-              value: "true"
-            # Set based on the k8s node name.
-            - name: NODENAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            # Choose the backend to use.
-            - name: CALICO_NETWORKING_BACKEND
-              valueFrom:
-                configMapKeyRef:
-                  name: calico-config
-                  key: calico_backend
-            # Cluster type to identify the deployment type
-            - name: CLUSTER_TYPE
-              value: "k8s,bgp"
-            # Auto-detect the BGP IP address.
-            - name: IP
-              value: "autodetect"
-            # Enable IPIP
-            - name: CALICO_IPV4POOL_IPIP
-              value: "Always"
-            # Enable or Disable VXLAN on the default IP pool.
-            - name: CALICO_IPV4POOL_VXLAN
-              value: "Never"
-            # Enable or Disable VXLAN on the default IPv6 IP pool.
-            - name: CALICO_IPV6POOL_VXLAN
-              value: "Never"
-            # Set MTU for tunnel device used if ipip is enabled
-            - name: FELIX_IPINIPMTU
-              valueFrom:
-                configMapKeyRef:
-                  name: calico-config
-                  key: veth_mtu
-            # Set MTU for the VXLAN tunnel device.
-            - name: FELIX_VXLANMTU
-              valueFrom:
-                configMapKeyRef:
-                  name: calico-config
-                  key: veth_mtu
-            # Set MTU for the Wireguard tunnel device.
-            - name: FELIX_WIREGUARDMTU
-              valueFrom:
-                configMapKeyRef:
-                  name: calico-config
-                  key: veth_mtu
-            # The default IPv4 pool to create on startup if none exists. Pod IPs will be
-            # chosen from this range. Changing this value after installation will have
-            # no effect. This should fall within `--cluster-cidr`.
-            # - name: CALICO_IPV4POOL_CIDR
-            #   value: "192.168.0.0/16"
-            # Disable file logging so `kubectl logs` works.
-            - name: CALICO_DISABLE_FILE_LOGGING
-              value: "true"
-            # Set Felix endpoint to host default action to ACCEPT.
-            - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
-              value: "ACCEPT"
-            # Disable IPv6 on Kubernetes.
-            - name: FELIX_IPV6SUPPORT
-              value: "false"
-            - name: FELIX_HEALTHENABLED
-              value: "true"
-          securityContext:
-            privileged: true
-          resources:
-            requests:
-              cpu: 250m
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                - /bin/calico-node
-                - -shutdown
-          livenessProbe:
-            exec:
-              command:
-              - /bin/calico-node
-              - -felix-live
-              - -bird-live
-            periodSeconds: 10
-            initialDelaySeconds: 10
-            failureThreshold: 6
-            timeoutSeconds: 10
-          readinessProbe:
-            exec:
-              command:
-              - /bin/calico-node
-              - -felix-ready
-              - -bird-ready
-            periodSeconds: 10
-            timeoutSeconds: 10
-          volumeMounts:
-            # For maintaining CNI plugin API credentials.
-            - mountPath: /host/etc/cni/net.d
-              name: cni-net-dir
-              readOnly: false
-            - mountPath: /lib/modules
-              name: lib-modules
-              readOnly: true
-            - mountPath: /run/xtables.lock
-              name: xtables-lock
-              readOnly: false
-            - mountPath: /var/run/calico
-              name: var-run-calico
-              readOnly: false
-            - mountPath: /var/lib/calico
-              name: var-lib-calico
-              readOnly: false
-            - name: policysync
-              mountPath: /var/run/nodeagent
-            # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the
-            # parent directory.
-            - name: bpffs
-              mountPath: /sys/fs/bpf
-            - name: cni-log-dir
-              mountPath: /var/log/calico/cni
-              readOnly: true
-      volumes:
-        # Used by calico-node.
-        - name: lib-modules
-          hostPath:
-            path: /lib/modules
-        - name: var-run-calico
-          hostPath:
-            path: /var/run/calico
-            type: DirectoryOrCreate
-        - name: var-lib-calico
-          hostPath:
-            path: /var/lib/calico
-            type: DirectoryOrCreate
-        - name: xtables-lock
-          hostPath:
-            path: /run/xtables.lock
-            type: FileOrCreate
-        - name: sys-fs
-          hostPath:
-            path: /sys/fs/
-            type: DirectoryOrCreate
-        - name: bpffs
-          hostPath:
-            path: /sys/fs/bpf
-            type: Directory
-        # mount /proc at /nodeproc to be used by mount-bpffs initContainer to mount root cgroup2 fs.
-        - name: nodeproc
-          hostPath:
-            path: /proc
-        # Used to install CNI.
-        - name: cni-bin-dir
-          hostPath:
-            path: /opt/cni/bin
-            type: DirectoryOrCreate
-        - name: cni-net-dir
-          hostPath:
-            path: /etc/cni/net.d
-        # Used to access CNI logs.
-        - name: cni-log-dir
-          hostPath:
-            path: /var/log/calico/cni
-        # Mount in the directory for host-local IPAM allocations. This is
-        # used when upgrading from host-local to calico-ipam, and can be removed
-        # if not using the upgrade-ipam init container.
-        - name: host-local-net-dir
-          hostPath:
-            path: /var/lib/cni/networks
-        # Used to create per-pod Unix Domain Sockets
-        - name: policysync
-          hostPath:
-            type: DirectoryOrCreate
-            path: /var/run/nodeagent
----
-# Source: calico/templates/calico-kube-controllers.yaml
-# See https://github.com/projectcalico/kube-controllers
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: calico-kube-controllers
-  namespace: kube-system
-  labels:
-    k8s-app: calico-kube-controllers
-spec:
-  # The controllers can only have a single active instance.
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: calico-kube-controllers
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      name: calico-kube-controllers
-      namespace: kube-system
-      labels:
-        k8s-app: calico-kube-controllers
-    spec:
-      nodeSelector:
-        kubernetes.io/os: linux
-      tolerations:
-        # Mark the pod as a critical add-on for rescheduling.
-        - key: CriticalAddonsOnly
-          operator: Exists
-        - key: node-role.kubernetes.io/master
-          effect: NoSchedule
-        - key: node-role.kubernetes.io/control-plane
-          effect: NoSchedule
-      serviceAccountName: calico-kube-controllers
-      priorityClassName: system-cluster-critical
-      containers:
-        - name: calico-kube-controllers
-          image: docker.io/calico/kube-controllers:v3.28.3
-          imagePullPolicy: IfNotPresent
-          env:
-            # Choose which controllers to run.
-            - name: ENABLED_CONTROLLERS
-              value: node
-            - name: DATASTORE_TYPE
-              value: kubernetes
-          livenessProbe:
-            exec:
-              command:
-              - /usr/bin/check-status
-              - -l
-            periodSeconds: 10
-            initialDelaySeconds: 10
-            failureThreshold: 6
-            timeoutSeconds: 10
-          readinessProbe:
-            exec:
-              command:
-              - /usr/bin/check-status
-              - -r
-            periodSeconds: 10
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-role-bindings.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-role-bindings.yaml
deleted file mode 100644
index 19f3f95..0000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-role-bindings.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: v1
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: ClusterRoleBinding
-  metadata:
-    name: system:cloud-node-controller
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: ClusterRole
-    name: system:cloud-node-controller
-  subjects:
-  - kind: ServiceAccount
-    name: cloud-node-controller
-    namespace: kube-system
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: ClusterRoleBinding
-  metadata:
-    name: system:cloud-controller-manager
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: ClusterRole
-    name: system:cloud-controller-manager
-  subjects:
-  - kind: ServiceAccount
-    name: cloud-controller-manager
-    namespace: kube-system
-kind: List
-metadata: {}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-roles.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-roles.yaml
deleted file mode 100644
index 93a47b7..0000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-roles.yaml
+++ /dev/null
@@ -1,122 +0,0 @@
-apiVersion: v1
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: ClusterRole
-  metadata:
-    name: system:cloud-controller-manager
-  rules:
-  - apiGroups:
-    - coordination.k8s.io
-    resources:
-    - leases
-    verbs:
-    - get
-    - create
-    - update
-  - apiGroups:
-    - ""
-    resources:
-    - events
-    verbs:
-    - create
-    - patch
-    - update
-  - apiGroups:
-    - ""
-    resources:
-    - nodes
-    verbs:
-    - '*'
-  - apiGroups:
-    - ""
-    resources:
-    - nodes/status
-    verbs:
-    - patch
-  - apiGroups:
-    - ""
-    resources:
-    - services
-    verbs:
-    - list
-    - patch
-    - update
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - services/status
-    verbs:
-    - patch
-  - apiGroups:
-    - ""
-    resources:
-    - serviceaccounts
-    verbs:
-    - create
-    - get
-  - apiGroups:
-    - ""
-    resources:
-    - serviceaccounts/token
-    verbs:
-    - create
-  - apiGroups:
-    - ""
-    resources:
-    - persistentvolumes
-    verbs:
-    - '*'
-  - apiGroups:
-    - ""
-    resources:
-    - endpoints
-    verbs:
-    - create
-    - get
-    - list
-    - watch
-    - update
-  - apiGroups:
-    - ""
-    resources:
-    - configmaps
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - secrets
-    verbs:
-    - list
-    - get
-    - watch
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: ClusterRole
-  metadata:
-    name: system:cloud-node-controller
-  rules:
-  - apiGroups:
-    - ""
-    resources:
-    - nodes
-    verbs:
-    - '*'
-  - apiGroups:
-    - ""
-    resources:
-    - nodes/status
-    verbs:
-    - patch
-  - apiGroups:
-    - ""
-    resources:
-    - events
-    verbs:
-    - create
-    - patch
-    - update
-kind: List
-metadata: {}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/openstack-cloud-controller-manager-ds.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/openstack-cloud-controller-manager-ds.yaml
deleted file mode 100644
index 6f54c7e..0000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/openstack-cloud-controller-manager-ds.yaml
+++ /dev/null
@@ -1,81 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cloud-controller-manager
-  namespace: kube-system
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: openstack-cloud-controller-manager
-  namespace: kube-system
-  labels:
-    k8s-app: openstack-cloud-controller-manager
-spec:
-  selector:
-    matchLabels:
-      k8s-app: openstack-cloud-controller-manager
-  updateStrategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        k8s-app: openstack-cloud-controller-manager
-    spec:
-      nodeSelector:
-        node-role.kubernetes.io/control-plane: ""
-      securityContext:
-        runAsUser: 1001
-      tolerations:
-      - key: node.cloudprovider.kubernetes.io/uninitialized
-        value: "true"
-        effect: NoSchedule
-      - key: node-role.kubernetes.io/master
-        effect: NoSchedule
-      - key: node-role.kubernetes.io/control-plane
-        effect: NoSchedule
-      serviceAccountName: cloud-controller-manager
-      containers:
-        - name: openstack-cloud-controller-manager
-          image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.31.2
-          args:
-            - /bin/openstack-cloud-controller-manager
-            - --v=1
-            - --cluster-name=$(CLUSTER_NAME)
-            - --cloud-config=$(CLOUD_CONFIG)
-            - --cloud-provider=openstack
-            - --use-service-account-credentials=false
-            - --bind-address=127.0.0.1
-          volumeMounts:
-            - mountPath: /etc/kubernetes/pki
-              name: k8s-certs
-              readOnly: true
-            - mountPath: /etc/ssl/certs
-              name: ca-certs
-              readOnly: true
-            - mountPath: /etc/config
-              name: cloud-config-volume
-              readOnly: true
-          resources:
-            requests:
-              cpu: 200m
-          env:
-            - name: CLOUD_CONFIG
-              value: /etc/config/cloud.conf
-            - name: CLUSTER_NAME
-              value: kubernetes
-      dnsPolicy: ClusterFirst
-      hostNetwork: true
-      volumes:
-      - hostPath:
-          path: /etc/kubernetes/pki
-          type: DirectoryOrCreate
-        name: k8s-certs
-      - hostPath:
-          path: /etc/ssl/certs
-          type: DirectoryOrCreate
-        name: ca-certs
-      - name: cloud-config-volume
-        secret:
-          secretName: cloud-config
diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/core-controller/core.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/core-controller/core.yaml
deleted file mode 100644
index 49ea596..0000000
--- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/core-controller/core.yaml
+++ /dev/null
@@ -1,14850 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-    control-plane: controller-manager
-  name: capi-system
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-selfsigned-issuer
-  namespace: capi-system
-spec:
-  selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-serving-cert
-  namespace: capi-system
-spec:
-  dnsNames:
-  - capi-webhook-service.capi-system.svc
-  - capi-webhook-service.capi-system.svc.cluster.local
-  issuerRef:
-    kind: Issuer
-    name: capi-selfsigned-issuer
-  secretName: capi-webhook-service-cert
-  subject:
-    organizations:
-    - k8s-sig-cluster-lifecycle
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: clusterclasses.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: ClusterClass
-    listKind: ClusterClassList
-    plural: clusterclasses
-    shortNames:
-    - cc
-    singular: clusterclass
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Time duration since creation of ClusterClass
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          ClusterClass is a template which can be used to create managed topologies.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterClassSpec describes the desired state of the ClusterClass.
-            properties:
-              controlPlane:
-                description: |-
-                  controlPlane is a reference to a local struct that holds the details
-                  for provisioning the Control Plane for the Cluster.
-                properties:
-                  machineInfrastructure:
-                    description: |-
-                      MachineTemplate defines the metadata and infrastructure information
-                      for control plane machines.
-
-                      This field is supported if and only if the control plane provider template
-                      referenced above is Machine based and supports setting replicas.
-                    properties:
-                      ref:
-                        description: |-
-                          ref is a required reference to a custom resource
-                          offered by a provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                    required:
-                    - ref
-                    type: object
-                  metadata:
-                    description: |-
-                      metadata is the metadata applied to the machines of the ControlPlane.
-                      At runtime this metadata is merged with the corresponding metadata from the topology.
-
-                      This field is supported if and only if the control plane provider template
-                      referenced is Machine based.
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  ref:
-                    description: |-
-                      ref is a required reference to a custom resource
-                      offered by a provider.
-                    properties:
-                      apiVersion:
-                        description: API version of the referent.
-                        type: string
-                      fieldPath:
-                        description: |-
-                          If referring to a piece of an object instead of an entire object, this string
-                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                          For example, if the object reference is to a container within a pod, this would take on a value like:
-                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                          the event) or if no container name is specified "spec.containers[2]" (container with
-                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                          referencing a part of an object.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind of the referent.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      name:
-                        description: |-
-                          Name of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        type: string
-                      namespace:
-                        description: |-
-                          Namespace of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                        type: string
-                      resourceVersion:
-                        description: |-
-                          Specific resourceVersion to which this reference is made, if any.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                        type: string
-                      uid:
-                        description: |-
-                          UID of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                required:
-                - ref
-                type: object
-              infrastructure:
-                description: |-
-                  infrastructure is a reference to a provider-specific template that holds
-                  the details for provisioning infrastructure specific cluster
-                  for the underlying provider.
-                  The underlying provider is responsible for the implementation
-                  of the template to an infrastructure cluster.
-                properties:
-                  ref:
-                    description: |-
-                      ref is a required reference to a custom resource
-                      offered by a provider.
-                    properties:
-                      apiVersion:
-                        description: API version of the referent.
-                        type: string
-                      fieldPath:
-                        description: |-
-                          If referring to a piece of an object instead of an entire object, this string
-                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                          For example, if the object reference is to a container within a pod, this would take on a value like:
-                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                          the event) or if no container name is specified "spec.containers[2]" (container with
-                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                          referencing a part of an object.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind of the referent.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      name:
-                        description: |-
-                          Name of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        type: string
-                      namespace:
-                        description: |-
-                          Namespace of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                        type: string
-                      resourceVersion:
-                        description: |-
-                          Specific resourceVersion to which this reference is made, if any.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                        type: string
-                      uid:
-                        description: |-
-                          UID of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                required:
-                - ref
-                type: object
-              workers:
-                description: |-
-                  workers describes the worker nodes for the cluster.
-                  It is a collection of node types which can be used to create
-                  the worker nodes of the cluster.
-                properties:
-                  machineDeployments:
-                    description: |-
-                      machineDeployments is a list of machine deployment classes that can be used to create
-                      a set of worker nodes.
-                    items:
-                      description: |-
-                        MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster
-                        provisioned using the `ClusterClass`.
-                      properties:
-                        class:
-                          description: |-
-                            class denotes a type of worker node present in the cluster,
-                            this name MUST be unique within a ClusterClass and can be referenced
-                            in the Cluster to create a managed MachineDeployment.
-                          type: string
-                        template:
-                          description: |-
-                            template is a local struct containing a collection of templates for creation of
-                            MachineDeployment objects representing a set of worker nodes.
-                          properties:
-                            bootstrap:
-                              description: |-
-                                bootstrap contains the bootstrap template reference to be used
-                                for the creation of worker Machines.
-                              properties:
-                                ref:
-                                  description: |-
-                                    ref is a required reference to a custom resource
-                                    offered by a provider.
-                                  properties:
-                                    apiVersion:
-                                      description: API version of the referent.
-                                      type: string
-                                    fieldPath:
-                                      description: |-
-                                        If referring to a piece of an object instead of an entire object, this string
-                                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                        the event) or if no container name is specified "spec.containers[2]" (container with
-                                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                        referencing a part of an object.
-                                      type: string
-                                    kind:
-                                      description: |-
-                                        Kind of the referent.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                      type: string
-                                    name:
-                                      description: |-
-                                        Name of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    namespace:
-                                      description: |-
-                                        Namespace of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                      type: string
-                                    resourceVersion:
-                                      description: |-
-                                        Specific resourceVersion to which this reference is made, if any.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                      type: string
-                                    uid:
-                                      description: |-
-                                        UID of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                      type: string
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                              required:
-                              - ref
-                              type: object
-                            infrastructure:
-                              description: |-
-                                infrastructure contains the infrastructure template reference to be used
-                                for the creation of worker Machines.
-                              properties:
-                                ref:
-                                  description: |-
-                                    ref is a required reference to a custom resource
-                                    offered by a provider.
-                                  properties:
-                                    apiVersion:
-                                      description: API version of the referent.
-                                      type: string
-                                    fieldPath:
-                                      description: |-
-                                        If referring to a piece of an object instead of an entire object, this string
-                                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                        the event) or if no container name is specified "spec.containers[2]" (container with
-                                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                        referencing a part of an object.
-                                      type: string
-                                    kind:
-                                      description: |-
-                                        Kind of the referent.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                      type: string
-                                    name:
-                                      description: |-
-                                        Name of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    namespace:
-                                      description: |-
-                                        Namespace of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                      type: string
-                                    resourceVersion:
-                                      description: |-
-                                        Specific resourceVersion to which this reference is made, if any.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                      type: string
-                                    uid:
-                                      description: |-
-                                        UID of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                      type: string
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                              required:
-                              - ref
-                              type: object
-                            metadata:
-                              description: |-
-                                metadata is the metadata applied to the machines of the MachineDeployment.
-                                At runtime this metadata is merged with the corresponding metadata from the topology.
-                              properties:
-                                annotations:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    annotations is an unstructured key value map stored with a resource that may be
-                                    set by external tools to store and retrieve arbitrary metadata. They are not
-                                    queryable and should be preserved when modifying objects.
-                                    More info: http://kubernetes.io/docs/user-guide/annotations
-                                  type: object
-                                labels:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    Map of string keys and values that can be used to organize and categorize
-                                    (scope and select) objects. May match selectors of replication controllers
-                                    and services.
-                                    More info: http://kubernetes.io/docs/user-guide/labels
-                                  type: object
-                              type: object
-                          required:
-                          - bootstrap
-                          - infrastructure
-                          type: object
-                      required:
-                      - class
-                      - template
-                      type: object
-                    type: array
-                type: object
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of ClusterClass
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: ClusterClass is a template which can be used to create managed
-          topologies.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterClassSpec describes the desired state of the ClusterClass.
-            properties:
-              controlPlane:
-                description: |-
-                  controlPlane is a reference to a local struct that holds the details
-                  for provisioning the Control Plane for the Cluster.
-                properties:
-                  machineHealthCheck:
-                    description: |-
-                      machineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass.
-                      This field is supported if and only if the ControlPlane provider template
-                      referenced above is Machine based and supports setting replicas.
-                    properties:
-                      maxUnhealthy:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
-                          "selector" are not healthy.
-                        x-kubernetes-int-or-string: true
-                      nodeStartupTimeout:
-                        description: |-
-                          nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
-                          to consider a Machine unhealthy if a corresponding Node isn't associated
-                          through a `Spec.ProviderID` field.
-
-                          The duration set in this field is compared to the greatest of:
-                          - Cluster's infrastructure ready condition timestamp (if and when available)
-                          - Control Plane's initialized condition timestamp (if and when available)
-                          - Machine's infrastructure ready condition timestamp (if and when available)
-                          - Machine's metadata creation timestamp
-
-                          Defaults to 10 minutes.
-                          If you wish to disable this feature, set the value explicitly to 0.
-                        type: string
-                      remediationTemplate:
-                        description: |-
-                          remediationTemplate is a reference to a remediation template
-                          provided by an infrastructure provider.
-
-                          This field is completely optional, when filled, the MachineHealthCheck controller
-                          creates a new object from the template referenced and hands off remediation of the machine to
-                          a controller that lives outside of Cluster API.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      unhealthyConditions:
-                        description: |-
-                          unhealthyConditions contains a list of the conditions that determine
-                          whether a node is considered unhealthy. The conditions are combined in a
-                          logical OR, i.e. if any of the conditions is met, the node is unhealthy.
-                        items:
-                          description: |-
-                            UnhealthyCondition represents a Node condition type and value with a timeout
-                            specified as a duration.  When the named condition has been in the given
-                            status for at least the timeout value, a node is considered unhealthy.
-                          properties:
-                            status:
-                              minLength: 1
-                              type: string
-                            timeout:
-                              type: string
-                            type:
-                              minLength: 1
-                              type: string
-                          required:
-                          - status
-                          - timeout
-                          - type
-                          type: object
-                        type: array
-                      unhealthyRange:
-                        description: |-
-                          Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
-                          is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
-                          Eg. "[3-5]" - This means that remediation will be allowed only when:
-                          (a) there are at least 3 unhealthy machines (and)
-                          (b) there are at most 5 unhealthy machines
-                        pattern: ^\[[0-9]+-[0-9]+\]$
-                        type: string
-                    type: object
-                  machineInfrastructure:
-                    description: |-
-                      machineInfrastructure defines the metadata and infrastructure information
-                      for control plane machines.
-
-                      This field is supported if and only if the control plane provider template
-                      referenced above is Machine based and supports setting replicas.
-                    properties:
-                      ref:
-                        description: |-
-                          ref is a required reference to a custom resource
-                          offered by a provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                    required:
-                    - ref
-                    type: object
-                  metadata:
-                    description: |-
-                      metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane
-                      if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the
-                      ControlPlane.
-                      At runtime this metadata is merged with the corresponding metadata from the topology.
-
-                      This field is supported if and only if the control plane provider template
-                      referenced is Machine based.
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  namingStrategy:
-                    description: namingStrategy allows changing the naming pattern
-                      used when creating the control plane provider object.
-                    properties:
-                      template:
-                        description: |-
-                          template defines the template to use for generating the name of the ControlPlane object.
-                          If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`.
-                          If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will
-                          get concatenated with a random suffix of length 5.
-                          The templating mechanism provides the following arguments:
-                          * `.cluster.name`: The name of the cluster object.
-                          * `.random`: A random alphanumeric string, without vowels, of length 5.
-                        type: string
-                    type: object
-                  nodeDeletionTimeout:
-                    description: |-
-                      nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
-                      hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                      Defaults to 10 seconds.
-                      NOTE: This value can be overridden while defining a Cluster.Topology.
-                    type: string
-                  nodeDrainTimeout:
-                    description: |-
-                      nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                      The default value is 0, meaning that the node can be drained without any time limitations.
-                      NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                      NOTE: This value can be overridden while defining a Cluster.Topology.
-                    type: string
-                  nodeVolumeDetachTimeout:
-                    description: |-
-                      nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                      to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                      NOTE: This value can be overridden while defining a Cluster.Topology.
-                    type: string
-                  ref:
-                    description: |-
-                      ref is a required reference to a custom resource
-                      offered by a provider.
-                    properties:
-                      apiVersion:
-                        description: API version of the referent.
-                        type: string
-                      fieldPath:
-                        description: |-
-                          If referring to a piece of an object instead of an entire object, this string
-                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                          For example, if the object reference is to a container within a pod, this would take on a value like:
-                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                          the event) or if no container name is specified "spec.containers[2]" (container with
-                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                          referencing a part of an object.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind of the referent.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      name:
-                        description: |-
-                          Name of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        type: string
-                      namespace:
-                        description: |-
-                          Namespace of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                        type: string
-                      resourceVersion:
-                        description: |-
-                          Specific resourceVersion to which this reference is made, if any.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                        type: string
-                      uid:
-                        description: |-
-                          UID of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                required:
-                - ref
-                type: object
-              infrastructure:
-                description: |-
-                  infrastructure is a reference to a provider-specific template that holds
-                  the details for provisioning infrastructure specific cluster
-                  for the underlying provider.
-                  The underlying provider is responsible for the implementation
-                  of the template to an infrastructure cluster.
-                properties:
-                  ref:
-                    description: |-
-                      ref is a required reference to a custom resource
-                      offered by a provider.
-                    properties:
-                      apiVersion:
-                        description: API version of the referent.
-                        type: string
-                      fieldPath:
-                        description: |-
-                          If referring to a piece of an object instead of an entire object, this string
-                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                          For example, if the object reference is to a container within a pod, this would take on a value like:
-                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                          the event) or if no container name is specified "spec.containers[2]" (container with
-                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                          referencing a part of an object.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind of the referent.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      name:
-                        description: |-
-                          Name of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        type: string
-                      namespace:
-                        description: |-
-                          Namespace of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                        type: string
-                      resourceVersion:
-                        description: |-
-                          Specific resourceVersion to which this reference is made, if any.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                        type: string
-                      uid:
-                        description: |-
-                          UID of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                required:
-                - ref
-                type: object
-              patches:
-                description: |-
-                  patches defines the patches which are applied to customize
-                  referenced templates of a ClusterClass.
-                  Note: Patches will be applied in the order of the array.
-                items:
-                  description: ClusterClassPatch defines a patch which is applied
-                    to customize the referenced templates.
-                  properties:
-                    definitions:
-                      description: |-
-                        definitions define inline patches.
-                        Note: Patches will be applied in the order of the array.
-                        Note: Exactly one of Definitions or External must be set.
-                      items:
-                        description: PatchDefinition defines a patch which is applied
-                          to customize the referenced templates.
-                        properties:
-                          jsonPatches:
-                            description: |-
-                              jsonPatches defines the patches which should be applied on the templates
-                              matching the selector.
-                              Note: Patches will be applied in the order of the array.
-                            items:
-                              description: JSONPatch defines a JSON patch.
-                              properties:
-                                op:
-                                  description: |-
-                                    op defines the operation of the patch.
-                                    Note: Only `add`, `replace` and `remove` are supported.
-                                  type: string
-                                path:
-                                  description: |-
-                                    path defines the path of the patch.
-                                    Note: Only the spec of a template can be patched, thus the path has to start with /spec/.
-                                    Note: For now the only allowed array modifications are `append` and `prepend`, i.e.:
-                                    * for op: `add`: only index 0 (prepend) and - (append) are allowed
-                                    * for op: `replace` or `remove`: no indexes are allowed
-                                  type: string
-                                value:
-                                  description: |-
-                                    value defines the value of the patch.
-                                    Note: Either Value or ValueFrom is required for add and replace
-                                    operations. Only one of them is allowed to be set at the same time.
-                                    Note: We have to use apiextensionsv1.JSON instead of our JSON type,
-                                    because controller-tools has a hard-coded schema for apiextensionsv1.JSON
-                                    which cannot be produced by another type (unset type field).
-                                    Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
-                                  x-kubernetes-preserve-unknown-fields: true
-                                valueFrom:
-                                  description: |-
-                                    valueFrom defines the value of the patch.
-                                    Note: Either Value or ValueFrom is required for add and replace
-                                    operations. Only one of them is allowed to be set at the same time.
-                                  properties:
-                                    template:
-                                      description: |-
-                                        template is the Go template to be used to calculate the value.
-                                        A template can reference variables defined in .spec.variables and builtin variables.
-                                        Note: The template must evaluate to a valid YAML or JSON value.
-                                      type: string
-                                    variable:
-                                      description: |-
-                                        variable is the variable to be used as value.
-                                        Variable can be one of the variables defined in .spec.variables or a builtin variable.
-                                      type: string
-                                  type: object
-                              required:
-                              - op
-                              - path
-                              type: object
-                            type: array
-                          selector:
-                            description: selector defines on which templates the patch
-                              should be applied.
-                            properties:
-                              apiVersion:
-                                description: apiVersion filters templates by apiVersion.
-                                type: string
-                              kind:
-                                description: kind filters templates by kind.
-                                type: string
-                              matchResources:
-                                description: matchResources selects templates based
-                                  on where they are referenced.
-                                properties:
-                                  controlPlane:
-                                    description: |-
-                                      controlPlane selects templates referenced in .spec.ControlPlane.
-                                      Note: this will match the controlPlane and also the controlPlane
-                                      machineInfrastructure (depending on the kind and apiVersion).
-                                    type: boolean
-                                  infrastructureCluster:
-                                    description: infrastructureCluster selects templates
-                                      referenced in .spec.infrastructure.
-                                    type: boolean
-                                  machineDeploymentClass:
-                                    description: |-
-                                      machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in
-                                      .spec.workers.machineDeployments.
-                                    properties:
-                                      names:
-                                        description: names selects templates by class
-                                          names.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                  machinePoolClass:
-                                    description: |-
-                                      machinePoolClass selects templates referenced in specific MachinePoolClasses in
-                                      .spec.workers.machinePools.
-                                    properties:
-                                      names:
-                                        description: names selects templates by class
-                                          names.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                type: object
-                            required:
-                            - apiVersion
-                            - kind
-                            - matchResources
-                            type: object
-                        required:
-                        - jsonPatches
-                        - selector
-                        type: object
-                      type: array
-                    description:
-                      description: description is a human-readable description of
-                        this patch.
-                      type: string
-                    enabledIf:
-                      description: |-
-                        enabledIf is a Go template to be used to calculate if a patch should be enabled.
-                        It can reference variables defined in .spec.variables and builtin variables.
-                        The patch will be enabled if the template evaluates to `true`, otherwise it will
-                        be disabled.
-                        If EnabledIf is not set, the patch will be enabled per default.
-                      type: string
-                    external:
-                      description: |-
-                        external defines an external patch.
-                        Note: Exactly one of Definitions or External must be set.
-                      properties:
-                        discoverVariablesExtension:
-                          description: discoverVariablesExtension references an extension
-                            which is called to discover variables.
-                          type: string
-                        generateExtension:
-                          description: generateExtension references an extension which
-                            is called to generate patches.
-                          type: string
-                        settings:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            settings defines key value pairs to be passed to the extensions.
-                            Values defined here take precedence over the values defined in the
-                            corresponding ExtensionConfig.
-                          type: object
-                        validateExtension:
-                          description: validateExtension references an extension which
-                            is called to validate the topology.
-                          type: string
-                      type: object
-                    name:
-                      description: name of the patch.
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              variables:
-                description: |-
-                  variables defines the variables which can be configured
-                  in the Cluster topology and are then used in patches.
-                items:
-                  description: |-
-                    ClusterClassVariable defines a variable which can
-                    be configured in the Cluster topology and used in patches.
-                  properties:
-                    metadata:
-                      description: |-
-                        metadata is the metadata of a variable.
-                        It can be used to add additional data for higher level tools to
-                        a ClusterClassVariable.
-
-                        Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please use XMetadata in JSONSchemaProps instead.
-                      properties:
-                        annotations:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            annotations is an unstructured key value map that can be used to store and
-                            retrieve arbitrary metadata.
-                            They are not queryable.
-                          type: object
-                        labels:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            Map of string keys and values that can be used to organize and categorize
-                            (scope and select) variables.
-                          type: object
-                      type: object
-                    name:
-                      description: name of the variable.
-                      type: string
-                    required:
-                      description: |-
-                        required specifies if the variable is required.
-                        Note: this applies to the variable as a whole and thus the
-                        top-level object defined in the schema. If nested fields are
-                        required, this will be specified inside the schema.
-                      type: boolean
-                    schema:
-                      description: schema defines the schema of the variable.
-                      properties:
-                        openAPIV3Schema:
-                          description: |-
-                            openAPIV3Schema defines the schema of a variable via OpenAPI v3
-                            schema. The schema is a subset of the schema used in
-                            Kubernetes CRDs.
-                          properties:
-                            additionalProperties:
-                              description: |-
-                                additionalProperties specifies the schema of values in a map (keys are always strings).
-                                NOTE: Can only be set if type is object.
-                                NOTE: AdditionalProperties is mutually exclusive with Properties.
-                                NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                because recursive validation is not possible.
-                              x-kubernetes-preserve-unknown-fields: true
-                            allOf:
-                              description: |-
-                                allOf specifies that the variable must validate against all of the subschemas in the array.
-                                NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                because recursive validation is not possible.
-                              x-kubernetes-preserve-unknown-fields: true
-                            anyOf:
-                              description: |-
-                                anyOf specifies that the variable must validate against one or more of the subschemas in the array.
-                                NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                because recursive validation is not possible.
-                              x-kubernetes-preserve-unknown-fields: true
-                            default:
-                              description: |-
-                                default is the default value of the variable.
-                                NOTE: Can be set for all types.
-                              x-kubernetes-preserve-unknown-fields: true
-                            description:
-                              description: description is a human-readable description
-                                of this variable.
-                              type: string
-                            enum:
-                              description: |-
-                                enum is the list of valid values of the variable.
-                                NOTE: Can be set for all types.
-                              items:
-                                x-kubernetes-preserve-unknown-fields: true
-                              type: array
-                            example:
-                              description: example is an example for this variable.
-                              x-kubernetes-preserve-unknown-fields: true
-                            exclusiveMaximum:
-                              description: |-
-                                exclusiveMaximum specifies if the Maximum is exclusive.
-                                NOTE: Can only be set if type is integer or number.
-                              type: boolean
-                            exclusiveMinimum:
-                              description: |-
-                                exclusiveMinimum specifies if the Minimum is exclusive.
-                                NOTE: Can only be set if type is integer or number.
-                              type: boolean
-                            format:
-                              description: |-
-                                format is an OpenAPI v3 format string. Unknown formats are ignored.
-                                For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using)
-                                https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go
-                                NOTE: Can only be set if type is string.
-                              type: string
-                            items:
-                              description: |-
-                                items specifies fields of an array.
-                                NOTE: Can only be set if type is array.
-                                NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                because recursive validation is not possible.
-                              x-kubernetes-preserve-unknown-fields: true
-                            maxItems:
-                              description: |-
-                                maxItems is the max length of an array variable.
-                                NOTE: Can only be set if type is array.
-                              format: int64
-                              type: integer
-                            maxLength:
-                              description: |-
-                                maxLength is the max length of a string variable.
-                                NOTE: Can only be set if type is string.
-                              format: int64
-                              type: integer
-                            maxProperties:
-                              description: |-
-                                maxProperties is the maximum amount of entries in a map or properties in an object.
-                                NOTE: Can only be set if type is object.
-                              format: int64
-                              type: integer
-                            maximum:
-                              description: |-
-                                maximum is the maximum of an integer or number variable.
-                                If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum.
-                                If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum.
-                                NOTE: Can only be set if type is integer or number.
-                              format: int64
-                              type: integer
-                            minItems:
-                              description: |-
-                                minItems is the min length of an array variable.
-                                NOTE: Can only be set if type is array.
-                              format: int64
-                              type: integer
-                            minLength:
-                              description: |-
-                                minLength is the min length of a string variable.
-                                NOTE: Can only be set if type is string.
-                              format: int64
-                              type: integer
-                            minProperties:
-                              description: |-
-                                minProperties is the minimum amount of entries in a map or properties in an object.
-                                NOTE: Can only be set if type is object.
-                              format: int64
-                              type: integer
-                            minimum:
-                              description: |-
-                                minimum is the minimum of an integer or number variable.
-                                If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum.
-                                If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum.
-                                NOTE: Can only be set if type is integer or number.
-                              format: int64
-                              type: integer
-                            not:
-                              description: |-
-                                not specifies that the variable must not validate against the subschema.
-                                NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                because recursive validation is not possible.
-                              x-kubernetes-preserve-unknown-fields: true
-                            oneOf:
-                              description: |-
-                                oneOf specifies that the variable must validate against exactly one of the subschemas in the array.
-                                NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                because recursive validation is not possible.
-                              x-kubernetes-preserve-unknown-fields: true
-                            pattern:
-                              description: |-
-                                pattern is the regex which a string variable must match.
-                                NOTE: Can only be set if type is string.
-                              type: string
-                            properties:
-                              description: |-
-                                properties specifies fields of an object.
-                                NOTE: Can only be set if type is object.
-                                NOTE: Properties is mutually exclusive with AdditionalProperties.
-                                NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                because recursive validation is not possible.
-                              x-kubernetes-preserve-unknown-fields: true
-                            required:
-                              description: |-
-                                required specifies which fields of an object are required.
-                                NOTE: Can only be set if type is object.
-                              items:
-                                type: string
-                              type: array
-                            type:
-                              description: |-
-                                type is the type of the variable.
-                                Valid values are: object, array, string, integer, number or boolean.
-                              type: string
-                            uniqueItems:
-                              description: |-
-                                uniqueItems specifies if items in an array must be unique.
-                                NOTE: Can only be set if type is array.
-                              type: boolean
-                            x-kubernetes-int-or-string:
-                              description: |-
-                                x-kubernetes-int-or-string specifies that this value is
-                                either an integer or a string. If this is true, an empty
-                                type is allowed and type as child of anyOf is permitted
-                                if following one of the following patterns:
-
-                                1) anyOf:
-                                   - type: integer
-                                   - type: string
-                                2) allOf:
-                                   - anyOf:
-                                     - type: integer
-                                     - type: string
-                                   - ... zero or more
-                              type: boolean
-                            x-kubernetes-preserve-unknown-fields:
-                              description: |-
-                                x-kubernetes-preserve-unknown-fields allows setting fields in a variable object
-                                which are not defined in the variable schema. This affects fields recursively,
-                                except if nested properties or additionalProperties are specified in the schema.
-                              type: boolean
-                            x-kubernetes-validations:
-                              description: x-kubernetes-validations describes a list
-                                of validation rules written in the CEL expression
-                                language.
-                              items:
-                                description: ValidationRule describes a validation
-                                  rule written in the CEL expression language.
-                                properties:
-                                  fieldPath:
-                                    description: |-
-                                      fieldPath represents the field path returned when the validation fails.
-                                      It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.
-                                      e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`
-                                      If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`
-                                      It does not support list numeric index.
-                                      It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.
-                                      Numeric index of array is not supported.
-                                      For field name which contains special characters, use `['specialName']` to refer the field name.
-                                      e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`
-                                    type: string
-                                  message:
-                                    description: |-
-                                      message represents the message displayed when validation fails. The message is required if the Rule contains
-                                      line breaks. The message must not contain line breaks.
-                                      If unset, the message is "failed rule: {Rule}".
-                                      e.g. "must be a URL with the host matching spec.host"
-                                    type: string
-                                  messageExpression:
-                                    description: |-
-                                      messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
-                                      Since messageExpression is used as a failure message, it must evaluate to a string.
-                                      If both message and messageExpression are present on a rule, then messageExpression will be used if validation
-                                      fails. If messageExpression results in a runtime error, the validation failure message is produced
-                                      as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
-                                      that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset.
-                                      messageExpression has access to all the same variables as the rule; the only difference is the return type.
-                                      Example:
-                                      "x must be less than max ("+string(self.max)+")"
-                                    type: string
-                                  reason:
-                                    default: FieldValueInvalid
-                                    description: |-
-                                      reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.
-                                      The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate".
-                                      If not set, default to use "FieldValueInvalid".
-                                      All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.
-                                    enum:
-                                    - FieldValueInvalid
-                                    - FieldValueForbidden
-                                    - FieldValueRequired
-                                    - FieldValueDuplicate
-                                    type: string
-                                  rule:
-                                    description: "rule represents the expression which
-                                      will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe
-                                      Rule is scoped to the location of the x-kubernetes-validations
-                                      extension in the schema.\nThe `self` variable
-                                      in the CEL expression is bound to the scoped
-                                      value.\nIf the Rule is scoped to an object with
-                                      properties, the accessible properties of the
-                                      object are field selectable\nvia `self.field`
-                                      and field presence can be checked via `has(self.field)`.\nIf
-                                      the Rule is scoped to an object with additionalProperties
-                                      (i.e. a map) the value of the map\nare accessible
-                                      via `self[mapKey]`, map containment can be checked
-                                      via `mapKey in self` and all entries of the
-                                      map\nare accessible via CEL macros and functions
-                                      such as `self.all(...)`.\nIf the Rule is scoped
-                                      to an array, the elements of the array are accessible
-                                      via `self[i]` and also by macros and\nfunctions.\nIf
-                                      the Rule is scoped to a scalar, `self` is bound
-                                      to the scalar value.\nExamples:\n- Rule scoped
-                                      to a map of objects: {\"rule\": \"self.components['Widget'].priority
-                                      < 10\"}\n- Rule scoped to a list of integers:
-                                      {\"rule\": \"self.values.all(value, value >=
-                                      0 && value < 100)\"}\n- Rule scoped to a string
-                                      value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown
-                                      data preserved in custom resources via x-kubernetes-preserve-unknown-fields
-                                      is not accessible in CEL\nexpressions. This
-                                      includes:\n- Unknown field values that are preserved
-                                      by object schemas with x-kubernetes-preserve-unknown-fields.\n-
-                                      Object properties where the property schema
-                                      is of an \"unknown type\". An \"unknown type\"
-                                      is recursively defined as:\n  - A schema with
-                                      no type and x-kubernetes-preserve-unknown-fields
-                                      set to true\n  - An array where the items schema
-                                      is of an \"unknown type\"\n  - An object where
-                                      the additionalProperties schema is of an \"unknown
-                                      type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`
-                                      are accessible.\nAccessible property names are
-                                      escaped according to the following rules when
-                                      accessed in the expression:\n- '__' escapes
-                                      to '__underscores__'\n- '.' escapes to '__dot__'\n-
-                                      '-' escapes to '__dash__'\n- '/' escapes to
-                                      '__slash__'\n- Property names that exactly match
-                                      a CEL RESERVED keyword escape to '__{keyword}__'.
-                                      The keywords are:\n\t  \"true\", \"false\",
-                                      \"null\", \"in\", \"as\", \"break\", \"const\",
-                                      \"continue\", \"else\", \"for\", \"function\",
-                                      \"if\",\n\t  \"import\", \"let\", \"loop\",
-                                      \"package\", \"namespace\", \"return\".\nExamples:\n
-                                      \ - Rule accessing a property named \"namespace\":
-                                      {\"rule\": \"self.__namespace__ > 0\"}\n  -
-                                      Rule accessing a property named \"x-prop\":
-                                      {\"rule\": \"self.x__dash__prop > 0\"}\n  -
-                                      Rule accessing a property named \"redact__d\":
-                                      {\"rule\": \"self.redact__underscores__d > 0\"}\n\nIf
-                                      `rule` makes use of the `oldSelf` variable it
-                                      is implicitly a\n`transition rule`.\n\nBy default,
-                                      the `oldSelf` variable is the same type as `self`.\n\nTransition
-                                      rules by default are applied only on UPDATE
-                                      requests and are\nskipped if an old value could
-                                      not be found."
-                                    type: string
-                                required:
-                                - rule
-                                type: object
-                              type: array
-                              x-kubernetes-list-map-keys:
-                              - rule
-                              x-kubernetes-list-type: map
-                            x-metadata:
-                              description: |-
-                                x-metadata is the metadata of a variable or a nested field within a variable.
-                                It can be used to add additional data for higher level tools.
-                              properties:
-                                annotations:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    annotations is an unstructured key value map that can be used to store and
-                                    retrieve arbitrary metadata.
-                                    They are not queryable.
-                                  type: object
-                                labels:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    Map of string keys and values that can be used to organize and categorize
-                                    (scope and select) variables.
-                                  type: object
-                              type: object
-                          type: object
-                      required:
-                      - openAPIV3Schema
-                      type: object
-                  required:
-                  - name
-                  - required
-                  - schema
-                  type: object
-                type: array
-              workers:
-                description: |-
-                  workers describes the worker nodes for the cluster.
-                  It is a collection of node types which can be used to create
-                  the worker nodes of the cluster.
-                properties:
-                  machineDeployments:
-                    description: |-
-                      machineDeployments is a list of machine deployment classes that can be used to create
-                      a set of worker nodes.
-                    items:
-                      description: |-
-                        MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster
-                        provisioned using the `ClusterClass`.
-                      properties:
-                        class:
-                          description: |-
-                            class denotes a type of worker node present in the cluster,
-                            this name MUST be unique within a ClusterClass and can be referenced
-                            in the Cluster to create a managed MachineDeployment.
-                          type: string
-                        failureDomain:
-                          description: |-
-                            failureDomain is the failure domain the machines will be created in.
-                            Must match a key in the FailureDomains map stored on the cluster object.
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
-                          type: string
-                        machineHealthCheck:
-                          description: machineHealthCheck defines a MachineHealthCheck
-                            for this MachineDeploymentClass.
-                          properties:
-                            maxUnhealthy:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: |-
-                                Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
-                                "selector" are not healthy.
-                              x-kubernetes-int-or-string: true
-                            nodeStartupTimeout:
-                              description: |-
-                                nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
-                                to consider a Machine unhealthy if a corresponding Node isn't associated
-                                through a `Spec.ProviderID` field.
-
-                                The duration set in this field is compared to the greatest of:
-                                - Cluster's infrastructure ready condition timestamp (if and when available)
-                                - Control Plane's initialized condition timestamp (if and when available)
-                                - Machine's infrastructure ready condition timestamp (if and when available)
-                                - Machine's metadata creation timestamp
-
-                                Defaults to 10 minutes.
-                                If you wish to disable this feature, set the value explicitly to 0.
-                              type: string
-                            remediationTemplate:
-                              description: |-
-                                remediationTemplate is a reference to a remediation template
-                                provided by an infrastructure provider.
-
-                                This field is completely optional, when filled, the MachineHealthCheck controller
-                                creates a new object from the template referenced and hands off remediation of the machine to
-                                a controller that lives outside of Cluster API.
-                              properties:
-                                apiVersion:
-                                  description: API version of the referent.
-                                  type: string
-                                fieldPath:
-                                  description: |-
-                                    If referring to a piece of an object instead of an entire object, this string
-                                    should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                    For example, if the object reference is to a container within a pod, this would take on a value like:
-                                    "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                    the event) or if no container name is specified "spec.containers[2]" (container with
-                                    index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                    referencing a part of an object.
-                                  type: string
-                                kind:
-                                  description: |-
-                                    Kind of the referent.
-                                    More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                  type: string
-                                name:
-                                  description: |-
-                                    Name of the referent.
-                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                  type: string
-                                namespace:
-                                  description: |-
-                                    Namespace of the referent.
-                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                  type: string
-                                resourceVersion:
-                                  description: |-
-                                    Specific resourceVersion to which this reference is made, if any.
-                                    More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                  type: string
-                                uid:
-                                  description: |-
-                                    UID of the referent.
-                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                  type: string
-                              type: object
-                              x-kubernetes-map-type: atomic
-                            unhealthyConditions:
-                              description: |-
-                                unhealthyConditions contains a list of the conditions that determine
-                                whether a node is considered unhealthy. The conditions are combined in a
-                                logical OR, i.e. if any of the conditions is met, the node is unhealthy.
-                              items:
-                                description: |-
-                                  UnhealthyCondition represents a Node condition type and value with a timeout
-                                  specified as a duration.  When the named condition has been in the given
-                                  status for at least the timeout value, a node is considered unhealthy.
-                                properties:
-                                  status:
-                                    minLength: 1
-                                    type: string
-                                  timeout:
-                                    type: string
-                                  type:
-                                    minLength: 1
-                                    type: string
-                                required:
-                                - status
-                                - timeout
-                                - type
-                                type: object
-                              type: array
-                            unhealthyRange:
-                              description: |-
-                                Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
-                                is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
-                                Eg. "[3-5]" - This means that remediation will be allowed only when:
-                                (a) there are at least 3 unhealthy machines (and)
-                                (b) there are at most 5 unhealthy machines
-                              pattern: ^\[[0-9]+-[0-9]+\]$
-                              type: string
-                          type: object
-                        minReadySeconds:
-                          description: |-
-                            Minimum number of seconds for which a newly created machine should
-                            be ready.
-                            Defaults to 0 (machine will be considered available as soon as it
-                            is ready)
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
-                          format: int32
-                          type: integer
-                        namingStrategy:
-                          description: namingStrategy allows changing the naming pattern
-                            used when creating the MachineDeployment.
-                          properties:
-                            template:
-                              description: |-
-                                template defines the template to use for generating the name of the MachineDeployment object.
-                                If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`.
-                                If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will
-                                get concatenated with a random suffix of length 5.
-                                The templating mechanism provides the following arguments:
-                                * `.cluster.name`: The name of the cluster object.
-                                * `.random`: A random alphanumeric string, without vowels, of length 5.
-                                * `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).
-                              type: string
-                          type: object
-                        nodeDeletionTimeout:
-                          description: |-
-                            nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
-                            hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                            Defaults to 10 seconds.
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
-                          type: string
-                        nodeDrainTimeout:
-                          description: |-
-                            nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                            The default value is 0, meaning that the node can be drained without any time limitations.
-                            NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
-                          type: string
-                        nodeVolumeDetachTimeout:
-                          description: |-
-                            nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                            to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
-                          type: string
-                        strategy:
-                          description: |-
-                            The deployment strategy to use to replace existing machines with
-                            new ones.
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
-                          properties:
-                            remediation:
-                              description: |-
-                                remediation controls the strategy of remediating unhealthy machines
-                                and how remediating operations should occur during the lifecycle of the dependant MachineSets.
-                              properties:
-                                maxInFlight:
-                                  anyOf:
-                                  - type: integer
-                                  - type: string
-                                  description: |-
-                                    maxInFlight determines how many in flight remediations should happen at the same time.
-
-                                    Remediation only happens on the MachineSet with the most current revision, while
-                                    older MachineSets (usually present during rollout operations) aren't allowed to remediate.
-
-                                    Note: In general (independent of remediations), unhealthy machines are always
-                                    prioritized during scale down operations over healthy ones.
-
-                                    MaxInFlight can be set to a fixed number or a percentage.
-                                    Example: when this is set to 20%, the MachineSet controller deletes at most 20% of
-                                    the desired replicas.
-
-                                    If not set, remediation is limited to all machines (bounded by replicas)
-                                    under the active MachineSet's management.
-                                  x-kubernetes-int-or-string: true
-                              type: object
-                            rollingUpdate:
-                              description: |-
-                                Rolling update config params. Present only if
-                                MachineDeploymentStrategyType = RollingUpdate.
-                              properties:
-                                deletePolicy:
-                                  description: |-
-                                    deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
-                                    Valid values are "Random, "Newest", "Oldest"
-                                    When no value is supplied, the default DeletePolicy of MachineSet is used
-                                  enum:
-                                  - Random
-                                  - Newest
-                                  - Oldest
-                                  type: string
-                                maxSurge:
-                                  anyOf:
-                                  - type: integer
-                                  - type: string
-                                  description: |-
-                                    The maximum number of machines that can be scheduled above the
-                                    desired number of machines.
-                                    Value can be an absolute number (ex: 5) or a percentage of
-                                    desired machines (ex: 10%).
-                                    This can not be 0 if MaxUnavailable is 0.
-                                    Absolute number is calculated from percentage by rounding up.
-                                    Defaults to 1.
-                                    Example: when this is set to 30%, the new MachineSet can be scaled
-                                    up immediately when the rolling update starts, such that the total
-                                    number of old and new machines do not exceed 130% of desired
-                                    machines. Once old machines have been killed, new MachineSet can
-                                    be scaled up further, ensuring that total number of machines running
-                                    at any time during the update is at most 130% of desired machines.
-                                  x-kubernetes-int-or-string: true
-                                maxUnavailable:
-                                  anyOf:
-                                  - type: integer
-                                  - type: string
-                                  description: |-
-                                    The maximum number of machines that can be unavailable during the update.
-                                    Value can be an absolute number (ex: 5) or a percentage of desired
-                                    machines (ex: 10%).
-                                    Absolute number is calculated from percentage by rounding down.
-                                    This can not be 0 if MaxSurge is 0.
-                                    Defaults to 0.
-                                    Example: when this is set to 30%, the old MachineSet can be scaled
-                                    down to 70% of desired machines immediately when the rolling update
-                                    starts. Once new machines are ready, old MachineSet can be scaled
-                                    down further, followed by scaling up the new MachineSet, ensuring
-                                    that the total number of machines available at all times
-                                    during the update is at least 70% of desired machines.
-                                  x-kubernetes-int-or-string: true
-                              type: object
-                            type:
-                              description: |-
-                                type of deployment. Allowed values are RollingUpdate and OnDelete.
-                                The default is RollingUpdate.
-                              enum:
-                              - RollingUpdate
-                              - OnDelete
-                              type: string
-                          type: object
-                        template:
-                          description: |-
-                            template is a local struct containing a collection of templates for creation of
-                            MachineDeployment objects representing a set of worker nodes.
-                          properties:
-                            bootstrap:
-                              description: |-
-                                bootstrap contains the bootstrap template reference to be used
-                                for the creation of worker Machines.
-                              properties:
-                                ref:
-                                  description: |-
-                                    ref is a required reference to a custom resource
-                                    offered by a provider.
-                                  properties:
-                                    apiVersion:
-                                      description: API version of the referent.
-                                      type: string
-                                    fieldPath:
-                                      description: |-
-                                        If referring to a piece of an object instead of an entire object, this string
-                                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                        the event) or if no container name is specified "spec.containers[2]" (container with
-                                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                        referencing a part of an object.
-                                      type: string
-                                    kind:
-                                      description: |-
-                                        Kind of the referent.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                      type: string
-                                    name:
-                                      description: |-
-                                        Name of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    namespace:
-                                      description: |-
-                                        Namespace of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                      type: string
-                                    resourceVersion:
-                                      description: |-
-                                        Specific resourceVersion to which this reference is made, if any.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                      type: string
-                                    uid:
-                                      description: |-
-                                        UID of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                      type: string
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                              required:
-                              - ref
-                              type: object
-                            infrastructure:
-                              description: |-
-                                infrastructure contains the infrastructure template reference to be used
-                                for the creation of worker Machines.
-                              properties:
-                                ref:
-                                  description: |-
-                                    ref is a required reference to a custom resource
-                                    offered by a provider.
-                                  properties:
-                                    apiVersion:
-                                      description: API version of the referent.
-                                      type: string
-                                    fieldPath:
-                                      description: |-
-                                        If referring to a piece of an object instead of an entire object, this string
-                                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                        the event) or if no container name is specified "spec.containers[2]" (container with
-                                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                        referencing a part of an object.
-                                      type: string
-                                    kind:
-                                      description: |-
-                                        Kind of the referent.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                      type: string
-                                    name:
-                                      description: |-
-                                        Name of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    namespace:
-                                      description: |-
-                                        Namespace of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                      type: string
-                                    resourceVersion:
-                                      description: |-
-                                        Specific resourceVersion to which this reference is made, if any.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                      type: string
-                                    uid:
-                                      description: |-
-                                        UID of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                      type: string
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                              required:
-                              - ref
-                              type: object
-                            metadata:
-                              description: |-
-                                metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment.
-                                At runtime this metadata is merged with the corresponding metadata from the topology.
-                              properties:
-                                annotations:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    annotations is an unstructured key value map stored with a resource that may be
-                                    set by external tools to store and retrieve arbitrary metadata. They are not
-                                    queryable and should be preserved when modifying objects.
-                                    More info: http://kubernetes.io/docs/user-guide/annotations
-                                  type: object
-                                labels:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    Map of string keys and values that can be used to organize and categorize
-                                    (scope and select) objects. May match selectors of replication controllers
-                                    and services.
-                                    More info: http://kubernetes.io/docs/user-guide/labels
-                                  type: object
-                              type: object
-                          required:
-                          - bootstrap
-                          - infrastructure
-                          type: object
-                      required:
-                      - class
-                      - template
-                      type: object
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - class
-                    x-kubernetes-list-type: map
-                  machinePools:
-                    description: |-
-                      machinePools is a list of machine pool classes that can be used to create
-                      a set of worker nodes.
-                    items:
-                      description: |-
-                        MachinePoolClass serves as a template to define a pool of worker nodes of the cluster
-                        provisioned using `ClusterClass`.
-                      properties:
-                        class:
-                          description: |-
-                            class denotes a type of machine pool present in the cluster,
-                            this name MUST be unique within a ClusterClass and can be referenced
-                            in the Cluster to create a managed MachinePool.
-                          type: string
-                        failureDomains:
-                          description: |-
-                            failureDomains is the list of failure domains the MachinePool should be attached to.
-                            Must match a key in the FailureDomains map stored on the cluster object.
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
-                          items:
-                            type: string
-                          type: array
-                        minReadySeconds:
-                          description: |-
-                            Minimum number of seconds for which a newly created machine pool should
-                            be ready.
-                            Defaults to 0 (machine will be considered available as soon as it
-                            is ready)
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
-                          format: int32
-                          type: integer
-                        namingStrategy:
-                          description: namingStrategy allows changing the naming pattern
-                            used when creating the MachinePool.
-                          properties:
-                            template:
-                              description: |-
-                                template defines the template to use for generating the name of the MachinePool object.
-                                If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`.
-                                If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will
-                                get concatenated with a random suffix of length 5.
-                                The templating mechanism provides the following arguments:
-                                * `.cluster.name`: The name of the cluster object.
-                                * `.random`: A random alphanumeric string, without vowels, of length 5.
-                                * `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name).
-                              type: string
-                          type: object
-                        nodeDeletionTimeout:
-                          description: |-
-                            nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
-                            hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                            Defaults to 10 seconds.
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
-                          type: string
-                        nodeDrainTimeout:
-                          description: |-
-                            nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                            The default value is 0, meaning that the node can be drained without any time limitations.
-                            NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
-                          type: string
-                        nodeVolumeDetachTimeout:
-                          description: |-
-                            nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                            to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                            NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
-                          type: string
-                        template:
-                          description: |-
-                            template is a local struct containing a collection of templates for creation of
-                            MachinePools objects representing a pool of worker nodes.
-                          properties:
-                            bootstrap:
-                              description: |-
-                                bootstrap contains the bootstrap template reference to be used
-                                for the creation of the Machines in the MachinePool.
-                              properties:
-                                ref:
-                                  description: |-
-                                    ref is a required reference to a custom resource
-                                    offered by a provider.
-                                  properties:
-                                    apiVersion:
-                                      description: API version of the referent.
-                                      type: string
-                                    fieldPath:
-                                      description: |-
-                                        If referring to a piece of an object instead of an entire object, this string
-                                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                        the event) or if no container name is specified "spec.containers[2]" (container with
-                                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                        referencing a part of an object.
-                                      type: string
-                                    kind:
-                                      description: |-
-                                        Kind of the referent.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                      type: string
-                                    name:
-                                      description: |-
-                                        Name of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    namespace:
-                                      description: |-
-                                        Namespace of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                      type: string
-                                    resourceVersion:
-                                      description: |-
-                                        Specific resourceVersion to which this reference is made, if any.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                      type: string
-                                    uid:
-                                      description: |-
-                                        UID of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                      type: string
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                              required:
-                              - ref
-                              type: object
-                            infrastructure:
-                              description: |-
-                                infrastructure contains the infrastructure template reference to be used
-                                for the creation of the MachinePool.
-                              properties:
-                                ref:
-                                  description: |-
-                                    ref is a required reference to a custom resource
-                                    offered by a provider.
-                                  properties:
-                                    apiVersion:
-                                      description: API version of the referent.
-                                      type: string
-                                    fieldPath:
-                                      description: |-
-                                        If referring to a piece of an object instead of an entire object, this string
-                                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                        the event) or if no container name is specified "spec.containers[2]" (container with
-                                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                        referencing a part of an object.
-                                      type: string
-                                    kind:
-                                      description: |-
-                                        Kind of the referent.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                      type: string
-                                    name:
-                                      description: |-
-                                        Name of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    namespace:
-                                      description: |-
-                                        Namespace of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                      type: string
-                                    resourceVersion:
-                                      description: |-
-                                        Specific resourceVersion to which this reference is made, if any.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                      type: string
-                                    uid:
-                                      description: |-
-                                        UID of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                      type: string
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                              required:
-                              - ref
-                              type: object
-                            metadata:
-                              description: |-
-                                metadata is the metadata applied to the MachinePool.
-                                At runtime this metadata is merged with the corresponding metadata from the topology.
-                              properties:
-                                annotations:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    annotations is an unstructured key value map stored with a resource that may be
-                                    set by external tools to store and retrieve arbitrary metadata. They are not
-                                    queryable and should be preserved when modifying objects.
-                                    More info: http://kubernetes.io/docs/user-guide/annotations
-                                  type: object
-                                labels:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    Map of string keys and values that can be used to organize and categorize
-                                    (scope and select) objects. May match selectors of replication controllers
-                                    and services.
-                                    More info: http://kubernetes.io/docs/user-guide/labels
-                                  type: object
-                              type: object
-                          required:
-                          - bootstrap
-                          - infrastructure
-                          type: object
-                      required:
-                      - class
-                      - template
-                      type: object
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - class
-                    x-kubernetes-list-type: map
-                type: object
-            type: object
-          status:
-            description: ClusterClassStatus defines the observed state of the ClusterClass.
-            properties:
-              conditions:
-                description: conditions defines current observed state of the ClusterClass.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in ClusterClass's status with the V1Beta2 version.
-                properties:
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a ClusterClass's current state.
-                      Known condition types are VariablesReady, RefVersionsUpToDate, Paused.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                type: object
-              variables:
-                description: variables is a list of ClusterClassStatusVariable that
-                  are defined for the ClusterClass.
-                items:
-                  description: ClusterClassStatusVariable defines a variable which
-                    appears in the status of a ClusterClass.
-                  properties:
-                    definitions:
-                      description: definitions is a list of definitions for a variable.
-                      items:
-                        description: ClusterClassStatusVariableDefinition defines
-                          a variable which appears in the status of a ClusterClass.
-                        properties:
-                          from:
-                            description: |-
-                              from specifies the origin of the variable definition.
-                              This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass
-                              for variables discovered from a DiscoverVariables runtime extensions.
-                            type: string
-                          metadata:
-                            description: |-
-                              metadata is the metadata of a variable.
-                              It can be used to add additional data for higher level tools to
-                              a ClusterClassVariable.
-
-                              Deprecated: This field is deprecated and is going to be removed in the next apiVersion.
-                            properties:
-                              annotations:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  annotations is an unstructured key value map that can be used to store and
-                                  retrieve arbitrary metadata.
-                                  They are not queryable.
-                                type: object
-                              labels:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  Map of string keys and values that can be used to organize and categorize
-                                  (scope and select) variables.
-                                type: object
-                            type: object
-                          required:
-                            description: |-
-                              required specifies if the variable is required.
-                              Note: this applies to the variable as a whole and thus the
-                              top-level object defined in the schema. If nested fields are
-                              required, this will be specified inside the schema.
-                            type: boolean
-                          schema:
-                            description: schema defines the schema of the variable.
-                            properties:
-                              openAPIV3Schema:
-                                description: |-
-                                  openAPIV3Schema defines the schema of a variable via OpenAPI v3
-                                  schema. The schema is a subset of the schema used in
-                                  Kubernetes CRDs.
-                                properties:
-                                  additionalProperties:
-                                    description: |-
-                                      additionalProperties specifies the schema of values in a map (keys are always strings).
-                                      NOTE: Can only be set if type is object.
-                                      NOTE: AdditionalProperties is mutually exclusive with Properties.
-                                      NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                      because recursive validation is not possible.
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  allOf:
-                                    description: |-
-                                      allOf specifies that the variable must validate against all of the subschemas in the array.
-                                      NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                      because recursive validation is not possible.
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  anyOf:
-                                    description: |-
-                                      anyOf specifies that the variable must validate against one or more of the subschemas in the array.
-                                      NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                      because recursive validation is not possible.
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  default:
-                                    description: |-
-                                      default is the default value of the variable.
-                                      NOTE: Can be set for all types.
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  description:
-                                    description: description is a human-readable description
-                                      of this variable.
-                                    type: string
-                                  enum:
-                                    description: |-
-                                      enum is the list of valid values of the variable.
-                                      NOTE: Can be set for all types.
-                                    items:
-                                      x-kubernetes-preserve-unknown-fields: true
-                                    type: array
-                                  example:
-                                    description: example is an example for this variable.
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  exclusiveMaximum:
-                                    description: |-
-                                      exclusiveMaximum specifies if the Maximum is exclusive.
-                                      NOTE: Can only be set if type is integer or number.
-                                    type: boolean
-                                  exclusiveMinimum:
-                                    description: |-
-                                      exclusiveMinimum specifies if the Minimum is exclusive.
-                                      NOTE: Can only be set if type is integer or number.
-                                    type: boolean
-                                  format:
-                                    description: |-
-                                      format is an OpenAPI v3 format string. Unknown formats are ignored.
-                                      For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using)
-                                      https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go
-                                      NOTE: Can only be set if type is string.
-                                    type: string
-                                  items:
-                                    description: |-
-                                      items specifies fields of an array.
-                                      NOTE: Can only be set if type is array.
-                                      NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                      because recursive validation is not possible.
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  maxItems:
-                                    description: |-
-                                      maxItems is the max length of an array variable.
-                                      NOTE: Can only be set if type is array.
-                                    format: int64
-                                    type: integer
-                                  maxLength:
-                                    description: |-
-                                      maxLength is the max length of a string variable.
-                                      NOTE: Can only be set if type is string.
-                                    format: int64
-                                    type: integer
-                                  maxProperties:
-                                    description: |-
-                                      maxProperties is the maximum amount of entries in a map or properties in an object.
-                                      NOTE: Can only be set if type is object.
-                                    format: int64
-                                    type: integer
-                                  maximum:
-                                    description: |-
-                                      maximum is the maximum of an integer or number variable.
-                                      If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum.
-                                      If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum.
-                                      NOTE: Can only be set if type is integer or number.
-                                    format: int64
-                                    type: integer
-                                  minItems:
-                                    description: |-
-                                      minItems is the min length of an array variable.
-                                      NOTE: Can only be set if type is array.
-                                    format: int64
-                                    type: integer
-                                  minLength:
-                                    description: |-
-                                      minLength is the min length of a string variable.
-                                      NOTE: Can only be set if type is string.
-                                    format: int64
-                                    type: integer
-                                  minProperties:
-                                    description: |-
-                                      minProperties is the minimum amount of entries in a map or properties in an object.
-                                      NOTE: Can only be set if type is object.
-                                    format: int64
-                                    type: integer
-                                  minimum:
-                                    description: |-
-                                      minimum is the minimum of an integer or number variable.
-                                      If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum.
-                                      If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum.
-                                      NOTE: Can only be set if type is integer or number.
-                                    format: int64
-                                    type: integer
-                                  not:
-                                    description: |-
-                                      not specifies that the variable must not validate against the subschema.
-                                      NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                      because recursive validation is not possible.
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  oneOf:
-                                    description: |-
-                                      oneOf specifies that the variable must validate against exactly one of the subschemas in the array.
-                                      NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                      because recursive validation is not possible.
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  pattern:
-                                    description: |-
-                                      pattern is the regex which a string variable must match.
-                                      NOTE: Can only be set if type is string.
-                                    type: string
-                                  properties:
-                                    description: |-
-                                      properties specifies fields of an object.
-                                      NOTE: Can only be set if type is object.
-                                      NOTE: Properties is mutually exclusive with AdditionalProperties.
-                                      NOTE: This field uses PreserveUnknownFields and Schemaless,
-                                      because recursive validation is not possible.
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  required:
-                                    description: |-
-                                      required specifies which fields of an object are required.
-                                      NOTE: Can only be set if type is object.
-                                    items:
-                                      type: string
-                                    type: array
-                                  type:
-                                    description: |-
-                                      type is the type of the variable.
-                                      Valid values are: object, array, string, integer, number or boolean.
-                                    type: string
-                                  uniqueItems:
-                                    description: |-
-                                      uniqueItems specifies if items in an array must be unique.
-                                      NOTE: Can only be set if type is array.
-                                    type: boolean
-                                  x-kubernetes-int-or-string:
-                                    description: |-
-                                      x-kubernetes-int-or-string specifies that this value is
-                                      either an integer or a string. If this is true, an empty
-                                      type is allowed and type as child of anyOf is permitted
-                                      if following one of the following patterns:
-
-                                      1) anyOf:
-                                         - type: integer
-                                         - type: string
-                                      2) allOf:
-                                         - anyOf:
-                                           - type: integer
-                                           - type: string
-                                         - ... zero or more
-                                    type: boolean
-                                  x-kubernetes-preserve-unknown-fields:
-                                    description: |-
-                                      x-kubernetes-preserve-unknown-fields allows setting fields in a variable object
-                                      which are not defined in the variable schema. This affects fields recursively,
-                                      except if nested properties or additionalProperties are specified in the schema.
-                                    type: boolean
-                                  x-kubernetes-validations:
-                                    description: x-kubernetes-validations describes
-                                      a list of validation rules written in the CEL
-                                      expression language.
-                                    items:
-                                      description: ValidationRule describes a validation
-                                        rule written in the CEL expression language.
-                                      properties:
-                                        fieldPath:
-                                          description: |-
-                                            fieldPath represents the field path returned when the validation fails.
-                                            It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.
-                                            e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`
-                                            If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`
-                                            It does not support list numeric index.
-                                            It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.
-                                            Numeric index of array is not supported.
-                                            For field name which contains special characters, use `['specialName']` to refer the field name.
-                                            e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`
-                                          type: string
-                                        message:
-                                          description: |-
-                                            message represents the message displayed when validation fails. The message is required if the Rule contains
-                                            line breaks. The message must not contain line breaks.
-                                            If unset, the message is "failed rule: {Rule}".
-                                            e.g. "must be a URL with the host matching spec.host"
-                                          type: string
-                                        messageExpression:
-                                          description: |-
-                                            messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
-                                            Since messageExpression is used as a failure message, it must evaluate to a string.
-                                            If both message and messageExpression are present on a rule, then messageExpression will be used if validation
-                                            fails. If messageExpression results in a runtime error, the validation failure message is produced
-                                            as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
-                                            that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset.
-                                            messageExpression has access to all the same variables as the rule; the only difference is the return type.
-                                            Example:
-                                            "x must be less than max ("+string(self.max)+")"
-                                          type: string
-                                        reason:
-                                          default: FieldValueInvalid
-                                          description: |-
-                                            reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.
-                                            The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate".
-                                            If not set, default to use "FieldValueInvalid".
-                                            All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.
-                                          enum:
-                                          - FieldValueInvalid
-                                          - FieldValueForbidden
-                                          - FieldValueRequired
-                                          - FieldValueDuplicate
-                                          type: string
-                                        rule:
-                                          description: "rule represents the expression
-                                            which will be evaluated by CEL.\nref:
-                                            https://github.com/google/cel-spec\nThe
-                                            Rule is scoped to the location of the
-                                            x-kubernetes-validations extension in
-                                            the schema.\nThe `self` variable in the
-                                            CEL expression is bound to the scoped
-                                            value.\nIf the Rule is scoped to an object
-                                            with properties, the accessible properties
-                                            of the object are field selectable\nvia
-                                            `self.field` and field presence can be
-                                            checked via `has(self.field)`.\nIf the
-                                            Rule is scoped to an object with additionalProperties
-                                            (i.e. a map) the value of the map\nare
-                                            accessible via `self[mapKey]`, map containment
-                                            can be checked via `mapKey in self` and
-                                            all entries of the map\nare accessible
-                                            via CEL macros and functions such as `self.all(...)`.\nIf
-                                            the Rule is scoped to an array, the elements
-                                            of the array are accessible via `self[i]`
-                                            and also by macros and\nfunctions.\nIf
-                                            the Rule is scoped to a scalar, `self`
-                                            is bound to the scalar value.\nExamples:\n-
-                                            Rule scoped to a map of objects: {\"rule\":
-                                            \"self.components['Widget'].priority <
-                                            10\"}\n- Rule scoped to a list of integers:
-                                            {\"rule\": \"self.values.all(value, value
-                                            >= 0 && value < 100)\"}\n- Rule scoped
-                                            to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown
-                                            data preserved in custom resources via
-                                            x-kubernetes-preserve-unknown-fields is
-                                            not accessible in CEL\nexpressions. This
-                                            includes:\n- Unknown field values that
-                                            are preserved by object schemas with x-kubernetes-preserve-unknown-fields.\n-
-                                            Object properties where the property schema
-                                            is of an \"unknown type\". An \"unknown
-                                            type\" is recursively defined as:\n  -
-                                            A schema with no type and x-kubernetes-preserve-unknown-fields
-                                            set to true\n  - An array where the items
-                                            schema is of an \"unknown type\"\n  -
-                                            An object where the additionalProperties
-                                            schema is of an \"unknown type\"\n\nOnly
-                                            property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`
-                                            are accessible.\nAccessible property names
-                                            are escaped according to the following
-                                            rules when accessed in the expression:\n-
-                                            '__' escapes to '__underscores__'\n- '.'
-                                            escapes to '__dot__'\n- '-' escapes to
-                                            '__dash__'\n- '/' escapes to '__slash__'\n-
-                                            Property names that exactly match a CEL
-                                            RESERVED keyword escape to '__{keyword}__'.
-                                            The keywords are:\n\t  \"true\", \"false\",
-                                            \"null\", \"in\", \"as\", \"break\", \"const\",
-                                            \"continue\", \"else\", \"for\", \"function\",
-                                            \"if\",\n\t  \"import\", \"let\", \"loop\",
-                                            \"package\", \"namespace\", \"return\".\nExamples:\n
-                                            \ - Rule accessing a property named \"namespace\":
-                                            {\"rule\": \"self.__namespace__ > 0\"}\n
-                                            \ - Rule accessing a property named \"x-prop\":
-                                            {\"rule\": \"self.x__dash__prop > 0\"}\n
-                                            \ - Rule accessing a property named \"redact__d\":
-                                            {\"rule\": \"self.redact__underscores__d
-                                            > 0\"}\n\nIf `rule` makes use of the `oldSelf`
-                                            variable it is implicitly a\n`transition
-                                            rule`.\n\nBy default, the `oldSelf` variable
-                                            is the same type as `self`.\n\nTransition
-                                            rules by default are applied only on UPDATE
-                                            requests and are\nskipped if an old value
-                                            could not be found."
-                                          type: string
-                                      required:
-                                      - rule
-                                      type: object
-                                    type: array
-                                    x-kubernetes-list-map-keys:
-                                    - rule
-                                    x-kubernetes-list-type: map
-                                  x-metadata:
-                                    description: |-
-                                      x-metadata is the metadata of a variable or a nested field within a variable.
-                                      It can be used to add additional data for higher level tools.
-                                    properties:
-                                      annotations:
-                                        additionalProperties:
-                                          type: string
-                                        description: |-
-                                          annotations is an unstructured key value map that can be used to store and
-                                          retrieve arbitrary metadata.
-                                          They are not queryable.
-                                        type: object
-                                      labels:
-                                        additionalProperties:
-                                          type: string
-                                        description: |-
-                                          Map of string keys and values that can be used to organize and categorize
-                                          (scope and select) variables.
-                                        type: object
-                                    type: object
-                                type: object
-                            required:
-                            - openAPIV3Schema
-                            type: object
-                        required:
-                        - from
-                        - required
-                        - schema
-                        type: object
-                      type: array
-                    definitionsConflict:
-                      description: definitionsConflict specifies whether or not there
-                        are conflicting definitions for a single variable name.
-                      type: boolean
-                    name:
-                      description: name is the name of the variable.
-                      type: string
-                  required:
-                  - definitions
-                  - name
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: clusterresourcesetbindings.addons.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: addons.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: ClusterResourceSetBinding
-    listKind: ClusterResourceSetBindingList
-    plural: clusterresourcesetbindings
-    singular: clusterresourcesetbinding
-  scope: Namespaced
-  versions:
-  - deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterResourceSetBindingSpec defines the desired state of
-              ClusterResourceSetBinding.
-            properties:
-              bindings:
-                description: bindings is a list of ClusterResourceSets and their resources.
-                items:
-                  description: ResourceSetBinding keeps info on all of the resources
-                    in a ClusterResourceSet.
-                  properties:
-                    clusterResourceSetName:
-                      description: clusterResourceSetName is the name of the ClusterResourceSet
-                        that is applied to the owner cluster of the binding.
-                      type: string
-                    resources:
-                      description: resources is a list of resources that the ClusterResourceSet
-                        has.
-                      items:
-                        description: ResourceBinding shows the status of a resource
-                          that belongs to a ClusterResourceSet matched by the owner
-                          cluster of the ClusterResourceSetBinding object.
-                        properties:
-                          applied:
-                            description: applied is to track if a resource is applied
-                              to the cluster or not.
-                            type: boolean
-                          hash:
-                            description: |-
-                              hash is the hash of a resource's data. This can be used to decide if a resource is changed.
-                              For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.
-                            type: string
-                          kind:
-                            description: 'kind of the resource. Supported kinds are:
-                              Secrets and ConfigMaps.'
-                            enum:
-                            - Secret
-                            - ConfigMap
-                            type: string
-                          lastAppliedTime:
-                            description: lastAppliedTime identifies when this resource
-                              was last applied to the cluster.
-                            format: date-time
-                            type: string
-                          name:
-                            description: name of the resource that is in the same
-                              namespace with ClusterResourceSet object.
-                            minLength: 1
-                            type: string
-                        required:
-                        - applied
-                        - kind
-                        - name
-                        type: object
-                      type: array
-                  required:
-                  - clusterResourceSetName
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of ClusterResourceSetBinding
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterResourceSetBindingSpec defines the desired state of
-              ClusterResourceSetBinding.
-            properties:
-              bindings:
-                description: bindings is a list of ClusterResourceSets and their resources.
-                items:
-                  description: ResourceSetBinding keeps info on all of the resources
-                    in a ClusterResourceSet.
-                  properties:
-                    clusterResourceSetName:
-                      description: clusterResourceSetName is the name of the ClusterResourceSet
-                        that is applied to the owner cluster of the binding.
-                      type: string
-                    resources:
-                      description: resources is a list of resources that the ClusterResourceSet
-                        has.
-                      items:
-                        description: ResourceBinding shows the status of a resource
-                          that belongs to a ClusterResourceSet matched by the owner
-                          cluster of the ClusterResourceSetBinding object.
-                        properties:
-                          applied:
-                            description: applied is to track if a resource is applied
-                              to the cluster or not.
-                            type: boolean
-                          hash:
-                            description: |-
-                              hash is the hash of a resource's data. This can be used to decide if a resource is changed.
-                              For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.
-                            type: string
-                          kind:
-                            description: 'kind of the resource. Supported kinds are:
-                              Secrets and ConfigMaps.'
-                            enum:
-                            - Secret
-                            - ConfigMap
-                            type: string
-                          lastAppliedTime:
-                            description: lastAppliedTime identifies when this resource
-                              was last applied to the cluster.
-                            format: date-time
-                            type: string
-                          name:
-                            description: name of the resource that is in the same
-                              namespace with ClusterResourceSet object.
-                            minLength: 1
-                            type: string
-                        required:
-                        - applied
-                        - kind
-                        - name
-                        type: object
-                      type: array
-                  required:
-                  - clusterResourceSetName
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of ClusterResourceSetBinding
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: ClusterResourceSetBinding lists all matching ClusterResourceSets
-          with the cluster it belongs to.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterResourceSetBindingSpec defines the desired state of
-              ClusterResourceSetBinding.
-            properties:
-              bindings:
-                description: bindings is a list of ClusterResourceSets and their resources.
-                items:
-                  description: ResourceSetBinding keeps info on all of the resources
-                    in a ClusterResourceSet.
-                  properties:
-                    clusterResourceSetName:
-                      description: clusterResourceSetName is the name of the ClusterResourceSet
-                        that is applied to the owner cluster of the binding.
-                      type: string
-                    resources:
-                      description: resources is a list of resources that the ClusterResourceSet
-                        has.
-                      items:
-                        description: ResourceBinding shows the status of a resource
-                          that belongs to a ClusterResourceSet matched by the owner
-                          cluster of the ClusterResourceSetBinding object.
-                        properties:
-                          applied:
-                            description: applied is to track if a resource is applied
-                              to the cluster or not.
-                            type: boolean
-                          hash:
-                            description: |-
-                              hash is the hash of a resource's data. This can be used to decide if a resource is changed.
-                              For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.
-                            type: string
-                          kind:
-                            description: 'kind of the resource. Supported kinds are:
-                              Secrets and ConfigMaps.'
-                            enum:
-                            - Secret
-                            - ConfigMap
-                            type: string
-                          lastAppliedTime:
-                            description: lastAppliedTime identifies when this resource
-                              was last applied to the cluster.
-                            format: date-time
-                            type: string
-                          name:
-                            description: name of the resource that is in the same
-                              namespace with ClusterResourceSet object.
-                            minLength: 1
-                            type: string
-                        required:
-                        - applied
-                        - kind
-                        - name
-                        type: object
-                      type: array
-                  required:
-                  - clusterResourceSetName
-                  type: object
-                type: array
-              clusterName:
-                description: |-
-                  clusterName is the name of the Cluster this binding applies to.
-                  Note: this field mandatory in v1beta2.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: clusterresourcesets.addons.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: addons.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: ClusterResourceSet
-    listKind: ClusterResourceSetList
-    plural: clusterresourcesets
-    singular: clusterresourceset
-  scope: Namespaced
-  versions:
-  - deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          ClusterResourceSet is the Schema for the clusterresourcesets API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
-            properties:
-              clusterSelector:
-                description: |-
-                  Label selector for Clusters. The Clusters that are
-                  selected by this will be the ones affected by this ClusterResourceSet.
-                  It must match the Cluster labels. This field is immutable.
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              resources:
-                description: resources is a list of Secrets/ConfigMaps where each
-                  contains 1 or more resources to be applied to remote clusters.
-                items:
-                  description: ResourceRef specifies a resource.
-                  properties:
-                    kind:
-                      description: 'kind of the resource. Supported kinds are: Secrets
-                        and ConfigMaps.'
-                      enum:
-                      - Secret
-                      - ConfigMap
-                      type: string
-                    name:
-                      description: name of the resource that is in the same namespace
-                        with ClusterResourceSet object.
-                      minLength: 1
-                      type: string
-                  required:
-                  - kind
-                  - name
-                  type: object
-                type: array
-              strategy:
-                description: strategy is the strategy to be used during applying resources.
-                  Defaults to ApplyOnce. This field is immutable.
-                enum:
-                - ApplyOnce
-                type: string
-            required:
-            - clusterSelector
-            type: object
-          status:
-            description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
-            properties:
-              conditions:
-                description: conditions defines current state of the ClusterResourceSet.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              observedGeneration:
-                description: observedGeneration reflects the generation of the most
-                  recently observed ClusterResourceSet.
-                format: int64
-                type: integer
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of ClusterResourceSet
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          ClusterResourceSet is the Schema for the clusterresourcesets API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
-            properties:
-              clusterSelector:
-                description: |-
-                  Label selector for Clusters. The Clusters that are
-                  selected by this will be the ones affected by this ClusterResourceSet.
-                  It must match the Cluster labels. This field is immutable.
-                  Label selector cannot be empty.
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              resources:
-                description: resources is a list of Secrets/ConfigMaps where each
-                  contains 1 or more resources to be applied to remote clusters.
-                items:
-                  description: ResourceRef specifies a resource.
-                  properties:
-                    kind:
-                      description: 'kind of the resource. Supported kinds are: Secrets
-                        and ConfigMaps.'
-                      enum:
-                      - Secret
-                      - ConfigMap
-                      type: string
-                    name:
-                      description: name of the resource that is in the same namespace
-                        with ClusterResourceSet object.
-                      minLength: 1
-                      type: string
-                  required:
-                  - kind
-                  - name
-                  type: object
-                type: array
-              strategy:
-                description: strategy is the strategy to be used during applying resources.
-                  Defaults to ApplyOnce. This field is immutable.
-                enum:
-                - ApplyOnce
-                type: string
-            required:
-            - clusterSelector
-            type: object
-          status:
-            description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
-            properties:
-              conditions:
-                description: conditions defines current state of the ClusterResourceSet.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              observedGeneration:
-                description: observedGeneration reflects the generation of the most
-                  recently observed ClusterResourceSet.
-                format: int64
-                type: integer
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of ClusterResourceSet
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: ClusterResourceSet is the Schema for the clusterresourcesets
-          API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
-            properties:
-              clusterSelector:
-                description: |-
-                  Label selector for Clusters. The Clusters that are
-                  selected by this will be the ones affected by this ClusterResourceSet.
-                  It must match the Cluster labels. This field is immutable.
-                  Label selector cannot be empty.
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              resources:
-                description: resources is a list of Secrets/ConfigMaps where each
-                  contains 1 or more resources to be applied to remote clusters.
-                items:
-                  description: ResourceRef specifies a resource.
-                  properties:
-                    kind:
-                      description: 'kind of the resource. Supported kinds are: Secrets
-                        and ConfigMaps.'
-                      enum:
-                      - Secret
-                      - ConfigMap
-                      type: string
-                    name:
-                      description: name of the resource that is in the same namespace
-                        with ClusterResourceSet object.
-                      minLength: 1
-                      type: string
-                  required:
-                  - kind
-                  - name
-                  type: object
-                type: array
-              strategy:
-                description: strategy is the strategy to be used during applying resources.
-                  Defaults to ApplyOnce. This field is immutable.
-                enum:
-                - ApplyOnce
-                - Reconcile
-                type: string
-            required:
-            - clusterSelector
-            type: object
-          status:
-            description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
-            properties:
-              conditions:
-                description: conditions defines current state of the ClusterResourceSet.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              observedGeneration:
-                description: observedGeneration reflects the generation of the most
-                  recently observed ClusterResourceSet.
-                format: int64
-                type: integer
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in ClusterResourceSet's status with the V1Beta2 version.
-                properties:
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a ClusterResourceSet's current state.
-                      Known condition types are ResourceSetApplied, Deleting.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: clusters.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: Cluster
-    listKind: ClusterList
-    plural: clusters
-    shortNames:
-    - cl
-    singular: cluster
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: Cluster is the Schema for the clusters API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterSpec defines the desired state of Cluster.
-            properties:
-              clusterNetwork:
-                description: Cluster network configuration.
-                properties:
-                  apiServerPort:
-                    description: |-
-                      apiServerPort specifies the port the API Server should bind to.
-                      Defaults to 6443.
-                    format: int32
-                    type: integer
-                  pods:
-                    description: The network ranges from which Pod networks are allocated.
-                    properties:
-                      cidrBlocks:
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - cidrBlocks
-                    type: object
-                  serviceDomain:
-                    description: Domain name for services.
-                    type: string
-                  services:
-                    description: The network ranges from which service VIPs are allocated.
-                    properties:
-                      cidrBlocks:
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - cidrBlocks
-                    type: object
-                type: object
-              controlPlaneEndpoint:
-                description: controlPlaneEndpoint represents the endpoint used to
-                  communicate with the control plane.
-                properties:
-                  host:
-                    description: The hostname on which the API server is serving.
-                    type: string
-                  port:
-                    description: The port on which the API server is serving.
-                    format: int32
-                    type: integer
-                required:
-                - host
-                - port
-                type: object
-              controlPlaneRef:
-                description: |-
-                  controlPlaneRef is an optional reference to a provider-specific resource that holds
-                  the details for provisioning the Control Plane for a Cluster.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              infrastructureRef:
-                description: |-
-                  infrastructureRef is a reference to a provider-specific resource that holds the details
-                  for provisioning infrastructure for a cluster in said provider.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              paused:
-                description: paused can be used to prevent controllers from processing
-                  the Cluster and all its associated objects.
-                type: boolean
-            type: object
-          status:
-            description: ClusterStatus defines the observed state of Cluster.
-            properties:
-              conditions:
-                description: conditions defines current service state of the cluster.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              controlPlaneInitialized:
-                description: controlPlaneInitialized defines if the control plane
-                  has been initialized.
-                type: boolean
-              controlPlaneReady:
-                description: controlPlaneReady defines if the control plane is ready.
-                type: boolean
-              failureDomains:
-                additionalProperties:
-                  description: |-
-                    FailureDomainSpec is the Schema for Cluster API failure domains.
-                    It allows controllers to understand how many failure domains a cluster can optionally span across.
-                  properties:
-                    attributes:
-                      additionalProperties:
-                        type: string
-                      description: attributes is a free form map of attributes an
-                        infrastructure provider might use or require.
-                      type: object
-                    controlPlane:
-                      description: controlPlane determines if this failure domain
-                        is suitable for use by control plane machines.
-                      type: boolean
-                  type: object
-                description: failureDomains is a slice of failure domain objects synced
-                  from the infrastructure provider.
-                type: object
-              failureMessage:
-                description: |-
-                  failureMessage indicates that there is a fatal problem reconciling the
-                  state, and will be set to a descriptive error message.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason indicates that there is a fatal problem reconciling the
-                  state, and will be set to a token value suitable for
-                  programmatic interpretation.
-                type: string
-              infrastructureReady:
-                description: infrastructureReady is the state of the infrastructure
-                  provider.
-                type: boolean
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              phase:
-                description: |-
-                  phase represents the current phase of cluster actuation.
-                  E.g. Pending, Running, Terminating, Failed etc.
-                type: string
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of Cluster
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          Cluster is the Schema for the clusters API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterSpec defines the desired state of Cluster.
-            properties:
-              clusterNetwork:
-                description: Cluster network configuration.
-                properties:
-                  apiServerPort:
-                    description: |-
-                      apiServerPort specifies the port the API Server should bind to.
-                      Defaults to 6443.
-                    format: int32
-                    type: integer
-                  pods:
-                    description: The network ranges from which Pod networks are allocated.
-                    properties:
-                      cidrBlocks:
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - cidrBlocks
-                    type: object
-                  serviceDomain:
-                    description: Domain name for services.
-                    type: string
-                  services:
-                    description: The network ranges from which service VIPs are allocated.
-                    properties:
-                      cidrBlocks:
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - cidrBlocks
-                    type: object
-                type: object
-              controlPlaneEndpoint:
-                description: controlPlaneEndpoint represents the endpoint used to
-                  communicate with the control plane.
-                properties:
-                  host:
-                    description: The hostname on which the API server is serving.
-                    type: string
-                  port:
-                    description: The port on which the API server is serving.
-                    format: int32
-                    type: integer
-                required:
-                - host
-                - port
-                type: object
-              controlPlaneRef:
-                description: |-
-                  controlPlaneRef is an optional reference to a provider-specific resource that holds
-                  the details for provisioning the Control Plane for a Cluster.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              infrastructureRef:
-                description: |-
-                  infrastructureRef is a reference to a provider-specific resource that holds the details
-                  for provisioning infrastructure for a cluster in said provider.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              paused:
-                description: paused can be used to prevent controllers from processing
-                  the Cluster and all its associated objects.
-                type: boolean
-              topology:
-                description: |-
-                  This encapsulates the topology for the cluster.
-                  NOTE: It is required to enable the ClusterTopology
-                  feature gate flag to activate managed topologies support;
-                  this feature is highly experimental, and parts of it might still be not implemented.
-                properties:
-                  class:
-                    description: The name of the ClusterClass object to create the
-                      topology.
-                    type: string
-                  controlPlane:
-                    description: controlPlane describes the cluster control plane.
-                    properties:
-                      metadata:
-                        description: |-
-                          metadata is the metadata applied to the machines of the ControlPlane.
-                          At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
-
-                          This field is supported if and only if the control plane provider template
-                          referenced in the ClusterClass is Machine based.
-                        properties:
-                          annotations:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              annotations is an unstructured key value map stored with a resource that may be
-                              set by external tools to store and retrieve arbitrary metadata. They are not
-                              queryable and should be preserved when modifying objects.
-                              More info: http://kubernetes.io/docs/user-guide/annotations
-                            type: object
-                          labels:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              Map of string keys and values that can be used to organize and categorize
-                              (scope and select) objects. May match selectors of replication controllers
-                              and services.
-                              More info: http://kubernetes.io/docs/user-guide/labels
-                            type: object
-                        type: object
-                      replicas:
-                        description: |-
-                          replicas is the number of control plane nodes.
-                          If the value is nil, the ControlPlane object is created without the number of Replicas
-                          and it's assumed that the control plane controller does not implement support for this field.
-                          When specified against a control plane provider that lacks support for this field, this value will be ignored.
-                        format: int32
-                        type: integer
-                    type: object
-                  rolloutAfter:
-                    description: |-
-                      rolloutAfter performs a rollout of the entire cluster one component at a time,
-                      control plane first and then machine deployments.
-                    format: date-time
-                    type: string
-                  version:
-                    description: The Kubernetes version of the cluster.
-                    type: string
-                  workers:
-                    description: |-
-                      workers encapsulates the different constructs that form the worker nodes
-                      for the cluster.
-                    properties:
-                      machineDeployments:
-                        description: machineDeployments is a list of machine deployments
-                          in the cluster.
-                        items:
-                          description: |-
-                            MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology.
-                            This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.
-                          properties:
-                            class:
-                              description: |-
-                                class is the name of the MachineDeploymentClass used to create the set of worker nodes.
-                                This should match one of the deployment classes defined in the ClusterClass object
-                                mentioned in the `Cluster.Spec.Class` field.
-                              type: string
-                            metadata:
-                              description: |-
-                                metadata is the metadata applied to the machines of the MachineDeployment.
-                                At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
-                              properties:
-                                annotations:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    annotations is an unstructured key value map stored with a resource that may be
-                                    set by external tools to store and retrieve arbitrary metadata. They are not
-                                    queryable and should be preserved when modifying objects.
-                                    More info: http://kubernetes.io/docs/user-guide/annotations
-                                  type: object
-                                labels:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    Map of string keys and values that can be used to organize and categorize
-                                    (scope and select) objects. May match selectors of replication controllers
-                                    and services.
-                                    More info: http://kubernetes.io/docs/user-guide/labels
-                                  type: object
-                              type: object
-                            name:
-                              description: |-
-                                name is the unique identifier for this MachineDeploymentTopology.
-                                The value is used with other unique identifiers to create a MachineDeployment's Name
-                                (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length,
-                                the values are hashed together.
-                              type: string
-                            replicas:
-                              description: |-
-                                replicas is the number of worker nodes belonging to this set.
-                                If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to zero)
-                                and it's assumed that an external entity (like cluster autoscaler) is responsible for the management
-                                of this value.
-                              format: int32
-                              type: integer
-                          required:
-                          - class
-                          - name
-                          type: object
-                        type: array
-                    type: object
-                required:
-                - class
-                - version
-                type: object
-            type: object
-          status:
-            description: ClusterStatus defines the observed state of Cluster.
-            properties:
-              conditions:
-                description: conditions defines current service state of the cluster.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              controlPlaneReady:
-                description: controlPlaneReady defines if the control plane is ready.
-                type: boolean
-              failureDomains:
-                additionalProperties:
-                  description: |-
-                    FailureDomainSpec is the Schema for Cluster API failure domains.
-                    It allows controllers to understand how many failure domains a cluster can optionally span across.
-                  properties:
-                    attributes:
-                      additionalProperties:
-                        type: string
-                      description: attributes is a free form map of attributes an
-                        infrastructure provider might use or require.
-                      type: object
-                    controlPlane:
-                      description: controlPlane determines if this failure domain
-                        is suitable for use by control plane machines.
-                      type: boolean
-                  type: object
-                description: failureDomains is a slice of failure domain objects synced
-                  from the infrastructure provider.
-                type: object
-              failureMessage:
-                description: |-
-                  failureMessage indicates that there is a fatal problem reconciling the
-                  state, and will be set to a descriptive error message.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason indicates that there is a fatal problem reconciling the
-                  state, and will be set to a token value suitable for
-                  programmatic interpretation.
-                type: string
-              infrastructureReady:
-                description: infrastructureReady is the state of the infrastructure
-                  provider.
-                type: boolean
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              phase:
-                description: |-
-                  phase represents the current phase of cluster actuation.
-                  E.g. Pending, Running, Terminating, Failed etc.
-                type: string
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: ClusterClass of this Cluster, empty if the Cluster is not using
-        a ClusterClass
-      jsonPath: .spec.topology.class
-      name: ClusterClass
-      type: string
-    - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Time duration since creation of Cluster
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Kubernetes version associated with this Cluster
-      jsonPath: .spec.topology.version
-      name: Version
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: Cluster is the Schema for the clusters API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ClusterSpec defines the desired state of Cluster.
-            properties:
-              availabilityGates:
-                description: |-
-                  availabilityGates specifies additional conditions to include when evaluating Cluster Available condition.
-
-                  NOTE: this field is considered only for computing v1beta2 conditions.
-                items:
-                  description: ClusterAvailabilityGate contains the type of a Cluster
-                    condition to be used as availability gate.
-                  properties:
-                    conditionType:
-                      description: |-
-                        conditionType refers to a positive polarity condition (status true means good) with matching type in the Cluster's condition list.
-                        If the conditions doesn't exist, it will be treated as unknown.
-                        Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates.
-                      maxLength: 316
-                      minLength: 1
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - conditionType
-                  type: object
-                maxItems: 32
-                type: array
-                x-kubernetes-list-map-keys:
-                - conditionType
-                x-kubernetes-list-type: map
-              clusterNetwork:
-                description: Cluster network configuration.
-                properties:
-                  apiServerPort:
-                    description: |-
-                      apiServerPort specifies the port the API Server should bind to.
-                      Defaults to 6443.
-                    format: int32
-                    type: integer
-                  pods:
-                    description: The network ranges from which Pod networks are allocated.
-                    properties:
-                      cidrBlocks:
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - cidrBlocks
-                    type: object
-                  serviceDomain:
-                    description: Domain name for services.
-                    type: string
-                  services:
-                    description: The network ranges from which service VIPs are allocated.
-                    properties:
-                      cidrBlocks:
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - cidrBlocks
-                    type: object
-                type: object
-              controlPlaneEndpoint:
-                description: controlPlaneEndpoint represents the endpoint used to
-                  communicate with the control plane.
-                properties:
-                  host:
-                    description: The hostname on which the API server is serving.
-                    type: string
-                  port:
-                    description: The port on which the API server is serving.
-                    format: int32
-                    type: integer
-                required:
-                - host
-                - port
-                type: object
-              controlPlaneRef:
-                description: |-
-                  controlPlaneRef is an optional reference to a provider-specific resource that holds
-                  the details for provisioning the Control Plane for a Cluster.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              infrastructureRef:
-                description: |-
-                  infrastructureRef is a reference to a provider-specific resource that holds the details
-                  for provisioning infrastructure for a cluster in said provider.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              paused:
-                description: paused can be used to prevent controllers from processing
-                  the Cluster and all its associated objects.
-                type: boolean
-              topology:
-                description: |-
-                  This encapsulates the topology for the cluster.
-                  NOTE: It is required to enable the ClusterTopology
-                  feature gate flag to activate managed topologies support;
-                  this feature is highly experimental, and parts of it might still be not implemented.
-                properties:
-                  class:
-                    description: The name of the ClusterClass object to create the
-                      topology.
-                    type: string
-                  classNamespace:
-                    description: |-
-                      classNamespace is the namespace of the ClusterClass object to create the topology.
-                      If the namespace is empty or not set, it is defaulted to the namespace of the cluster object.
-                      Value must follow the DNS1123Subdomain syntax.
-                    maxLength: 253
-                    minLength: 1
-                    pattern: ^[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9](?:[-a-z0-9]*[a-z0-9])?)*$
-                    type: string
-                  controlPlane:
-                    description: controlPlane describes the cluster control plane.
-                    properties:
-                      machineHealthCheck:
-                        description: |-
-                          machineHealthCheck allows to enable, disable and override
-                          the MachineHealthCheck configuration in the ClusterClass for this control plane.
-                        properties:
-                          enable:
-                            description: |-
-                              enable controls if a MachineHealthCheck should be created for the target machines.
-
-                              If false: No MachineHealthCheck will be created.
-
-                              If not set(default): A MachineHealthCheck will be created if it is defined here or
-                               in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created.
-
-                              If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will
-                              block if `enable` is true and no MachineHealthCheck definition is available.
-                            type: boolean
-                          maxUnhealthy:
-                            anyOf:
-                            - type: integer
-                            - type: string
-                            description: |-
-                              Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
-                              "selector" are not healthy.
-                            x-kubernetes-int-or-string: true
-                          nodeStartupTimeout:
-                            description: |-
-                              nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
-                              to consider a Machine unhealthy if a corresponding Node isn't associated
-                              through a `Spec.ProviderID` field.
-
-                              The duration set in this field is compared to the greatest of:
-                              - Cluster's infrastructure ready condition timestamp (if and when available)
-                              - Control Plane's initialized condition timestamp (if and when available)
-                              - Machine's infrastructure ready condition timestamp (if and when available)
-                              - Machine's metadata creation timestamp
-
-                              Defaults to 10 minutes.
-                              If you wish to disable this feature, set the value explicitly to 0.
-                            type: string
-                          remediationTemplate:
-                            description: |-
-                              remediationTemplate is a reference to a remediation template
-                              provided by an infrastructure provider.
-
-                              This field is completely optional, when filled, the MachineHealthCheck controller
-                              creates a new object from the template referenced and hands off remediation of the machine to
-                              a controller that lives outside of Cluster API.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          unhealthyConditions:
-                            description: |-
-                              unhealthyConditions contains a list of the conditions that determine
-                              whether a node is considered unhealthy. The conditions are combined in a
-                              logical OR, i.e. if any of the conditions is met, the node is unhealthy.
-                            items:
-                              description: |-
-                                UnhealthyCondition represents a Node condition type and value with a timeout
-                                specified as a duration.  When the named condition has been in the given
-                                status for at least the timeout value, a node is considered unhealthy.
-                              properties:
-                                status:
-                                  minLength: 1
-                                  type: string
-                                timeout:
-                                  type: string
-                                type:
-                                  minLength: 1
-                                  type: string
-                              required:
-                              - status
-                              - timeout
-                              - type
-                              type: object
-                            type: array
-                          unhealthyRange:
-                            description: |-
-                              Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
-                              is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
-                              Eg. "[3-5]" - This means that remediation will be allowed only when:
-                              (a) there are at least 3 unhealthy machines (and)
-                              (b) there are at most 5 unhealthy machines
-                            pattern: ^\[[0-9]+-[0-9]+\]$
-                            type: string
-                        type: object
-                      metadata:
-                        description: |-
-                          metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane
-                          if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it
-                          is applied only to the ControlPlane.
-                          At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
-                        properties:
-                          annotations:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              annotations is an unstructured key value map stored with a resource that may be
-                              set by external tools to store and retrieve arbitrary metadata. They are not
-                              queryable and should be preserved when modifying objects.
-                              More info: http://kubernetes.io/docs/user-guide/annotations
-                            type: object
-                          labels:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              Map of string keys and values that can be used to organize and categorize
-                              (scope and select) objects. May match selectors of replication controllers
-                              and services.
-                              More info: http://kubernetes.io/docs/user-guide/labels
-                            type: object
-                        type: object
-                      nodeDeletionTimeout:
-                        description: |-
-                          nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
-                          hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                          Defaults to 10 seconds.
-                        type: string
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      nodeVolumeDetachTimeout:
-                        description: |-
-                          nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                          to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                        type: string
-                      replicas:
-                        description: |-
-                          replicas is the number of control plane nodes.
-                          If the value is nil, the ControlPlane object is created without the number of Replicas
-                          and it's assumed that the control plane controller does not implement support for this field.
-                          When specified against a control plane provider that lacks support for this field, this value will be ignored.
-                        format: int32
-                        type: integer
-                      variables:
-                        description: variables can be used to customize the ControlPlane
-                          through patches.
-                        properties:
-                          overrides:
-                            description: overrides can be used to override Cluster
-                              level variables.
-                            items:
-                              description: |-
-                                ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
-                                Variable definition in the ClusterClass `status` variables.
-                              properties:
-                                definitionFrom:
-                                  description: |-
-                                    definitionFrom specifies where the definition of this Variable is from.
-
-                                    Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
-                                  type: string
-                                name:
-                                  description: name of the variable.
-                                  type: string
-                                value:
-                                  description: |-
-                                    value of the variable.
-                                    Note: the value will be validated against the schema of the corresponding ClusterClassVariable
-                                    from the ClusterClass.
-                                    Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
-                                    hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
-                                    i.e. it is not possible to have no type field.
-                                    Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
-                                  x-kubernetes-preserve-unknown-fields: true
-                              required:
-                              - name
-                              - value
-                              type: object
-                            type: array
-                            x-kubernetes-list-map-keys:
-                            - name
-                            x-kubernetes-list-type: map
-                        type: object
-                    type: object
-                  rolloutAfter:
-                    description: |-
-                      rolloutAfter performs a rollout of the entire cluster one component at a time,
-                      control plane first and then machine deployments.
-
-                      Deprecated: This field has no function and is going to be removed in the next apiVersion.
-                    format: date-time
-                    type: string
-                  variables:
-                    description: |-
-                      variables can be used to customize the Cluster through
-                      patches. They must comply to the corresponding
-                      VariableClasses defined in the ClusterClass.
-                    items:
-                      description: |-
-                        ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
-                        Variable definition in the ClusterClass `status` variables.
-                      properties:
-                        definitionFrom:
-                          description: |-
-                            definitionFrom specifies where the definition of this Variable is from.
-
-                            Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
-                          type: string
-                        name:
-                          description: name of the variable.
-                          type: string
-                        value:
-                          description: |-
-                            value of the variable.
-                            Note: the value will be validated against the schema of the corresponding ClusterClassVariable
-                            from the ClusterClass.
-                            Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
-                            hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
-                            i.e. it is not possible to have no type field.
-                            Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
-                          x-kubernetes-preserve-unknown-fields: true
-                      required:
-                      - name
-                      - value
-                      type: object
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - name
-                    x-kubernetes-list-type: map
-                  version:
-                    description: The Kubernetes version of the cluster.
-                    type: string
-                  workers:
-                    description: |-
-                      workers encapsulates the different constructs that form the worker nodes
-                      for the cluster.
-                    properties:
-                      machineDeployments:
-                        description: machineDeployments is a list of machine deployments
-                          in the cluster.
-                        items:
-                          description: |-
-                            MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology.
-                            This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.
-                          properties:
-                            class:
-                              description: |-
-                                class is the name of the MachineDeploymentClass used to create the set of worker nodes.
-                                This should match one of the deployment classes defined in the ClusterClass object
-                                mentioned in the `Cluster.Spec.Class` field.
-                              type: string
-                            failureDomain:
-                              description: |-
-                                failureDomain is the failure domain the machines will be created in.
-                                Must match a key in the FailureDomains map stored on the cluster object.
-                              type: string
-                            machineHealthCheck:
-                              description: |-
-                                machineHealthCheck allows to enable, disable and override
-                                the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment.
-                              properties:
-                                enable:
-                                  description: |-
-                                    enable controls if a MachineHealthCheck should be created for the target machines.
-
-                                    If false: No MachineHealthCheck will be created.
-
-                                    If not set(default): A MachineHealthCheck will be created if it is defined here or
-                                     in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created.
-
-                                    If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will
-                                    block if `enable` is true and no MachineHealthCheck definition is available.
-                                  type: boolean
-                                maxUnhealthy:
-                                  anyOf:
-                                  - type: integer
-                                  - type: string
-                                  description: |-
-                                    Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
-                                    "selector" are not healthy.
-                                  x-kubernetes-int-or-string: true
-                                nodeStartupTimeout:
-                                  description: |-
-                                    nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
-                                    to consider a Machine unhealthy if a corresponding Node isn't associated
-                                    through a `Spec.ProviderID` field.
-
-                                    The duration set in this field is compared to the greatest of:
-                                    - Cluster's infrastructure ready condition timestamp (if and when available)
-                                    - Control Plane's initialized condition timestamp (if and when available)
-                                    - Machine's infrastructure ready condition timestamp (if and when available)
-                                    - Machine's metadata creation timestamp
-
-                                    Defaults to 10 minutes.
-                                    If you wish to disable this feature, set the value explicitly to 0.
-                                  type: string
-                                remediationTemplate:
-                                  description: |-
-                                    remediationTemplate is a reference to a remediation template
-                                    provided by an infrastructure provider.
-
-                                    This field is completely optional, when filled, the MachineHealthCheck controller
-                                    creates a new object from the template referenced and hands off remediation of the machine to
-                                    a controller that lives outside of Cluster API.
-                                  properties:
-                                    apiVersion:
-                                      description: API version of the referent.
-                                      type: string
-                                    fieldPath:
-                                      description: |-
-                                        If referring to a piece of an object instead of an entire object, this string
-                                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                        the event) or if no container name is specified "spec.containers[2]" (container with
-                                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                        referencing a part of an object.
-                                      type: string
-                                    kind:
-                                      description: |-
-                                        Kind of the referent.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                      type: string
-                                    name:
-                                      description: |-
-                                        Name of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    namespace:
-                                      description: |-
-                                        Namespace of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                      type: string
-                                    resourceVersion:
-                                      description: |-
-                                        Specific resourceVersion to which this reference is made, if any.
-                                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                      type: string
-                                    uid:
-                                      description: |-
-                                        UID of the referent.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                      type: string
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                unhealthyConditions:
-                                  description: |-
-                                    unhealthyConditions contains a list of the conditions that determine
-                                    whether a node is considered unhealthy. The conditions are combined in a
-                                    logical OR, i.e. if any of the conditions is met, the node is unhealthy.
-                                  items:
-                                    description: |-
-                                      UnhealthyCondition represents a Node condition type and value with a timeout
-                                      specified as a duration.  When the named condition has been in the given
-                                      status for at least the timeout value, a node is considered unhealthy.
-                                    properties:
-                                      status:
-                                        minLength: 1
-                                        type: string
-                                      timeout:
-                                        type: string
-                                      type:
-                                        minLength: 1
-                                        type: string
-                                    required:
-                                    - status
-                                    - timeout
-                                    - type
-                                    type: object
-                                  type: array
-                                unhealthyRange:
-                                  description: |-
-                                    Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
-                                    is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
-                                    Eg. "[3-5]" - This means that remediation will be allowed only when:
-                                    (a) there are at least 3 unhealthy machines (and)
-                                    (b) there are at most 5 unhealthy machines
-                                  pattern: ^\[[0-9]+-[0-9]+\]$
-                                  type: string
-                              type: object
-                            metadata:
-                              description: |-
-                                metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment.
-                                At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
-                              properties:
-                                annotations:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    annotations is an unstructured key value map stored with a resource that may be
-                                    set by external tools to store and retrieve arbitrary metadata. They are not
-                                    queryable and should be preserved when modifying objects.
-                                    More info: http://kubernetes.io/docs/user-guide/annotations
-                                  type: object
-                                labels:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    Map of string keys and values that can be used to organize and categorize
-                                    (scope and select) objects. May match selectors of replication controllers
-                                    and services.
-                                    More info: http://kubernetes.io/docs/user-guide/labels
-                                  type: object
-                              type: object
-                            minReadySeconds:
-                              description: |-
-                                Minimum number of seconds for which a newly created machine should
-                                be ready.
-                                Defaults to 0 (machine will be considered available as soon as it
-                                is ready)
-                              format: int32
-                              type: integer
-                            name:
-                              description: |-
-                                name is the unique identifier for this MachineDeploymentTopology.
-                                The value is used with other unique identifiers to create a MachineDeployment's Name
-                                (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length,
-                                the values are hashed together.
-                              type: string
-                            nodeDeletionTimeout:
-                              description: |-
-                                nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
-                                hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                                Defaults to 10 seconds.
-                              type: string
-                            nodeDrainTimeout:
-                              description: |-
-                                nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                                The default value is 0, meaning that the node can be drained without any time limitations.
-                                NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                              type: string
-                            nodeVolumeDetachTimeout:
-                              description: |-
-                                nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                                to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                              type: string
-                            replicas:
-                              description: |-
-                                replicas is the number of worker nodes belonging to this set.
-                                If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1)
-                                and it's assumed that an external entity (like cluster autoscaler) is responsible for the management
-                                of this value.
-                              format: int32
-                              type: integer
-                            strategy:
-                              description: |-
-                                The deployment strategy to use to replace existing machines with
-                                new ones.
-                              properties:
-                                remediation:
-                                  description: |-
-                                    remediation controls the strategy of remediating unhealthy machines
-                                    and how remediating operations should occur during the lifecycle of the dependant MachineSets.
-                                  properties:
-                                    maxInFlight:
-                                      anyOf:
-                                      - type: integer
-                                      - type: string
-                                      description: |-
-                                        maxInFlight determines how many in flight remediations should happen at the same time.
-
-                                        Remediation only happens on the MachineSet with the most current revision, while
-                                        older MachineSets (usually present during rollout operations) aren't allowed to remediate.
-
-                                        Note: In general (independent of remediations), unhealthy machines are always
-                                        prioritized during scale down operations over healthy ones.
-
-                                        MaxInFlight can be set to a fixed number or a percentage.
-                                        Example: when this is set to 20%, the MachineSet controller deletes at most 20% of
-                                        the desired replicas.
-
-                                        If not set, remediation is limited to all machines (bounded by replicas)
-                                        under the active MachineSet's management.
-                                      x-kubernetes-int-or-string: true
-                                  type: object
-                                rollingUpdate:
-                                  description: |-
-                                    Rolling update config params. Present only if
-                                    MachineDeploymentStrategyType = RollingUpdate.
-                                  properties:
-                                    deletePolicy:
-                                      description: |-
-                                        deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
-                                        Valid values are "Random, "Newest", "Oldest"
-                                        When no value is supplied, the default DeletePolicy of MachineSet is used
-                                      enum:
-                                      - Random
-                                      - Newest
-                                      - Oldest
-                                      type: string
-                                    maxSurge:
-                                      anyOf:
-                                      - type: integer
-                                      - type: string
-                                      description: |-
-                                        The maximum number of machines that can be scheduled above the
-                                        desired number of machines.
-                                        Value can be an absolute number (ex: 5) or a percentage of
-                                        desired machines (ex: 10%).
-                                        This can not be 0 if MaxUnavailable is 0.
-                                        Absolute number is calculated from percentage by rounding up.
-                                        Defaults to 1.
-                                        Example: when this is set to 30%, the new MachineSet can be scaled
-                                        up immediately when the rolling update starts, such that the total
-                                        number of old and new machines do not exceed 130% of desired
-                                        machines. Once old machines have been killed, new MachineSet can
-                                        be scaled up further, ensuring that total number of machines running
-                                        at any time during the update is at most 130% of desired machines.
-                                      x-kubernetes-int-or-string: true
-                                    maxUnavailable:
-                                      anyOf:
-                                      - type: integer
-                                      - type: string
-                                      description: |-
-                                        The maximum number of machines that can be unavailable during the update.
-                                        Value can be an absolute number (ex: 5) or a percentage of desired
-                                        machines (ex: 10%).
-                                        Absolute number is calculated from percentage by rounding down.
-                                        This can not be 0 if MaxSurge is 0.
-                                        Defaults to 0.
-                                        Example: when this is set to 30%, the old MachineSet can be scaled
-                                        down to 70% of desired machines immediately when the rolling update
-                                        starts. Once new machines are ready, old MachineSet can be scaled
-                                        down further, followed by scaling up the new MachineSet, ensuring
-                                        that the total number of machines available at all times
-                                        during the update is at least 70% of desired machines.
-                                      x-kubernetes-int-or-string: true
-                                  type: object
-                                type:
-                                  description: |-
-                                    type of deployment. Allowed values are RollingUpdate and OnDelete.
-                                    The default is RollingUpdate.
-                                  enum:
-                                  - RollingUpdate
-                                  - OnDelete
-                                  type: string
-                              type: object
-                            variables:
-                              description: variables can be used to customize the
-                                MachineDeployment through patches.
-                              properties:
-                                overrides:
-                                  description: overrides can be used to override Cluster
-                                    level variables.
-                                  items:
-                                    description: |-
-                                      ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
-                                      Variable definition in the ClusterClass `status` variables.
-                                    properties:
-                                      definitionFrom:
-                                        description: |-
-                                          definitionFrom specifies where the definition of this Variable is from.
-
-                                          Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
-                                        type: string
-                                      name:
-                                        description: name of the variable.
-                                        type: string
-                                      value:
-                                        description: |-
-                                          value of the variable.
-                                          Note: the value will be validated against the schema of the corresponding ClusterClassVariable
-                                          from the ClusterClass.
-                                          Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
-                                          hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
-                                          i.e. it is not possible to have no type field.
-                                          Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
-                                        x-kubernetes-preserve-unknown-fields: true
-                                    required:
-                                    - name
-                                    - value
-                                    type: object
-                                  type: array
-                                  x-kubernetes-list-map-keys:
-                                  - name
-                                  x-kubernetes-list-type: map
-                              type: object
-                          required:
-                          - class
-                          - name
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - name
-                        x-kubernetes-list-type: map
-                      machinePools:
-                        description: machinePools is a list of machine pools in the
-                          cluster.
-                        items:
-                          description: |-
-                            MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology.
-                            This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller.
-                          properties:
-                            class:
-                              description: |-
-                                class is the name of the MachinePoolClass used to create the pool of worker nodes.
-                                This should match one of the deployment classes defined in the ClusterClass object
-                                mentioned in the `Cluster.Spec.Class` field.
-                              type: string
-                            failureDomains:
-                              description: |-
-                                failureDomains is the list of failure domains the machine pool will be created in.
-                                Must match a key in the FailureDomains map stored on the cluster object.
-                              items:
-                                type: string
-                              type: array
-                            metadata:
-                              description: |-
-                                metadata is the metadata applied to the MachinePool.
-                                At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
-                              properties:
-                                annotations:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    annotations is an unstructured key value map stored with a resource that may be
-                                    set by external tools to store and retrieve arbitrary metadata. They are not
-                                    queryable and should be preserved when modifying objects.
-                                    More info: http://kubernetes.io/docs/user-guide/annotations
-                                  type: object
-                                labels:
-                                  additionalProperties:
-                                    type: string
-                                  description: |-
-                                    Map of string keys and values that can be used to organize and categorize
-                                    (scope and select) objects. May match selectors of replication controllers
-                                    and services.
-                                    More info: http://kubernetes.io/docs/user-guide/labels
-                                  type: object
-                              type: object
-                            minReadySeconds:
-                              description: |-
-                                Minimum number of seconds for which a newly created machine pool should
-                                be ready.
-                                Defaults to 0 (machine will be considered available as soon as it
-                                is ready)
-                              format: int32
-                              type: integer
-                            name:
-                              description: |-
-                                name is the unique identifier for this MachinePoolTopology.
-                                The value is used with other unique identifiers to create a MachinePool's Name
-                                (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length,
-                                the values are hashed together.
-                              type: string
-                            nodeDeletionTimeout:
-                              description: |-
-                                nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool
-                                hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                                Defaults to 10 seconds.
-                              type: string
-                            nodeDrainTimeout:
-                              description: |-
-                                nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                                The default value is 0, meaning that the node can be drained without any time limitations.
-                                NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                              type: string
-                            nodeVolumeDetachTimeout:
-                              description: |-
-                                nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                                to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                              type: string
-                            replicas:
-                              description: |-
-                                replicas is the number of nodes belonging to this pool.
-                                If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1)
-                                and it's assumed that an external entity (like cluster autoscaler) is responsible for the management
-                                of this value.
-                              format: int32
-                              type: integer
-                            variables:
-                              description: variables can be used to customize the
-                                MachinePool through patches.
-                              properties:
-                                overrides:
-                                  description: overrides can be used to override Cluster
-                                    level variables.
-                                  items:
-                                    description: |-
-                                      ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
-                                      Variable definition in the ClusterClass `status` variables.
-                                    properties:
-                                      definitionFrom:
-                                        description: |-
-                                          definitionFrom specifies where the definition of this Variable is from.
-
-                                          Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
-                                        type: string
-                                      name:
-                                        description: name of the variable.
-                                        type: string
-                                      value:
-                                        description: |-
-                                          value of the variable.
-                                          Note: the value will be validated against the schema of the corresponding ClusterClassVariable
-                                          from the ClusterClass.
-                                          Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
-                                          hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
-                                          i.e. it is not possible to have no type field.
-                                          Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
-                                        x-kubernetes-preserve-unknown-fields: true
-                                    required:
-                                    - name
-                                    - value
-                                    type: object
-                                  type: array
-                                  x-kubernetes-list-map-keys:
-                                  - name
-                                  x-kubernetes-list-type: map
-                              type: object
-                          required:
-                          - class
-                          - name
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - name
-                        x-kubernetes-list-type: map
-                    type: object
-                required:
-                - class
-                - version
-                type: object
-            type: object
-          status:
-            description: ClusterStatus defines the observed state of Cluster.
-            properties:
-              conditions:
-                description: conditions defines current service state of the cluster.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              controlPlaneReady:
-                description: |-
-                  controlPlaneReady denotes if the control plane became ready during initial provisioning
-                  to receive requests.
-                  NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
-                  The value of this field is never updated after provisioning is completed. Please use conditions
-                  to check the operational state of the control plane.
-                type: boolean
-              failureDomains:
-                additionalProperties:
-                  description: |-
-                    FailureDomainSpec is the Schema for Cluster API failure domains.
-                    It allows controllers to understand how many failure domains a cluster can optionally span across.
-                  properties:
-                    attributes:
-                      additionalProperties:
-                        type: string
-                      description: attributes is a free form map of attributes an
-                        infrastructure provider might use or require.
-                      type: object
-                    controlPlane:
-                      description: controlPlane determines if this failure domain
-                        is suitable for use by control plane machines.
-                      type: boolean
-                  type: object
-                description: failureDomains is a slice of failure domain objects synced
-                  from the infrastructure provider.
-                type: object
-              failureMessage:
-                description: |-
-                  failureMessage indicates that there is a fatal problem reconciling the
-                  state, and will be set to a descriptive error message.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason indicates that there is a fatal problem reconciling the
-                  state, and will be set to a token value suitable for
-                  programmatic interpretation.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              infrastructureReady:
-                description: infrastructureReady is the state of the infrastructure
-                  provider.
-                type: boolean
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              phase:
-                description: |-
-                  phase represents the current phase of cluster actuation.
-                  E.g. Pending, Running, Terminating, Failed etc.
-                type: string
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in Cluster's status with the V1Beta2 version.
-                properties:
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a Cluster's current state.
-                      Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady
-                      MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused.
-                      Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                  controlPlane:
-                    description: controlPlane groups all the observations about Cluster's
-                      ControlPlane current state.
-                    properties:
-                      availableReplicas:
-                        description: availableReplicas is the total number of available
-                          control plane machines in this cluster. A machine is considered
-                          available when Machine's Available condition is true.
-                        format: int32
-                        type: integer
-                      desiredReplicas:
-                        description: desiredReplicas is the total number of desired
-                          control plane machines in this cluster.
-                        format: int32
-                        type: integer
-                      readyReplicas:
-                        description: readyReplicas is the total number of ready control
-                          plane machines in this cluster. A machine is considered
-                          ready when Machine's Ready condition is true.
-                        format: int32
-                        type: integer
-                      replicas:
-                        description: |-
-                          replicas is the total number of control plane machines in this cluster.
-                          NOTE: replicas also includes machines still being provisioned or being deleted.
-                        format: int32
-                        type: integer
-                      upToDateReplicas:
-                        description: upToDateReplicas is the number of up-to-date
-                          control plane machines in this cluster. A machine is considered
-                          up-to-date when Machine's UpToDate condition is true.
-                        format: int32
-                        type: integer
-                    type: object
-                  workers:
-                    description: workers groups all the observations about Cluster's
-                      Workers current state.
-                    properties:
-                      availableReplicas:
-                        description: availableReplicas is the total number of available
-                          worker machines in this cluster. A machine is considered
-                          available when Machine's Available condition is true.
-                        format: int32
-                        type: integer
-                      desiredReplicas:
-                        description: desiredReplicas is the total number of desired
-                          worker machines in this cluster.
-                        format: int32
-                        type: integer
-                      readyReplicas:
-                        description: readyReplicas is the total number of ready worker
-                          machines in this cluster. A machine is considered ready
-                          when Machine's Ready condition is true.
-                        format: int32
-                        type: integer
-                      replicas:
-                        description: |-
-                          replicas is the total number of worker machines in this cluster.
-                          NOTE: replicas also includes machines still being provisioned or being deleted.
-                        format: int32
-                        type: integer
-                      upToDateReplicas:
-                        description: upToDateReplicas is the number of up-to-date
-                          worker machines in this cluster. A machine is considered
-                          up-to-date when Machine's UpToDate condition is true.
-                        format: int32
-                        type: integer
-                    type: object
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: extensionconfigs.runtime.cluster.x-k8s.io
-spec:
-  group: runtime.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: ExtensionConfig
-    listKind: ExtensionConfigList
-    plural: extensionconfigs
-    shortNames:
-    - ext
-    singular: extensionconfig
-  scope: Cluster
-  versions:
-  - additionalPrinterColumns:
-    - description: Time duration since creation of ExtensionConfig
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: ExtensionConfig is the Schema for the ExtensionConfig API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ExtensionConfigSpec is the desired state of the ExtensionConfig
-            properties:
-              clientConfig:
-                description: clientConfig defines how to communicate with the Extension
-                  server.
-                properties:
-                  caBundle:
-                    description: caBundle is a PEM encoded CA bundle which will be
-                      used to validate the Extension server's server certificate.
-                    format: byte
-                    type: string
-                  service:
-                    description: |-
-                      service is a reference to the Kubernetes service for the Extension server.
-                      Note: Exactly one of `url` or `service` must be specified.
-
-                      If the Extension server is running within a cluster, then you should use `service`.
-                    properties:
-                      name:
-                        description: name is the name of the service.
-                        type: string
-                      namespace:
-                        description: namespace is the namespace of the service.
-                        type: string
-                      path:
-                        description: |-
-                          path is an optional URL path and if present may be any string permissible in
-                          a URL. If a path is set it will be used as prefix to the hook-specific path.
-                        type: string
-                      port:
-                        description: |-
-                          port is the port on the service that's hosting the Extension server.
-                          Defaults to 443.
-                          Port should be a valid port number (1-65535, inclusive).
-                        format: int32
-                        type: integer
-                    required:
-                    - name
-                    - namespace
-                    type: object
-                  url:
-                    description: |-
-                      url gives the location of the Extension server, in standard URL form
-                      (`scheme://host:port/path`).
-                      Note: Exactly one of `url` or `service` must be specified.
-
-                      The scheme must be "https".
-
-                      The `host` should not refer to a service running in the cluster; use
-                      the `service` field instead.
-
-                      A path is optional, and if present may be any string permissible in
-                      a URL. If a path is set it will be used as prefix to the hook-specific path.
-
-                      Attempting to use a user or basic auth e.g. "user:password@" is not
-                      allowed. Fragments ("#...") and query parameters ("?...") are not
-                      allowed either.
-                    type: string
-                type: object
-              namespaceSelector:
-                description: |-
-                  namespaceSelector decides whether to call the hook for an object based
-                  on whether the namespace for that object matches the selector.
-                  Defaults to the empty LabelSelector, which matches all objects.
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              settings:
-                additionalProperties:
-                  type: string
-                description: |-
-                  settings defines key value pairs to be passed to all calls
-                  to all supported RuntimeExtensions.
-                  Note: Settings can be overridden on the ClusterClass.
-                type: object
-            required:
-            - clientConfig
-            type: object
-          status:
-            description: ExtensionConfigStatus is the current state of the ExtensionConfig
-            properties:
-              conditions:
-                description: conditions define the current service state of the ExtensionConfig.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              handlers:
-                description: handlers defines the current ExtensionHandlers supported
-                  by an Extension.
-                items:
-                  description: ExtensionHandler specifies the details of a handler
-                    for a particular runtime hook registered by an Extension server.
-                  properties:
-                    failurePolicy:
-                      description: |-
-                        failurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client.
-                        Defaults to Fail if not set.
-                      type: string
-                    name:
-                      description: name is the unique name of the ExtensionHandler.
-                      type: string
-                    requestHook:
-                      description: requestHook defines the versioned runtime hook
-                        which this ExtensionHandler serves.
-                      properties:
-                        apiVersion:
-                          description: apiVersion is the group and version of the
-                            Hook.
-                          type: string
-                        hook:
-                          description: hook is the name of the hook.
-                          type: string
-                      required:
-                      - apiVersion
-                      - hook
-                      type: object
-                    timeoutSeconds:
-                      description: |-
-                        timeoutSeconds defines the timeout duration for client calls to the ExtensionHandler.
-                        Defaults to 10 is not set.
-                      format: int32
-                      type: integer
-                  required:
-                  - name
-                  - requestHook
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - name
-                x-kubernetes-list-type: map
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: ipaddressclaims.ipam.cluster.x-k8s.io
-spec:
-  group: ipam.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: IPAddressClaim
-    listKind: IPAddressClaimList
-    plural: ipaddressclaims
-    singular: ipaddressclaim
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Name of the pool to allocate an address from
-      jsonPath: .spec.poolRef.name
-      name: Pool Name
-      type: string
-    - description: Kind of the pool to allocate an address from
-      jsonPath: .spec.poolRef.kind
-      name: Pool Kind
-      type: string
-    - description: Time duration since creation of IPAdressClaim
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: IPAddressClaim is the Schema for the ipaddressclaim API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: IPAddressClaimSpec is the desired state of an IPAddressClaim.
-            properties:
-              poolRef:
-                description: poolRef is a reference to the pool from which an IP address
-                  should be created.
-                properties:
-                  apiGroup:
-                    description: |-
-                      APIGroup is the group for the resource being referenced.
-                      If APIGroup is not specified, the specified Kind must be in the core API group.
-                      For any other third-party types, APIGroup is required.
-                    type: string
-                  kind:
-                    description: Kind is the type of resource being referenced
-                    type: string
-                  name:
-                    description: Name is the name of resource being referenced
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-                x-kubernetes-map-type: atomic
-            required:
-            - poolRef
-            type: object
-          status:
-            description: IPAddressClaimStatus is the observed status of a IPAddressClaim.
-            properties:
-              addressRef:
-                description: addressRef is a reference to the address that was created
-                  for this claim.
-                properties:
-                  name:
-                    default: ""
-                    description: |-
-                      Name of the referent.
-                      This field is effectively required, but due to backwards compatibility is
-                      allowed to be empty. Instances of this type with an empty value here are
-                      almost certainly wrong.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              conditions:
-                description: conditions summarises the current state of the IPAddressClaim
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Name of the pool to allocate an address from
-      jsonPath: .spec.poolRef.name
-      name: Pool Name
-      type: string
-    - description: Kind of the pool to allocate an address from
-      jsonPath: .spec.poolRef.kind
-      name: Pool Kind
-      type: string
-    - description: Time duration since creation of IPAdressClaim
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: IPAddressClaim is the Schema for the ipaddressclaim API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: IPAddressClaimSpec is the desired state of an IPAddressClaim.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                type: string
-              poolRef:
-                description: poolRef is a reference to the pool from which an IP address
-                  should be created.
-                properties:
-                  apiGroup:
-                    description: |-
-                      APIGroup is the group for the resource being referenced.
-                      If APIGroup is not specified, the specified Kind must be in the core API group.
-                      For any other third-party types, APIGroup is required.
-                    type: string
-                  kind:
-                    description: Kind is the type of resource being referenced
-                    type: string
-                  name:
-                    description: Name is the name of resource being referenced
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-                x-kubernetes-map-type: atomic
-            required:
-            - poolRef
-            type: object
-          status:
-            description: IPAddressClaimStatus is the observed status of a IPAddressClaim.
-            properties:
-              addressRef:
-                description: addressRef is a reference to the address that was created
-                  for this claim.
-                properties:
-                  name:
-                    default: ""
-                    description: |-
-                      Name of the referent.
-                      This field is effectively required, but due to backwards compatibility is
-                      allowed to be empty. Instances of this type with an empty value here are
-                      almost certainly wrong.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              conditions:
-                description: conditions summarises the current state of the IPAddressClaim
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: ipaddresses.ipam.cluster.x-k8s.io
-spec:
-  group: ipam.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: IPAddress
-    listKind: IPAddressList
-    plural: ipaddresses
-    singular: ipaddress
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Address
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    - description: Name of the pool the address is from
-      jsonPath: .spec.poolRef.name
-      name: Pool Name
-      type: string
-    - description: Kind of the pool the address is from
-      jsonPath: .spec.poolRef.kind
-      name: Pool Kind
-      type: string
-    - description: Time duration since creation of IPAdress
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: IPAddress is the Schema for the ipaddress API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: IPAddressSpec is the desired state of an IPAddress.
-            properties:
-              address:
-                description: address is the IP address.
-                type: string
-              claimRef:
-                description: claimRef is a reference to the claim this IPAddress was
-                  created for.
-                properties:
-                  name:
-                    default: ""
-                    description: |-
-                      Name of the referent.
-                      This field is effectively required, but due to backwards compatibility is
-                      allowed to be empty. Instances of this type with an empty value here are
-                      almost certainly wrong.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              gateway:
-                description: gateway is the network gateway of the network the address
-                  is from.
-                type: string
-              poolRef:
-                description: poolRef is a reference to the pool that this IPAddress
-                  was created from.
-                properties:
-                  apiGroup:
-                    description: |-
-                      APIGroup is the group for the resource being referenced.
-                      If APIGroup is not specified, the specified Kind must be in the core API group.
-                      For any other third-party types, APIGroup is required.
-                    type: string
-                  kind:
-                    description: Kind is the type of resource being referenced
-                    type: string
-                  name:
-                    description: Name is the name of resource being referenced
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-                x-kubernetes-map-type: atomic
-              prefix:
-                description: prefix is the prefix of the address.
-                type: integer
-            required:
-            - address
-            - claimRef
-            - poolRef
-            - prefix
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources: {}
-  - additionalPrinterColumns:
-    - description: Address
-      jsonPath: .spec.address
-      name: Address
-      type: string
-    - description: Name of the pool the address is from
-      jsonPath: .spec.poolRef.name
-      name: Pool Name
-      type: string
-    - description: Kind of the pool the address is from
-      jsonPath: .spec.poolRef.kind
-      name: Pool Kind
-      type: string
-    - description: Time duration since creation of IPAdress
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: IPAddress is the Schema for the ipaddress API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: IPAddressSpec is the desired state of an IPAddress.
-            properties:
-              address:
-                description: address is the IP address.
-                type: string
-              claimRef:
-                description: claimRef is a reference to the claim this IPAddress was
-                  created for.
-                properties:
-                  name:
-                    default: ""
-                    description: |-
-                      Name of the referent.
-                      This field is effectively required, but due to backwards compatibility is
-                      allowed to be empty. Instances of this type with an empty value here are
-                      almost certainly wrong.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              gateway:
-                description: gateway is the network gateway of the network the address
-                  is from.
-                type: string
-              poolRef:
-                description: poolRef is a reference to the pool that this IPAddress
-                  was created from.
-                properties:
-                  apiGroup:
-                    description: |-
-                      APIGroup is the group for the resource being referenced.
-                      If APIGroup is not specified, the specified Kind must be in the core API group.
-                      For any other third-party types, APIGroup is required.
-                    type: string
-                  kind:
-                    description: Kind is the type of resource being referenced
-                    type: string
-                  name:
-                    description: Name is the name of resource being referenced
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-                x-kubernetes-map-type: atomic
-              prefix:
-                description: prefix is the prefix of the address.
-                type: integer
-            required:
-            - address
-            - claimRef
-            - poolRef
-            - prefix
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: machinedeployments.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: MachineDeployment
-    listKind: MachineDeploymentList
-    plural: machinedeployments
-    shortNames:
-    - md
-    singular: machinedeployment
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Total number of non-terminated machines targeted by this MachineDeployment
-      jsonPath: .status.replicas
-      name: Replicas
-      type: integer
-    - description: Total number of ready machines targeted by this MachineDeployment
-      jsonPath: .status.readyReplicas
-      name: Ready
-      type: integer
-    - description: Total number of non-terminated machines targeted by this deployment
-        that have the desired template spec
-      jsonPath: .status.updatedReplicas
-      name: Updated
-      type: integer
-    - description: Total number of unavailable machines targeted by this MachineDeployment
-      jsonPath: .status.unavailableReplicas
-      name: Unavailable
-      type: integer
-    deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          MachineDeployment is the Schema for the machinedeployments API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachineDeploymentSpec defines the desired state of MachineDeployment.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              minReadySeconds:
-                description: |-
-                  Minimum number of seconds for which a newly created machine should
-                  be ready.
-                  Defaults to 0 (machine will be considered available as soon as it
-                  is ready)
-                format: int32
-                type: integer
-              paused:
-                description: Indicates that the deployment is paused.
-                type: boolean
-              progressDeadlineSeconds:
-                description: |-
-                  The maximum time in seconds for a deployment to make progress before it
-                  is considered to be failed. The deployment controller will continue to
-                  process failed deployments and a condition with a ProgressDeadlineExceeded
-                  reason will be surfaced in the deployment status. Note that progress will
-                  not be estimated during the time a deployment is paused. Defaults to 600s.
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  Number of desired machines. Defaults to 1.
-                  This is a pointer to distinguish between explicit zero and not specified.
-                format: int32
-                type: integer
-              revisionHistoryLimit:
-                description: |-
-                  The number of old MachineSets to retain to allow rollback.
-                  This is a pointer to distinguish between explicit zero and not specified.
-                  Defaults to 1.
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  Label selector for machines. Existing MachineSets whose machines are
-                  selected by this will be the ones affected by this deployment.
-                  It must match the machine template's labels.
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              strategy:
-                description: |-
-                  The deployment strategy to use to replace existing machines with
-                  new ones.
-                properties:
-                  rollingUpdate:
-                    description: |-
-                      Rolling update config params. Present only if
-                      MachineDeploymentStrategyType = RollingUpdate.
-                    properties:
-                      maxSurge:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of machines that can be scheduled above the
-                          desired number of machines.
-                          Value can be an absolute number (ex: 5) or a percentage of
-                          desired machines (ex: 10%).
-                          This can not be 0 if MaxUnavailable is 0.
-                          Absolute number is calculated from percentage by rounding up.
-                          Defaults to 1.
-                          Example: when this is set to 30%, the new MachineSet can be scaled
-                          up immediately when the rolling update starts, such that the total
-                          number of old and new machines do not exceed 130% of desired
-                          machines. Once old machines have been killed, new MachineSet can
-                          be scaled up further, ensuring that total number of machines running
-                          at any time during the update is at most 130% of desired machines.
-                        x-kubernetes-int-or-string: true
-                      maxUnavailable:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of machines that can be unavailable during the update.
-                          Value can be an absolute number (ex: 5) or a percentage of desired
-                          machines (ex: 10%).
-                          Absolute number is calculated from percentage by rounding down.
-                          This can not be 0 if MaxSurge is 0.
-                          Defaults to 0.
-                          Example: when this is set to 30%, the old MachineSet can be scaled
-                          down to 70% of desired machines immediately when the rolling update
-                          starts. Once new machines are ready, old MachineSet can be scaled
-                          down further, followed by scaling up the new MachineSet, ensuring
-                          that the total number of machines available at all times
-                          during the update is at least 70% of desired machines.
-                        x-kubernetes-int-or-string: true
-                    type: object
-                  type:
-                    description: |-
-                      type of deployment. Currently the only supported strategy is
-                      "RollingUpdate".
-                      Default is RollingUpdate.
-                    type: string
-                type: object
-              template:
-                description: template describes the machines that will be created.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      generateName:
-                        description: |-
-                          generateName is an optional prefix, used by the server, to generate a unique
-                          name ONLY IF the Name field has not been provided.
-                          If this field is used, the name returned to the client will be different
-                          than the name passed. This value will also be combined with a unique suffix.
-                          The provided value has the same validation rules as the Name field,
-                          and may be truncated by the length of the suffix required to make the value
-                          unique on the server.
-
-                          If this field is specified and the generated name exists, the server will
-                          NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
-                          ServerTimeout indicating a unique name could not be found in the time allotted, and the client
-                          should retry (optionally after the time indicated in the Retry-After header).
-
-                          Applied only if Name is not specified.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        type: string
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                      name:
-                        description: |-
-                          name must be unique within a namespace. Is required when creating resources, although
-                          some resources may allow a client to request the generation of an appropriate name
-                          automatically. Name is primarily intended for creation idempotence and configuration
-                          definition.
-                          Cannot be updated.
-                          More info: http://kubernetes.io/docs/user-guide/identifiers#names
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        type: string
-                      namespace:
-                        description: |-
-                          namespace defines the space within each name must be unique. An empty namespace is
-                          equivalent to the "default" namespace, but "default" is the canonical representation.
-                          Not all objects are required to be scoped to a namespace - the value of this field for
-                          those objects will be empty.
-
-                          Must be a DNS_LABEL.
-                          Cannot be updated.
-                          More info: http://kubernetes.io/docs/user-guide/namespaces
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        type: string
-                      ownerReferences:
-                        description: |-
-                          List of objects depended by this object. If ALL objects in the list have
-                          been deleted, this object will be garbage collected. If this object is managed by a controller,
-                          then an entry in this list will point to this controller, with the controller field set to true.
-                          There cannot be more than one managing controller.
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        items:
-                          description: |-
-                            OwnerReference contains enough information to let you identify an owning
-                            object. An owning object must be in the same namespace as the dependent, or
-                            be cluster-scoped, so there is no namespace field.
-                          properties:
-                            apiVersion:
-                              description: API version of the referent.
-                              type: string
-                            blockOwnerDeletion:
-                              description: |-
-                                If true, AND if the owner has the "foregroundDeletion" finalizer, then
-                                the owner cannot be deleted from the key-value store until this
-                                reference is removed.
-                                See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
-                                for how the garbage collector interacts with this field and enforces the foreground deletion.
-                                Defaults to false.
-                                To set this field, a user needs "delete" permission of the owner,
-                                otherwise 422 (Unprocessable Entity) will be returned.
-                              type: boolean
-                            controller:
-                              description: If true, this reference points to the managing
-                                controller.
-                              type: boolean
-                            kind:
-                              description: |-
-                                Kind of the referent.
-                                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                              type: string
-                            name:
-                              description: |-
-                                Name of the referent.
-                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
-                              type: string
-                            uid:
-                              description: |-
-                                UID of the referent.
-                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
-                              type: string
-                          required:
-                          - apiVersion
-                          - kind
-                          - name
-                          - uid
-                          type: object
-                          x-kubernetes-map-type: atomic
-                        type: array
-                    type: object
-                  spec:
-                    description: |-
-                      Specification of the desired behavior of the machine.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-                    properties:
-                      bootstrap:
-                        description: |-
-                          bootstrap is a reference to a local struct which encapsulates
-                          fields to configure the Machine’s bootstrapping mechanism.
-                        properties:
-                          configRef:
-                            description: |-
-                              configRef is a reference to a bootstrap provider-specific resource
-                              that holds configuration details. The reference is optional to
-                              allow users/operators to specify Bootstrap.Data without
-                              the need of a controller.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          data:
-                            description: |-
-                              data contains the bootstrap data, such as cloud-init details scripts.
-                              If nil, the Machine should remain in the Pending state.
-
-                              Deprecated: Switch to DataSecretName.
-                            type: string
-                          dataSecretName:
-                            description: |-
-                              dataSecretName is the name of the secret that stores the bootstrap data script.
-                              If nil, the Machine should remain in the Pending state.
-                            type: string
-                        type: object
-                      clusterName:
-                        description: clusterName is the name of the Cluster this object
-                          belongs to.
-                        minLength: 1
-                        type: string
-                      failureDomain:
-                        description: |-
-                          failureDomain is the failure domain the machine will be created in.
-                          Must match a key in the FailureDomains map stored on the cluster object.
-                        type: string
-                      infrastructureRef:
-                        description: |-
-                          infrastructureRef is a required reference to a custom resource
-                          offered by an infrastructure provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      providerID:
-                        description: |-
-                          providerID is the identification ID of the machine provided by the provider.
-                          This field must match the provider ID as seen on the node object corresponding to this machine.
-                          This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                          with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                          machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                          generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                          able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                          and then a comparison is done to find out unregistered machines and are marked for delete.
-                          This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                          be interfacing with cluster-api as generic provider.
-                        type: string
-                      version:
-                        description: |-
-                          version defines the desired Kubernetes version.
-                          This field is meant to be optionally used by bootstrap providers.
-                        type: string
-                    required:
-                    - bootstrap
-                    - clusterName
-                    - infrastructureRef
-                    type: object
-                type: object
-            required:
-            - clusterName
-            - selector
-            - template
-            type: object
-          status:
-            description: MachineDeploymentStatus defines the observed state of MachineDeployment.
-            properties:
-              availableReplicas:
-                description: |-
-                  Total number of available machines (ready for at least minReadySeconds)
-                  targeted by this deployment.
-                format: int32
-                type: integer
-              observedGeneration:
-                description: The generation observed by the deployment controller.
-                format: int64
-                type: integer
-              phase:
-                description: phase represents the current phase of a MachineDeployment
-                  (ScalingUp, ScalingDown, Running, Failed, or Unknown).
-                type: string
-              readyReplicas:
-                description: Total number of ready machines targeted by this deployment.
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this deployment
-                  (their labels match the selector).
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is the same as the label selector but in the string format to avoid introspection
-                  by clients. The string will be in the same format as the query-param syntax.
-                  More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
-                type: string
-              unavailableReplicas:
-                description: |-
-                  Total number of unavailable machines targeted by this deployment.
-                  This is the total number of machines that are still required for
-                  the deployment to have 100% available capacity. They may either
-                  be machines that are running but not yet available or machines
-                  that still have not been created.
-                format: int32
-                type: integer
-              updatedReplicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this deployment
-                  that have the desired template spec.
-                format: int32
-                type: integer
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      scale:
-        labelSelectorPath: .status.selector
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .spec.clusterName
-      name: Cluster
-      type: string
-    - description: Time duration since creation of MachineDeployment
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Total number of non-terminated machines targeted by this MachineDeployment
-      jsonPath: .status.replicas
-      name: Replicas
-      type: integer
-    - description: Total number of ready machines targeted by this MachineDeployment
-      jsonPath: .status.readyReplicas
-      name: Ready
-      type: integer
-    - description: Total number of non-terminated machines targeted by this deployment
-        that have the desired template spec
-      jsonPath: .status.updatedReplicas
-      name: Updated
-      type: integer
-    - description: Total number of unavailable machines targeted by this MachineDeployment
-      jsonPath: .status.unavailableReplicas
-      name: Unavailable
-      type: integer
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          MachineDeployment is the Schema for the machinedeployments API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachineDeploymentSpec defines the desired state of MachineDeployment.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              minReadySeconds:
-                description: |-
-                  Minimum number of seconds for which a newly created machine should
-                  be ready.
-                  Defaults to 0 (machine will be considered available as soon as it
-                  is ready)
-                format: int32
-                type: integer
-              paused:
-                description: Indicates that the deployment is paused.
-                type: boolean
-              progressDeadlineSeconds:
-                description: |-
-                  The maximum time in seconds for a deployment to make progress before it
-                  is considered to be failed. The deployment controller will continue to
-                  process failed deployments and a condition with a ProgressDeadlineExceeded
-                  reason will be surfaced in the deployment status. Note that progress will
-                  not be estimated during the time a deployment is paused. Defaults to 600s.
-                format: int32
-                type: integer
-              replicas:
-                default: 1
-                description: |-
-                  Number of desired machines. Defaults to 1.
-                  This is a pointer to distinguish between explicit zero and not specified.
-                format: int32
-                type: integer
-              revisionHistoryLimit:
-                description: |-
-                  The number of old MachineSets to retain to allow rollback.
-                  This is a pointer to distinguish between explicit zero and not specified.
-                  Defaults to 1.
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  Label selector for machines. Existing MachineSets whose machines are
-                  selected by this will be the ones affected by this deployment.
-                  It must match the machine template's labels.
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              strategy:
-                description: |-
-                  The deployment strategy to use to replace existing machines with
-                  new ones.
-                properties:
-                  rollingUpdate:
-                    description: |-
-                      Rolling update config params. Present only if
-                      MachineDeploymentStrategyType = RollingUpdate.
-                    properties:
-                      deletePolicy:
-                        description: |-
-                          deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
-                          Valid values are "Random, "Newest", "Oldest"
-                          When no value is supplied, the default DeletePolicy of MachineSet is used
-                        enum:
-                        - Random
-                        - Newest
-                        - Oldest
-                        type: string
-                      maxSurge:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of machines that can be scheduled above the
-                          desired number of machines.
-                          Value can be an absolute number (ex: 5) or a percentage of
-                          desired machines (ex: 10%).
-                          This can not be 0 if MaxUnavailable is 0.
-                          Absolute number is calculated from percentage by rounding up.
-                          Defaults to 1.
-                          Example: when this is set to 30%, the new MachineSet can be scaled
-                          up immediately when the rolling update starts, such that the total
-                          number of old and new machines do not exceed 130% of desired
-                          machines. Once old machines have been killed, new MachineSet can
-                          be scaled up further, ensuring that total number of machines running
-                          at any time during the update is at most 130% of desired machines.
-                        x-kubernetes-int-or-string: true
-                      maxUnavailable:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of machines that can be unavailable during the update.
-                          Value can be an absolute number (ex: 5) or a percentage of desired
-                          machines (ex: 10%).
-                          Absolute number is calculated from percentage by rounding down.
-                          This can not be 0 if MaxSurge is 0.
-                          Defaults to 0.
-                          Example: when this is set to 30%, the old MachineSet can be scaled
-                          down to 70% of desired machines immediately when the rolling update
-                          starts. Once new machines are ready, old MachineSet can be scaled
-                          down further, followed by scaling up the new MachineSet, ensuring
-                          that the total number of machines available at all times
-                          during the update is at least 70% of desired machines.
-                        x-kubernetes-int-or-string: true
-                    type: object
-                  type:
-                    description: |-
-                      type of deployment.
-                      Default is RollingUpdate.
-                    enum:
-                    - RollingUpdate
-                    - OnDelete
-                    type: string
-                type: object
-              template:
-                description: template describes the machines that will be created.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  spec:
-                    description: |-
-                      Specification of the desired behavior of the machine.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-                    properties:
-                      bootstrap:
-                        description: |-
-                          bootstrap is a reference to a local struct which encapsulates
-                          fields to configure the Machine’s bootstrapping mechanism.
-                        properties:
-                          configRef:
-                            description: |-
-                              configRef is a reference to a bootstrap provider-specific resource
-                              that holds configuration details. The reference is optional to
-                              allow users/operators to specify Bootstrap.DataSecretName without
-                              the need of a controller.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          dataSecretName:
-                            description: |-
-                              dataSecretName is the name of the secret that stores the bootstrap data script.
-                              If nil, the Machine should remain in the Pending state.
-                            type: string
-                        type: object
-                      clusterName:
-                        description: clusterName is the name of the Cluster this object
-                          belongs to.
-                        minLength: 1
-                        type: string
-                      failureDomain:
-                        description: |-
-                          failureDomain is the failure domain the machine will be created in.
-                          Must match a key in the FailureDomains map stored on the cluster object.
-                        type: string
-                      infrastructureRef:
-                        description: |-
-                          infrastructureRef is a required reference to a custom resource
-                          offered by an infrastructure provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      providerID:
-                        description: |-
-                          providerID is the identification ID of the machine provided by the provider.
-                          This field must match the provider ID as seen on the node object corresponding to this machine.
-                          This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                          with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                          machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                          generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                          able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                          and then a comparison is done to find out unregistered machines and are marked for delete.
-                          This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                          be interfacing with cluster-api as generic provider.
-                        type: string
-                      version:
-                        description: |-
-                          version defines the desired Kubernetes version.
-                          This field is meant to be optionally used by bootstrap providers.
-                        type: string
-                    required:
-                    - bootstrap
-                    - clusterName
-                    - infrastructureRef
-                    type: object
-                type: object
-            required:
-            - clusterName
-            - selector
-            - template
-            type: object
-          status:
-            description: MachineDeploymentStatus defines the observed state of MachineDeployment.
-            properties:
-              availableReplicas:
-                description: |-
-                  Total number of available machines (ready for at least minReadySeconds)
-                  targeted by this deployment.
-                format: int32
-                type: integer
-              conditions:
-                description: conditions defines current service state of the MachineDeployment.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              observedGeneration:
-                description: The generation observed by the deployment controller.
-                format: int64
-                type: integer
-              phase:
-                description: phase represents the current phase of a MachineDeployment
-                  (ScalingUp, ScalingDown, Running, Failed, or Unknown).
-                type: string
-              readyReplicas:
-                description: Total number of ready machines targeted by this deployment.
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this deployment
-                  (their labels match the selector).
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is the same as the label selector but in the string format to avoid introspection
-                  by clients. The string will be in the same format as the query-param syntax.
-                  More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
-                type: string
-              unavailableReplicas:
-                description: |-
-                  Total number of unavailable machines targeted by this deployment.
-                  This is the total number of machines that are still required for
-                  the deployment to have 100% available capacity. They may either
-                  be machines that are running but not yet available or machines
-                  that still have not been created.
-                format: int32
-                type: integer
-              updatedReplicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this deployment
-                  that have the desired template spec.
-                format: int32
-                type: integer
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      scale:
-        labelSelectorPath: .status.selector
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .spec.clusterName
-      name: Cluster
-      type: string
-    - description: Total number of machines desired by this MachineDeployment
-      jsonPath: .spec.replicas
-      name: Desired
-      priority: 10
-      type: integer
-    - description: Total number of non-terminated machines targeted by this MachineDeployment
-      jsonPath: .status.replicas
-      name: Replicas
-      type: integer
-    - description: Total number of ready machines targeted by this MachineDeployment
-      jsonPath: .status.readyReplicas
-      name: Ready
-      type: integer
-    - description: Total number of non-terminated machines targeted by this deployment
-        that have the desired template spec
-      jsonPath: .status.updatedReplicas
-      name: Updated
-      type: integer
-    - description: Total number of unavailable machines targeted by this MachineDeployment
-      jsonPath: .status.unavailableReplicas
-      name: Unavailable
-      type: integer
-    - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Time duration since creation of MachineDeployment
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Kubernetes version associated with this MachineDeployment
-      jsonPath: .spec.template.spec.version
-      name: Version
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: MachineDeployment is the Schema for the machinedeployments API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachineDeploymentSpec defines the desired state of MachineDeployment.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              minReadySeconds:
-                description: |-
-                  minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available.
-                  Defaults to 0 (machine will be considered available as soon as the Node is ready)
-                format: int32
-                type: integer
-              paused:
-                description: Indicates that the deployment is paused.
-                type: boolean
-              progressDeadlineSeconds:
-                description: |-
-                  The maximum time in seconds for a deployment to make progress before it
-                  is considered to be failed. The deployment controller will continue to
-                  process failed deployments and a condition with a ProgressDeadlineExceeded
-                  reason will be surfaced in the deployment status. Note that progress will
-                  not be estimated during the time a deployment is paused. Defaults to 600s.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details.
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  Number of desired machines.
-                  This is a pointer to distinguish between explicit zero and not specified.
-
-                  Defaults to:
-                  * if the Kubernetes autoscaler min size and max size annotations are set:
-                    - if it's a new MachineDeployment, use min size
-                    - if the replicas field of the old MachineDeployment is < min size, use min size
-                    - if the replicas field of the old MachineDeployment is > max size, use max size
-                    - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD
-                  * otherwise use 1
-                  Note: Defaulting will be run whenever the replicas field is not set:
-                  * A new MachineDeployment is created with replicas not set.
-                  * On an existing MachineDeployment the replicas field was first set and is now unset.
-                  Those cases are especially relevant for the following Kubernetes autoscaler use cases:
-                  * A new MachineDeployment is created and replicas should be managed by the autoscaler
-                  * An existing MachineDeployment which initially wasn't controlled by the autoscaler
-                    should be later controlled by the autoscaler
-                format: int32
-                type: integer
-              revisionHistoryLimit:
-                description: |-
-                  The number of old MachineSets to retain to allow rollback.
-                  This is a pointer to distinguish between explicit zero and not specified.
-                  Defaults to 1.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10479 for more details.
-                format: int32
-                type: integer
-              rolloutAfter:
-                description: |-
-                  rolloutAfter is a field to indicate a rollout should be performed
-                  after the specified time even if no changes have been made to the
-                  MachineDeployment.
-                  Example: In the YAML the time can be specified in the RFC3339 format.
-                  To specify the rolloutAfter target as March 9, 2023, at 9 am UTC
-                  use "2023-03-09T09:00:00Z".
-                format: date-time
-                type: string
-              selector:
-                description: |-
-                  Label selector for machines. Existing MachineSets whose machines are
-                  selected by this will be the ones affected by this deployment.
-                  It must match the machine template's labels.
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              strategy:
-                description: |-
-                  The deployment strategy to use to replace existing machines with
-                  new ones.
-                properties:
-                  remediation:
-                    description: |-
-                      remediation controls the strategy of remediating unhealthy machines
-                      and how remediating operations should occur during the lifecycle of the dependant MachineSets.
-                    properties:
-                      maxInFlight:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          maxInFlight determines how many in flight remediations should happen at the same time.
-
-                          Remediation only happens on the MachineSet with the most current revision, while
-                          older MachineSets (usually present during rollout operations) aren't allowed to remediate.
-
-                          Note: In general (independent of remediations), unhealthy machines are always
-                          prioritized during scale down operations over healthy ones.
-
-                          MaxInFlight can be set to a fixed number or a percentage.
-                          Example: when this is set to 20%, the MachineSet controller deletes at most 20% of
-                          the desired replicas.
-
-                          If not set, remediation is limited to all machines (bounded by replicas)
-                          under the active MachineSet's management.
-                        x-kubernetes-int-or-string: true
-                    type: object
-                  rollingUpdate:
-                    description: |-
-                      Rolling update config params. Present only if
-                      MachineDeploymentStrategyType = RollingUpdate.
-                    properties:
-                      deletePolicy:
-                        description: |-
-                          deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
-                          Valid values are "Random, "Newest", "Oldest"
-                          When no value is supplied, the default DeletePolicy of MachineSet is used
-                        enum:
-                        - Random
-                        - Newest
-                        - Oldest
-                        type: string
-                      maxSurge:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of machines that can be scheduled above the
-                          desired number of machines.
-                          Value can be an absolute number (ex: 5) or a percentage of
-                          desired machines (ex: 10%).
-                          This can not be 0 if MaxUnavailable is 0.
-                          Absolute number is calculated from percentage by rounding up.
-                          Defaults to 1.
-                          Example: when this is set to 30%, the new MachineSet can be scaled
-                          up immediately when the rolling update starts, such that the total
-                          number of old and new machines do not exceed 130% of desired
-                          machines. Once old machines have been killed, new MachineSet can
-                          be scaled up further, ensuring that total number of machines running
-                          at any time during the update is at most 130% of desired machines.
-                        x-kubernetes-int-or-string: true
-                      maxUnavailable:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of machines that can be unavailable during the update.
-                          Value can be an absolute number (ex: 5) or a percentage of desired
-                          machines (ex: 10%).
-                          Absolute number is calculated from percentage by rounding down.
-                          This can not be 0 if MaxSurge is 0.
-                          Defaults to 0.
-                          Example: when this is set to 30%, the old MachineSet can be scaled
-                          down to 70% of desired machines immediately when the rolling update
-                          starts. Once new machines are ready, old MachineSet can be scaled
-                          down further, followed by scaling up the new MachineSet, ensuring
-                          that the total number of machines available at all times
-                          during the update is at least 70% of desired machines.
-                        x-kubernetes-int-or-string: true
-                    type: object
-                  type:
-                    description: |-
-                      type of deployment. Allowed values are RollingUpdate and OnDelete.
-                      The default is RollingUpdate.
-                    enum:
-                    - RollingUpdate
-                    - OnDelete
-                    type: string
-                type: object
-              template:
-                description: template describes the machines that will be created.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  spec:
-                    description: |-
-                      Specification of the desired behavior of the machine.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-                    properties:
-                      bootstrap:
-                        description: |-
-                          bootstrap is a reference to a local struct which encapsulates
-                          fields to configure the Machine’s bootstrapping mechanism.
-                        properties:
-                          configRef:
-                            description: |-
-                              configRef is a reference to a bootstrap provider-specific resource
-                              that holds configuration details. The reference is optional to
-                              allow users/operators to specify Bootstrap.DataSecretName without
-                              the need of a controller.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          dataSecretName:
-                            description: |-
-                              dataSecretName is the name of the secret that stores the bootstrap data script.
-                              If nil, the Machine should remain in the Pending state.
-                            type: string
-                        type: object
-                      clusterName:
-                        description: clusterName is the name of the Cluster this object
-                          belongs to.
-                        minLength: 1
-                        type: string
-                      failureDomain:
-                        description: |-
-                          failureDomain is the failure domain the machine will be created in.
-                          Must match a key in the FailureDomains map stored on the cluster object.
-                        type: string
-                      infrastructureRef:
-                        description: |-
-                          infrastructureRef is a required reference to a custom resource
-                          offered by an infrastructure provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      nodeDeletionTimeout:
-                        description: |-
-                          nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
-                          hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                          Defaults to 10 seconds.
-                        type: string
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      nodeVolumeDetachTimeout:
-                        description: |-
-                          nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                          to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                        type: string
-                      providerID:
-                        description: |-
-                          providerID is the identification ID of the machine provided by the provider.
-                          This field must match the provider ID as seen on the node object corresponding to this machine.
-                          This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                          with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                          machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                          generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                          able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                          and then a comparison is done to find out unregistered machines and are marked for delete.
-                          This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                          be interfacing with cluster-api as generic provider.
-                        type: string
-                      readinessGates:
-                        description: |-
-                          readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
-
-                          This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
-                          Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
-                          for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
-
-                          Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
-                          they can include the status of those components with a new condition and add this condition to ReadinessGates.
-
-                          NOTE: This field is considered only for computing v1beta2 conditions.
-                          NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
-                          readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
-                          readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
-                          This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
-                        items:
-                          description: MachineReadinessGate contains the type of a
-                            Machine condition to be used as a readiness gate.
-                          properties:
-                            conditionType:
-                              description: |-
-                                conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
-                                If the conditions doesn't exist, it will be treated as unknown.
-                                Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
-                              maxLength: 316
-                              minLength: 1
-                              pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                              type: string
-                          required:
-                          - conditionType
-                          type: object
-                        maxItems: 32
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - conditionType
-                        x-kubernetes-list-type: map
-                      version:
-                        description: |-
-                          version defines the desired Kubernetes version.
-                          This field is meant to be optionally used by bootstrap providers.
-                        type: string
-                    required:
-                    - bootstrap
-                    - clusterName
-                    - infrastructureRef
-                    type: object
-                type: object
-            required:
-            - clusterName
-            - selector
-            - template
-            type: object
-          status:
-            description: MachineDeploymentStatus defines the observed state of MachineDeployment.
-            properties:
-              availableReplicas:
-                description: |-
-                  Total number of available machines (ready for at least minReadySeconds)
-                  targeted by this deployment.
-                format: int32
-                type: integer
-              conditions:
-                description: conditions defines current service state of the MachineDeployment.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              observedGeneration:
-                description: The generation observed by the deployment controller.
-                format: int64
-                type: integer
-              phase:
-                description: phase represents the current phase of a MachineDeployment
-                  (ScalingUp, ScalingDown, Running, Failed, or Unknown).
-                type: string
-              readyReplicas:
-                description: Total number of ready machines targeted by this deployment.
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this deployment
-                  (their labels match the selector).
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is the same as the label selector but in the string format to avoid introspection
-                  by clients. The string will be in the same format as the query-param syntax.
-                  More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
-                type: string
-              unavailableReplicas:
-                description: |-
-                  Total number of unavailable machines targeted by this deployment.
-                  This is the total number of machines that are still required for
-                  the deployment to have 100% available capacity. They may either
-                  be machines that are running but not yet available or machines
-                  that still have not been created.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                format: int32
-                type: integer
-              updatedReplicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this deployment
-                  that have the desired template spec.
-                format: int32
-                type: integer
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in MachineDeployment's status with the V1Beta2 version.
-                properties:
-                  availableReplicas:
-                    description: availableReplicas is the number of available replicas
-                      for this MachineDeployment. A machine is considered available
-                      when Machine's Available condition is true.
-                    format: int32
-                    type: integer
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a MachineDeployment's current state.
-                      Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                  readyReplicas:
-                    description: readyReplicas is the number of ready replicas for
-                      this MachineDeployment. A machine is considered ready when Machine's
-                      Ready condition is true.
-                    format: int32
-                    type: integer
-                  upToDateReplicas:
-                    description: upToDateReplicas is the number of up-to-date replicas
-                      targeted by this deployment. A machine is considered up-to-date
-                      when Machine's UpToDate condition is true.
-                    format: int32
-                    type: integer
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      scale:
-        labelSelectorPath: .status.selector
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: machinedrainrules.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: MachineDrainRule
-    listKind: MachineDrainRuleList
-    plural: machinedrainrules
-    singular: machinedrainrule
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Drain behavior
-      jsonPath: .spec.drain.behavior
-      name: Behavior
-      type: string
-    - description: Drain order
-      jsonPath: .spec.drain.order
-      name: Order
-      type: string
-    - description: Time duration since creation of the MachineDrainRule
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: MachineDrainRule is the Schema for the MachineDrainRule API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: spec defines the spec of a MachineDrainRule.
-            properties:
-              drain:
-                description: drain configures if and how Pods are drained.
-                properties:
-                  behavior:
-                    description: |-
-                      behavior defines the drain behavior.
-                      Can be either "Drain", "Skip", or "WaitCompleted".
-                      "Drain" means that the Pods to which this MachineDrainRule applies will be drained.
-                      If behavior is set to "Drain" the order in which Pods are drained can be configured
-                      with the order field. When draining Pods of a Node the Pods will be grouped by order
-                      and one group after another will be drained (by increasing order). Cluster API will
-                      wait until all Pods of a group are terminated / removed from the Node before starting
-                      with the next group.
-                      "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain.
-                      "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted
-                      and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0.
-                    enum:
-                    - Drain
-                    - Skip
-                    - WaitCompleted
-                    type: string
-                  order:
-                    description: |-
-                      order defines the order in which Pods are drained.
-                      Pods with higher order are drained after Pods with lower order.
-                      order can only be set if behavior is set to "Drain".
-                      If order is not set, 0 will be used.
-                      Valid values for order are from -2147483648 to 2147483647 (inclusive).
-                    format: int32
-                    type: integer
-                required:
-                - behavior
-                type: object
-              machines:
-                description: |-
-                  machines defines to which Machines this MachineDrainRule should be applied.
-
-                  If machines is not set, the MachineDrainRule applies to all Machines in the Namespace.
-                  If machines contains multiple selectors, the results are ORed.
-                  Within a single Machine selector the results of selector and clusterSelector are ANDed.
-                  Machines will be selected from all Clusters in the Namespace unless otherwise
-                  restricted with the clusterSelector.
-
-                  Example: Selects control plane Machines in all Clusters or
-                           Machines with label "os" == "linux" in Clusters with label
-                           "stage" == "production".
-
-                   - selector:
-                       matchExpressions:
-                       - key: cluster.x-k8s.io/control-plane
-                         operator: Exists
-                   - selector:
-                       matchLabels:
-                         os: linux
-                     clusterSelector:
-                       matchExpressions:
-                       - key: stage
-                         operator: In
-                         values:
-                         - production
-                items:
-                  description: MachineDrainRuleMachineSelector defines to which Machines
-                    this MachineDrainRule should be applied.
-                  minProperties: 1
-                  properties:
-                    clusterSelector:
-                      description: |-
-                        clusterSelector is a label selector which selects Machines by the labels of
-                        their Clusters.
-                        This field follows standard label selector semantics; if not present or
-                        empty, it selects Machines of all Clusters.
-
-                        If selector is also set, then the selector as a whole selects
-                        Machines matching selector belonging to Clusters selected by clusterSelector.
-                        If selector is not set, it selects all Machines belonging to Clusters
-                        selected by clusterSelector.
-                      properties:
-                        matchExpressions:
-                          description: matchExpressions is a list of label selector
-                            requirements. The requirements are ANDed.
-                          items:
-                            description: |-
-                              A label selector requirement is a selector that contains values, a key, and an operator that
-                              relates the key and values.
-                            properties:
-                              key:
-                                description: key is the label key that the selector
-                                  applies to.
-                                type: string
-                              operator:
-                                description: |-
-                                  operator represents a key's relationship to a set of values.
-                                  Valid operators are In, NotIn, Exists and DoesNotExist.
-                                type: string
-                              values:
-                                description: |-
-                                  values is an array of string values. If the operator is In or NotIn,
-                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                                  the values array must be empty. This array is replaced during a strategic
-                                  merge patch.
-                                items:
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: atomic
-                            required:
-                            - key
-                            - operator
-                            type: object
-                          type: array
-                          x-kubernetes-list-type: atomic
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                            map is equivalent to an element of matchExpressions, whose key field is "key", the
-                            operator is "In", and the values array contains only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                      x-kubernetes-map-type: atomic
-                    selector:
-                      description: |-
-                        selector is a label selector which selects Machines by their labels.
-                        This field follows standard label selector semantics; if not present or
-                        empty, it selects all Machines.
-
-                        If clusterSelector is also set, then the selector as a whole selects
-                        Machines matching selector belonging to Clusters selected by clusterSelector.
-                        If clusterSelector is not set, it selects all Machines matching selector in
-                        all Clusters.
-                      properties:
-                        matchExpressions:
-                          description: matchExpressions is a list of label selector
-                            requirements. The requirements are ANDed.
-                          items:
-                            description: |-
-                              A label selector requirement is a selector that contains values, a key, and an operator that
-                              relates the key and values.
-                            properties:
-                              key:
-                                description: key is the label key that the selector
-                                  applies to.
-                                type: string
-                              operator:
-                                description: |-
-                                  operator represents a key's relationship to a set of values.
-                                  Valid operators are In, NotIn, Exists and DoesNotExist.
-                                type: string
-                              values:
-                                description: |-
-                                  values is an array of string values. If the operator is In or NotIn,
-                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                                  the values array must be empty. This array is replaced during a strategic
-                                  merge patch.
-                                items:
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: atomic
-                            required:
-                            - key
-                            - operator
-                            type: object
-                          type: array
-                          x-kubernetes-list-type: atomic
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                            map is equivalent to an element of matchExpressions, whose key field is "key", the
-                            operator is "In", and the values array contains only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                      x-kubernetes-map-type: atomic
-                  type: object
-                maxItems: 32
-                minItems: 1
-                type: array
-                x-kubernetes-list-type: atomic
-              pods:
-                description: |-
-                  pods defines to which Pods this MachineDrainRule should be applied.
-
-                  If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces.
-                  If pods contains multiple selectors, the results are ORed.
-                  Within a single Pod selector the results of selector and namespaceSelector are ANDed.
-                  Pods will be selected from all Namespaces unless otherwise
-                  restricted with the namespaceSelector.
-
-                  Example: Selects Pods with label "app" == "logging" in all Namespaces or
-                           Pods with label "app" == "prometheus" in the "monitoring"
-                           Namespace.
-
-                   - selector:
-                       matchExpressions:
-                       - key: app
-                         operator: In
-                         values:
-                         - logging
-                   - selector:
-                       matchLabels:
-                         app: prometheus
-                     namespaceSelector:
-                       matchLabels:
-                         kubernetes.io/metadata.name: monitoring
-                items:
-                  description: MachineDrainRulePodSelector defines to which Pods this
-                    MachineDrainRule should be applied.
-                  minProperties: 1
-                  properties:
-                    namespaceSelector:
-                      description: |-
-                        namespaceSelector is a label selector which selects Pods by the labels of
-                        their Namespaces.
-                        This field follows standard label selector semantics; if not present or
-                        empty, it selects Pods of all Namespaces.
-
-                        If selector is also set, then the selector as a whole selects
-                        Pods matching selector in Namespaces selected by namespaceSelector.
-                        If selector is not set, it selects all Pods in Namespaces selected by
-                        namespaceSelector.
-                      properties:
-                        matchExpressions:
-                          description: matchExpressions is a list of label selector
-                            requirements. The requirements are ANDed.
-                          items:
-                            description: |-
-                              A label selector requirement is a selector that contains values, a key, and an operator that
-                              relates the key and values.
-                            properties:
-                              key:
-                                description: key is the label key that the selector
-                                  applies to.
-                                type: string
-                              operator:
-                                description: |-
-                                  operator represents a key's relationship to a set of values.
-                                  Valid operators are In, NotIn, Exists and DoesNotExist.
-                                type: string
-                              values:
-                                description: |-
-                                  values is an array of string values. If the operator is In or NotIn,
-                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                                  the values array must be empty. This array is replaced during a strategic
-                                  merge patch.
-                                items:
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: atomic
-                            required:
-                            - key
-                            - operator
-                            type: object
-                          type: array
-                          x-kubernetes-list-type: atomic
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                            map is equivalent to an element of matchExpressions, whose key field is "key", the
-                            operator is "In", and the values array contains only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                      x-kubernetes-map-type: atomic
-                    selector:
-                      description: |-
-                        selector is a label selector which selects Pods by their labels.
-                        This field follows standard label selector semantics; if not present or
-                        empty, it selects all Pods.
-
-                        If namespaceSelector is also set, then the selector as a whole selects
-                        Pods matching selector in Namespaces selected by namespaceSelector.
-                        If namespaceSelector is not set, it selects all Pods matching selector in
-                        all Namespaces.
-                      properties:
-                        matchExpressions:
-                          description: matchExpressions is a list of label selector
-                            requirements. The requirements are ANDed.
-                          items:
-                            description: |-
-                              A label selector requirement is a selector that contains values, a key, and an operator that
-                              relates the key and values.
-                            properties:
-                              key:
-                                description: key is the label key that the selector
-                                  applies to.
-                                type: string
-                              operator:
-                                description: |-
-                                  operator represents a key's relationship to a set of values.
-                                  Valid operators are In, NotIn, Exists and DoesNotExist.
-                                type: string
-                              values:
-                                description: |-
-                                  values is an array of string values. If the operator is In or NotIn,
-                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                                  the values array must be empty. This array is replaced during a strategic
-                                  merge patch.
-                                items:
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: atomic
-                            required:
-                            - key
-                            - operator
-                            type: object
-                          type: array
-                          x-kubernetes-list-type: atomic
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                            map is equivalent to an element of matchExpressions, whose key field is "key", the
-                            operator is "In", and the values array contains only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                      x-kubernetes-map-type: atomic
-                  type: object
-                maxItems: 32
-                minItems: 1
-                type: array
-                x-kubernetes-list-type: atomic
-            required:
-            - drain
-            type: object
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: machinehealthchecks.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: MachineHealthCheck
-    listKind: MachineHealthCheckList
-    plural: machinehealthchecks
-    shortNames:
-    - mhc
-    - mhcs
-    singular: machinehealthcheck
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Maximum number of unhealthy machines allowed
-      jsonPath: .spec.maxUnhealthy
-      name: MaxUnhealthy
-      type: string
-    - description: Number of machines currently monitored
-      jsonPath: .status.expectedMachines
-      name: ExpectedMachines
-      type: integer
-    - description: Current observed healthy machines
-      jsonPath: .status.currentHealthy
-      name: CurrentHealthy
-      type: integer
-    deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          MachineHealthCheck is the Schema for the machinehealthchecks API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: Specification of machine health check policy
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              maxUnhealthy:
-                anyOf:
-                - type: integer
-                - type: string
-                description: |-
-                  Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
-                  "selector" are not healthy.
-                x-kubernetes-int-or-string: true
-              nodeStartupTimeout:
-                description: |-
-                  Machines older than this duration without a node will be considered to have
-                  failed and will be remediated.
-                type: string
-              remediationTemplate:
-                description: |-
-                  remediationTemplate is a reference to a remediation template
-                  provided by an infrastructure provider.
-
-                  This field is completely optional, when filled, the MachineHealthCheck controller
-                  creates a new object from the template referenced and hands off remediation of the machine to
-                  a controller that lives outside of Cluster API.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              selector:
-                description: Label selector to match machines whose health will be
-                  exercised
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              unhealthyConditions:
-                description: |-
-                  unhealthyConditions contains a list of the conditions that determine
-                  whether a node is considered unhealthy.  The conditions are combined in a
-                  logical OR, i.e. if any of the conditions is met, the node is unhealthy.
-                items:
-                  description: |-
-                    UnhealthyCondition represents a Node condition type and value with a timeout
-                    specified as a duration.  When the named condition has been in the given
-                    status for at least the timeout value, a node is considered unhealthy.
-                  properties:
-                    status:
-                      minLength: 1
-                      type: string
-                    timeout:
-                      type: string
-                    type:
-                      minLength: 1
-                      type: string
-                  required:
-                  - status
-                  - timeout
-                  - type
-                  type: object
-                minItems: 1
-                type: array
-            required:
-            - clusterName
-            - selector
-            - unhealthyConditions
-            type: object
-          status:
-            description: Most recently observed status of MachineHealthCheck resource
-            properties:
-              conditions:
-                description: conditions defines current service state of the MachineHealthCheck.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              currentHealthy:
-                description: total number of healthy machines counted by this machine
-                  health check
-                format: int32
-                minimum: 0
-                type: integer
-              expectedMachines:
-                description: total number of machines counted by this machine health
-                  check
-                format: int32
-                minimum: 0
-                type: integer
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              remediationsAllowed:
-                description: |-
-                  remediationsAllowed is the number of further remediations allowed by this machine health check before
-                  maxUnhealthy short circuiting will be applied
-                format: int32
-                minimum: 0
-                type: integer
-              targets:
-                description: targets shows the current list of machines the machine
-                  health check is watching
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .spec.clusterName
-      name: Cluster
-      type: string
-    - description: Time duration since creation of MachineHealthCheck
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Maximum number of unhealthy machines allowed
-      jsonPath: .spec.maxUnhealthy
-      name: MaxUnhealthy
-      type: string
-    - description: Number of machines currently monitored
-      jsonPath: .status.expectedMachines
-      name: ExpectedMachines
-      type: integer
-    - description: Current observed healthy machines
-      jsonPath: .status.currentHealthy
-      name: CurrentHealthy
-      type: integer
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          MachineHealthCheck is the Schema for the machinehealthchecks API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: Specification of machine health check policy
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              maxUnhealthy:
-                anyOf:
-                - type: integer
-                - type: string
-                description: |-
-                  Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
-                  "selector" are not healthy.
-                x-kubernetes-int-or-string: true
-              nodeStartupTimeout:
-                description: |-
-                  Machines older than this duration without a node will be considered to have
-                  failed and will be remediated.
-                  If not set, this value is defaulted to 10 minutes.
-                  If you wish to disable this feature, set the value explicitly to 0.
-                type: string
-              remediationTemplate:
-                description: |-
-                  remediationTemplate is a reference to a remediation template
-                  provided by an infrastructure provider.
-
-                  This field is completely optional, when filled, the MachineHealthCheck controller
-                  creates a new object from the template referenced and hands off remediation of the machine to
-                  a controller that lives outside of Cluster API.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              selector:
-                description: Label selector to match machines whose health will be
-                  exercised
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              unhealthyConditions:
-                description: |-
-                  unhealthyConditions contains a list of the conditions that determine
-                  whether a node is considered unhealthy.  The conditions are combined in a
-                  logical OR, i.e. if any of the conditions is met, the node is unhealthy.
-                items:
-                  description: |-
-                    UnhealthyCondition represents a Node condition type and value with a timeout
-                    specified as a duration.  When the named condition has been in the given
-                    status for at least the timeout value, a node is considered unhealthy.
-                  properties:
-                    status:
-                      minLength: 1
-                      type: string
-                    timeout:
-                      type: string
-                    type:
-                      minLength: 1
-                      type: string
-                  required:
-                  - status
-                  - timeout
-                  - type
-                  type: object
-                minItems: 1
-                type: array
-              unhealthyRange:
-                description: |-
-                  Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
-                  is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
-                  Eg. "[3-5]" - This means that remediation will be allowed only when:
-                  (a) there are at least 3 unhealthy machines (and)
-                  (b) there are at most 5 unhealthy machines
-                pattern: ^\[[0-9]+-[0-9]+\]$
-                type: string
-            required:
-            - clusterName
-            - selector
-            - unhealthyConditions
-            type: object
-          status:
-            description: Most recently observed status of MachineHealthCheck resource
-            properties:
-              conditions:
-                description: conditions defines current service state of the MachineHealthCheck.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              currentHealthy:
-                description: total number of healthy machines counted by this machine
-                  health check
-                format: int32
-                minimum: 0
-                type: integer
-              expectedMachines:
-                description: total number of machines counted by this machine health
-                  check
-                format: int32
-                minimum: 0
-                type: integer
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              remediationsAllowed:
-                description: |-
-                  remediationsAllowed is the number of further remediations allowed by this machine health check before
-                  maxUnhealthy short circuiting will be applied
-                format: int32
-                minimum: 0
-                type: integer
-              targets:
-                description: targets shows the current list of machines the machine
-                  health check is watching
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .spec.clusterName
-      name: Cluster
-      type: string
-    - description: Number of machines currently monitored
-      jsonPath: .status.expectedMachines
-      name: ExpectedMachines
-      type: integer
-    - description: Maximum number of unhealthy machines allowed
-      jsonPath: .spec.maxUnhealthy
-      name: MaxUnhealthy
-      type: string
-    - description: Current observed healthy machines
-      jsonPath: .status.currentHealthy
-      name: CurrentHealthy
-      type: integer
-    - description: Time duration since creation of MachineHealthCheck
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: MachineHealthCheck is the Schema for the machinehealthchecks
-          API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: Specification of machine health check policy
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              maxUnhealthy:
-                anyOf:
-                - type: integer
-                - type: string
-                description: |-
-                  Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
-                  "selector" are not healthy.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details.
-                x-kubernetes-int-or-string: true
-              nodeStartupTimeout:
-                description: |-
-                  nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
-                  to consider a Machine unhealthy if a corresponding Node isn't associated
-                  through a `Spec.ProviderID` field.
-
-                  The duration set in this field is compared to the greatest of:
-                  - Cluster's infrastructure ready condition timestamp (if and when available)
-                  - Control Plane's initialized condition timestamp (if and when available)
-                  - Machine's infrastructure ready condition timestamp (if and when available)
-                  - Machine's metadata creation timestamp
-
-                  Defaults to 10 minutes.
-                  If you wish to disable this feature, set the value explicitly to 0.
-                type: string
-              remediationTemplate:
-                description: |-
-                  remediationTemplate is a reference to a remediation template
-                  provided by an infrastructure provider.
-
-                  This field is completely optional, when filled, the MachineHealthCheck controller
-                  creates a new object from the template referenced and hands off remediation of the machine to
-                  a controller that lives outside of Cluster API.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              selector:
-                description: Label selector to match machines whose health will be
-                  exercised
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              unhealthyConditions:
-                description: |-
-                  unhealthyConditions contains a list of the conditions that determine
-                  whether a node is considered unhealthy.  The conditions are combined in a
-                  logical OR, i.e. if any of the conditions is met, the node is unhealthy.
-                items:
-                  description: |-
-                    UnhealthyCondition represents a Node condition type and value with a timeout
-                    specified as a duration.  When the named condition has been in the given
-                    status for at least the timeout value, a node is considered unhealthy.
-                  properties:
-                    status:
-                      minLength: 1
-                      type: string
-                    timeout:
-                      type: string
-                    type:
-                      minLength: 1
-                      type: string
-                  required:
-                  - status
-                  - timeout
-                  - type
-                  type: object
-                type: array
-              unhealthyRange:
-                description: |-
-                  Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
-                  is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
-                  Eg. "[3-5]" - This means that remediation will be allowed only when:
-                  (a) there are at least 3 unhealthy machines (and)
-                  (b) there are at most 5 unhealthy machines
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details.
-                pattern: ^\[[0-9]+-[0-9]+\]$
-                type: string
-            required:
-            - clusterName
-            - selector
-            type: object
-          status:
-            description: Most recently observed status of MachineHealthCheck resource
-            properties:
-              conditions:
-                description: conditions defines current service state of the MachineHealthCheck.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              currentHealthy:
-                description: total number of healthy machines counted by this machine
-                  health check
-                format: int32
-                minimum: 0
-                type: integer
-              expectedMachines:
-                description: total number of machines counted by this machine health
-                  check
-                format: int32
-                minimum: 0
-                type: integer
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              remediationsAllowed:
-                description: |-
-                  remediationsAllowed is the number of further remediations allowed by this machine health check before
-                  maxUnhealthy short circuiting will be applied
-                format: int32
-                minimum: 0
-                type: integer
-              targets:
-                description: targets shows the current list of machines the machine
-                  health check is watching
-                items:
-                  type: string
-                type: array
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in MachineHealthCheck's status with the V1Beta2 version.
-                properties:
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a MachineHealthCheck's current state.
-                      Known condition types are RemediationAllowed, Paused.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: machinepools.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: MachinePool
-    listKind: MachinePoolList
-    plural: machinepools
-    shortNames:
-    - mp
-    singular: machinepool
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: MachinePool replicas count
-      jsonPath: .status.replicas
-      name: Replicas
-      type: string
-    - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
-        etc
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Kubernetes version associated with this MachinePool
-      jsonPath: .spec.template.spec.version
-      name: Version
-      type: string
-    deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          MachinePool is the Schema for the machinepools API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachinePoolSpec defines the desired state of MachinePool.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              failureDomains:
-                description: failureDomains is the list of failure domains this MachinePool
-                  should be attached to.
-                items:
-                  type: string
-                type: array
-              minReadySeconds:
-                description: |-
-                  Minimum number of seconds for which a newly created machine instances should
-                  be ready.
-                  Defaults to 0 (machine instance will be considered available as soon as it
-                  is ready)
-                format: int32
-                type: integer
-              providerIDList:
-                description: |-
-                  providerIDList are the identification IDs of machine instances provided by the provider.
-                  This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.
-                items:
-                  type: string
-                type: array
-              replicas:
-                description: |-
-                  Number of desired machines. Defaults to 1.
-                  This is a pointer to distinguish between explicit zero and not specified.
-                format: int32
-                type: integer
-              strategy:
-                description: |-
-                  The deployment strategy to use to replace existing machine instances with
-                  new ones.
-                properties:
-                  rollingUpdate:
-                    description: |-
-                      Rolling update config params. Present only if
-                      MachineDeploymentStrategyType = RollingUpdate.
-                    properties:
-                      maxSurge:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of machines that can be scheduled above the
-                          desired number of machines.
-                          Value can be an absolute number (ex: 5) or a percentage of
-                          desired machines (ex: 10%).
-                          This can not be 0 if MaxUnavailable is 0.
-                          Absolute number is calculated from percentage by rounding up.
-                          Defaults to 1.
-                          Example: when this is set to 30%, the new MachineSet can be scaled
-                          up immediately when the rolling update starts, such that the total
-                          number of old and new machines do not exceed 130% of desired
-                          machines. Once old machines have been killed, new MachineSet can
-                          be scaled up further, ensuring that total number of machines running
-                          at any time during the update is at most 130% of desired machines.
-                        x-kubernetes-int-or-string: true
-                      maxUnavailable:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of machines that can be unavailable during the update.
-                          Value can be an absolute number (ex: 5) or a percentage of desired
-                          machines (ex: 10%).
-                          Absolute number is calculated from percentage by rounding down.
-                          This can not be 0 if MaxSurge is 0.
-                          Defaults to 0.
-                          Example: when this is set to 30%, the old MachineSet can be scaled
-                          down to 70% of desired machines immediately when the rolling update
-                          starts. Once new machines are ready, old MachineSet can be scaled
-                          down further, followed by scaling up the new MachineSet, ensuring
-                          that the total number of machines available at all times
-                          during the update is at least 70% of desired machines.
-                        x-kubernetes-int-or-string: true
-                    type: object
-                  type:
-                    description: |-
-                      type of deployment. Currently the only supported strategy is
-                      "RollingUpdate".
-                      Default is RollingUpdate.
-                    type: string
-                type: object
-              template:
-                description: template describes the machines that will be created.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      generateName:
-                        description: |-
-                          generateName is an optional prefix, used by the server, to generate a unique
-                          name ONLY IF the Name field has not been provided.
-                          If this field is used, the name returned to the client will be different
-                          than the name passed. This value will also be combined with a unique suffix.
-                          The provided value has the same validation rules as the Name field,
-                          and may be truncated by the length of the suffix required to make the value
-                          unique on the server.
-
-                          If this field is specified and the generated name exists, the server will
-                          NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
-                          ServerTimeout indicating a unique name could not be found in the time allotted, and the client
-                          should retry (optionally after the time indicated in the Retry-After header).
-
-                          Applied only if Name is not specified.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        type: string
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                      name:
-                        description: |-
-                          name must be unique within a namespace. Is required when creating resources, although
-                          some resources may allow a client to request the generation of an appropriate name
-                          automatically. Name is primarily intended for creation idempotence and configuration
-                          definition.
-                          Cannot be updated.
-                          More info: http://kubernetes.io/docs/user-guide/identifiers#names
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        type: string
-                      namespace:
-                        description: |-
-                          namespace defines the space within each name must be unique. An empty namespace is
-                          equivalent to the "default" namespace, but "default" is the canonical representation.
-                          Not all objects are required to be scoped to a namespace - the value of this field for
-                          those objects will be empty.
-
-                          Must be a DNS_LABEL.
-                          Cannot be updated.
-                          More info: http://kubernetes.io/docs/user-guide/namespaces
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        type: string
-                      ownerReferences:
-                        description: |-
-                          List of objects depended by this object. If ALL objects in the list have
-                          been deleted, this object will be garbage collected. If this object is managed by a controller,
-                          then an entry in this list will point to this controller, with the controller field set to true.
-                          There cannot be more than one managing controller.
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        items:
-                          description: |-
-                            OwnerReference contains enough information to let you identify an owning
-                            object. An owning object must be in the same namespace as the dependent, or
-                            be cluster-scoped, so there is no namespace field.
-                          properties:
-                            apiVersion:
-                              description: API version of the referent.
-                              type: string
-                            blockOwnerDeletion:
-                              description: |-
-                                If true, AND if the owner has the "foregroundDeletion" finalizer, then
-                                the owner cannot be deleted from the key-value store until this
-                                reference is removed.
-                                See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
-                                for how the garbage collector interacts with this field and enforces the foreground deletion.
-                                Defaults to false.
-                                To set this field, a user needs "delete" permission of the owner,
-                                otherwise 422 (Unprocessable Entity) will be returned.
-                              type: boolean
-                            controller:
-                              description: If true, this reference points to the managing
-                                controller.
-                              type: boolean
-                            kind:
-                              description: |-
-                                Kind of the referent.
-                                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                              type: string
-                            name:
-                              description: |-
-                                Name of the referent.
-                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
-                              type: string
-                            uid:
-                              description: |-
-                                UID of the referent.
-                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
-                              type: string
-                          required:
-                          - apiVersion
-                          - kind
-                          - name
-                          - uid
-                          type: object
-                          x-kubernetes-map-type: atomic
-                        type: array
-                    type: object
-                  spec:
-                    description: |-
-                      Specification of the desired behavior of the machine.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-                    properties:
-                      bootstrap:
-                        description: |-
-                          bootstrap is a reference to a local struct which encapsulates
-                          fields to configure the Machine’s bootstrapping mechanism.
-                        properties:
-                          configRef:
-                            description: |-
-                              configRef is a reference to a bootstrap provider-specific resource
-                              that holds configuration details. The reference is optional to
-                              allow users/operators to specify Bootstrap.Data without
-                              the need of a controller.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          data:
-                            description: |-
-                              data contains the bootstrap data, such as cloud-init details scripts.
-                              If nil, the Machine should remain in the Pending state.
-
-                              Deprecated: Switch to DataSecretName.
-                            type: string
-                          dataSecretName:
-                            description: |-
-                              dataSecretName is the name of the secret that stores the bootstrap data script.
-                              If nil, the Machine should remain in the Pending state.
-                            type: string
-                        type: object
-                      clusterName:
-                        description: clusterName is the name of the Cluster this object
-                          belongs to.
-                        minLength: 1
-                        type: string
-                      failureDomain:
-                        description: |-
-                          failureDomain is the failure domain the machine will be created in.
-                          Must match a key in the FailureDomains map stored on the cluster object.
-                        type: string
-                      infrastructureRef:
-                        description: |-
-                          infrastructureRef is a required reference to a custom resource
-                          offered by an infrastructure provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      providerID:
-                        description: |-
-                          providerID is the identification ID of the machine provided by the provider.
-                          This field must match the provider ID as seen on the node object corresponding to this machine.
-                          This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                          with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                          machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                          generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                          able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                          and then a comparison is done to find out unregistered machines and are marked for delete.
-                          This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                          be interfacing with cluster-api as generic provider.
-                        type: string
-                      version:
-                        description: |-
-                          version defines the desired Kubernetes version.
-                          This field is meant to be optionally used by bootstrap providers.
-                        type: string
-                    required:
-                    - bootstrap
-                    - clusterName
-                    - infrastructureRef
-                    type: object
-                type: object
-            required:
-            - clusterName
-            - template
-            type: object
-          status:
-            description: MachinePoolStatus defines the observed state of MachinePool.
-            properties:
-              availableReplicas:
-                description: The number of available replicas (ready for at least
-                  minReadySeconds) for this MachinePool.
-                format: int32
-                type: integer
-              bootstrapReady:
-                description: bootstrapReady is the state of the bootstrap provider.
-                type: boolean
-              conditions:
-                description: conditions define the current service state of the MachinePool.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  failureMessage indicates that there is a problem reconciling the state,
-                  and will be set to a descriptive error message.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason indicates that there is a problem reconciling the state, and
-                  will be set to a token value suitable for programmatic interpretation.
-                type: string
-              infrastructureReady:
-                description: infrastructureReady is the state of the infrastructure
-                  provider.
-                type: boolean
-              nodeRefs:
-                description: nodeRefs will point to the corresponding Nodes if it
-                  they exist.
-                items:
-                  description: ObjectReference contains enough information to let
-                    you inspect or modify the referred object.
-                  properties:
-                    apiVersion:
-                      description: API version of the referent.
-                      type: string
-                    fieldPath:
-                      description: |-
-                        If referring to a piece of an object instead of an entire object, this string
-                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                        the event) or if no container name is specified "spec.containers[2]" (container with
-                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                        referencing a part of an object.
-                      type: string
-                    kind:
-                      description: |-
-                        Kind of the referent.
-                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                      type: string
-                    name:
-                      description: |-
-                        Name of the referent.
-                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                      type: string
-                    namespace:
-                      description: |-
-                        Namespace of the referent.
-                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                      type: string
-                    resourceVersion:
-                      description: |-
-                        Specific resourceVersion to which this reference is made, if any.
-                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                      type: string
-                    uid:
-                      description: |-
-                        UID of the referent.
-                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                      type: string
-                  type: object
-                  x-kubernetes-map-type: atomic
-                type: array
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              phase:
-                description: |-
-                  phase represents the current phase of cluster actuation.
-                  E.g. Pending, Running, Terminating, Failed etc.
-                type: string
-              readyReplicas:
-                description: The number of ready replicas for this MachinePool. A
-                  machine is considered ready when the node has been created and is
-                  "Ready".
-                format: int32
-                type: integer
-              replicas:
-                description: replicas is the most recently observed number of replicas.
-                format: int32
-                type: integer
-              unavailableReplicas:
-                description: |-
-                  Total number of unavailable machine instances targeted by this machine pool.
-                  This is the total number of machine instances that are still required for
-                  the machine pool to have 100% available capacity. They may either
-                  be machine instances that are running but not yet available or machine instances
-                  that still have not been created.
-                format: int32
-                type: integer
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      scale:
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of MachinePool
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: MachinePool replicas count
-      jsonPath: .status.replicas
-      name: Replicas
-      type: string
-    - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
-        etc
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Kubernetes version associated with this MachinePool
-      jsonPath: .spec.template.spec.version
-      name: Version
-      type: string
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          MachinePool is the Schema for the machinepools API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachinePoolSpec defines the desired state of MachinePool.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              failureDomains:
-                description: failureDomains is the list of failure domains this MachinePool
-                  should be attached to.
-                items:
-                  type: string
-                type: array
-              minReadySeconds:
-                description: |-
-                  Minimum number of seconds for which a newly created machine instances should
-                  be ready.
-                  Defaults to 0 (machine instance will be considered available as soon as it
-                  is ready)
-                format: int32
-                type: integer
-              providerIDList:
-                description: |-
-                  providerIDList are the identification IDs of machine instances provided by the provider.
-                  This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.
-                items:
-                  type: string
-                type: array
-              replicas:
-                description: |-
-                  Number of desired machines. Defaults to 1.
-                  This is a pointer to distinguish between explicit zero and not specified.
-                format: int32
-                type: integer
-              template:
-                description: template describes the machines that will be created.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  spec:
-                    description: |-
-                      Specification of the desired behavior of the machine.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-                    properties:
-                      bootstrap:
-                        description: |-
-                          bootstrap is a reference to a local struct which encapsulates
-                          fields to configure the Machine’s bootstrapping mechanism.
-                        properties:
-                          configRef:
-                            description: |-
-                              configRef is a reference to a bootstrap provider-specific resource
-                              that holds configuration details. The reference is optional to
-                              allow users/operators to specify Bootstrap.DataSecretName without
-                              the need of a controller.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          dataSecretName:
-                            description: |-
-                              dataSecretName is the name of the secret that stores the bootstrap data script.
-                              If nil, the Machine should remain in the Pending state.
-                            type: string
-                        type: object
-                      clusterName:
-                        description: clusterName is the name of the Cluster this object
-                          belongs to.
-                        minLength: 1
-                        type: string
-                      failureDomain:
-                        description: |-
-                          failureDomain is the failure domain the machine will be created in.
-                          Must match a key in the FailureDomains map stored on the cluster object.
-                        type: string
-                      infrastructureRef:
-                        description: |-
-                          infrastructureRef is a required reference to a custom resource
-                          offered by an infrastructure provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      providerID:
-                        description: |-
-                          providerID is the identification ID of the machine provided by the provider.
-                          This field must match the provider ID as seen on the node object corresponding to this machine.
-                          This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                          with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                          machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                          generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                          able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                          and then a comparison is done to find out unregistered machines and are marked for delete.
-                          This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                          be interfacing with cluster-api as generic provider.
-                        type: string
-                      version:
-                        description: |-
-                          version defines the desired Kubernetes version.
-                          This field is meant to be optionally used by bootstrap providers.
-                        type: string
-                    required:
-                    - bootstrap
-                    - clusterName
-                    - infrastructureRef
-                    type: object
-                type: object
-            required:
-            - clusterName
-            - template
-            type: object
-          status:
-            description: MachinePoolStatus defines the observed state of MachinePool.
-            properties:
-              availableReplicas:
-                description: The number of available replicas (ready for at least
-                  minReadySeconds) for this MachinePool.
-                format: int32
-                type: integer
-              bootstrapReady:
-                description: bootstrapReady is the state of the bootstrap provider.
-                type: boolean
-              conditions:
-                description: conditions define the current service state of the MachinePool.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  failureMessage indicates that there is a problem reconciling the state,
-                  and will be set to a descriptive error message.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason indicates that there is a problem reconciling the state, and
-                  will be set to a token value suitable for programmatic interpretation.
-                type: string
-              infrastructureReady:
-                description: infrastructureReady is the state of the infrastructure
-                  provider.
-                type: boolean
-              nodeRefs:
-                description: nodeRefs will point to the corresponding Nodes if it
-                  they exist.
-                items:
-                  description: ObjectReference contains enough information to let
-                    you inspect or modify the referred object.
-                  properties:
-                    apiVersion:
-                      description: API version of the referent.
-                      type: string
-                    fieldPath:
-                      description: |-
-                        If referring to a piece of an object instead of an entire object, this string
-                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                        the event) or if no container name is specified "spec.containers[2]" (container with
-                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                        referencing a part of an object.
-                      type: string
-                    kind:
-                      description: |-
-                        Kind of the referent.
-                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                      type: string
-                    name:
-                      description: |-
-                        Name of the referent.
-                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                      type: string
-                    namespace:
-                      description: |-
-                        Namespace of the referent.
-                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                      type: string
-                    resourceVersion:
-                      description: |-
-                        Specific resourceVersion to which this reference is made, if any.
-                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                      type: string
-                    uid:
-                      description: |-
-                        UID of the referent.
-                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                      type: string
-                  type: object
-                  x-kubernetes-map-type: atomic
-                type: array
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              phase:
-                description: |-
-                  phase represents the current phase of cluster actuation.
-                  E.g. Pending, Running, Terminating, Failed etc.
-                type: string
-              readyReplicas:
-                description: The number of ready replicas for this MachinePool. A
-                  machine is considered ready when the node has been created and is
-                  "Ready".
-                format: int32
-                type: integer
-              replicas:
-                description: replicas is the most recently observed number of replicas.
-                format: int32
-                type: integer
-              unavailableReplicas:
-                description: |-
-                  Total number of unavailable machine instances targeted by this machine pool.
-                  This is the total number of machine instances that are still required for
-                  the machine pool to have 100% available capacity. They may either
-                  be machine instances that are running but not yet available or machine instances
-                  that still have not been created.
-                format: int32
-                type: integer
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      scale:
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .spec.clusterName
-      name: Cluster
-      type: string
-    - description: Total number of machines desired by this MachinePool
-      jsonPath: .spec.replicas
-      name: Desired
-      priority: 10
-      type: integer
-    - description: MachinePool replicas count
-      jsonPath: .status.replicas
-      name: Replicas
-      type: string
-    - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
-        etc
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Time duration since creation of MachinePool
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Kubernetes version associated with this MachinePool
-      jsonPath: .spec.template.spec.version
-      name: Version
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: MachinePool is the Schema for the machinepools API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachinePoolSpec defines the desired state of MachinePool.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              failureDomains:
-                description: failureDomains is the list of failure domains this MachinePool
-                  should be attached to.
-                items:
-                  type: string
-                type: array
-              minReadySeconds:
-                description: |-
-                  Minimum number of seconds for which a newly created machine instances should
-                  be ready.
-                  Defaults to 0 (machine instance will be considered available as soon as it
-                  is ready)
-                format: int32
-                type: integer
-              providerIDList:
-                description: |-
-                  providerIDList are the identification IDs of machine instances provided by the provider.
-                  This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.
-                items:
-                  type: string
-                type: array
-              replicas:
-                description: |-
-                  Number of desired machines. Defaults to 1.
-                  This is a pointer to distinguish between explicit zero and not specified.
-                format: int32
-                type: integer
-              template:
-                description: template describes the machines that will be created.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  spec:
-                    description: |-
-                      Specification of the desired behavior of the machine.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-                    properties:
-                      bootstrap:
-                        description: |-
-                          bootstrap is a reference to a local struct which encapsulates
-                          fields to configure the Machine’s bootstrapping mechanism.
-                        properties:
-                          configRef:
-                            description: |-
-                              configRef is a reference to a bootstrap provider-specific resource
-                              that holds configuration details. The reference is optional to
-                              allow users/operators to specify Bootstrap.DataSecretName without
-                              the need of a controller.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          dataSecretName:
-                            description: |-
-                              dataSecretName is the name of the secret that stores the bootstrap data script.
-                              If nil, the Machine should remain in the Pending state.
-                            type: string
-                        type: object
-                      clusterName:
-                        description: clusterName is the name of the Cluster this object
-                          belongs to.
-                        minLength: 1
-                        type: string
-                      failureDomain:
-                        description: |-
-                          failureDomain is the failure domain the machine will be created in.
-                          Must match a key in the FailureDomains map stored on the cluster object.
-                        type: string
-                      infrastructureRef:
-                        description: |-
-                          infrastructureRef is a required reference to a custom resource
-                          offered by an infrastructure provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      nodeDeletionTimeout:
-                        description: |-
-                          nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
-                          hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                          Defaults to 10 seconds.
-                        type: string
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      nodeVolumeDetachTimeout:
-                        description: |-
-                          nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                          to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                        type: string
-                      providerID:
-                        description: |-
-                          providerID is the identification ID of the machine provided by the provider.
-                          This field must match the provider ID as seen on the node object corresponding to this machine.
-                          This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                          with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                          machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                          generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                          able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                          and then a comparison is done to find out unregistered machines and are marked for delete.
-                          This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                          be interfacing with cluster-api as generic provider.
-                        type: string
-                      readinessGates:
-                        description: |-
-                          readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
-
-                          This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
-                          Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
-                          for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
-
-                          Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
-                          they can include the status of those components with a new condition and add this condition to ReadinessGates.
-
-                          NOTE: This field is considered only for computing v1beta2 conditions.
-                          NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
-                          readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
-                          readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
-                          This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
-                        items:
-                          description: MachineReadinessGate contains the type of a
-                            Machine condition to be used as a readiness gate.
-                          properties:
-                            conditionType:
-                              description: |-
-                                conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
-                                If the conditions doesn't exist, it will be treated as unknown.
-                                Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
-                              maxLength: 316
-                              minLength: 1
-                              pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                              type: string
-                          required:
-                          - conditionType
-                          type: object
-                        maxItems: 32
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - conditionType
-                        x-kubernetes-list-type: map
-                      version:
-                        description: |-
-                          version defines the desired Kubernetes version.
-                          This field is meant to be optionally used by bootstrap providers.
-                        type: string
-                    required:
-                    - bootstrap
-                    - clusterName
-                    - infrastructureRef
-                    type: object
-                type: object
-            required:
-            - clusterName
-            - template
-            type: object
-          status:
-            description: MachinePoolStatus defines the observed state of MachinePool.
-            properties:
-              availableReplicas:
-                description: The number of available replicas (ready for at least
-                  minReadySeconds) for this MachinePool.
-                format: int32
-                type: integer
-              bootstrapReady:
-                description: bootstrapReady is the state of the bootstrap provider.
-                type: boolean
-              conditions:
-                description: conditions define the current service state of the MachinePool.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  failureMessage indicates that there is a problem reconciling the state,
-                  and will be set to a descriptive error message.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason indicates that there is a problem reconciling the state, and
-                  will be set to a token value suitable for programmatic interpretation.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              infrastructureReady:
-                description: infrastructureReady is the state of the infrastructure
-                  provider.
-                type: boolean
-              nodeRefs:
-                description: nodeRefs will point to the corresponding Nodes if it
-                  they exist.
-                items:
-                  description: ObjectReference contains enough information to let
-                    you inspect or modify the referred object.
-                  properties:
-                    apiVersion:
-                      description: API version of the referent.
-                      type: string
-                    fieldPath:
-                      description: |-
-                        If referring to a piece of an object instead of an entire object, this string
-                        should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                        For example, if the object reference is to a container within a pod, this would take on a value like:
-                        "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                        the event) or if no container name is specified "spec.containers[2]" (container with
-                        index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                        referencing a part of an object.
-                      type: string
-                    kind:
-                      description: |-
-                        Kind of the referent.
-                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                      type: string
-                    name:
-                      description: |-
-                        Name of the referent.
-                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                      type: string
-                    namespace:
-                      description: |-
-                        Namespace of the referent.
-                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                      type: string
-                    resourceVersion:
-                      description: |-
-                        Specific resourceVersion to which this reference is made, if any.
-                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                      type: string
-                    uid:
-                      description: |-
-                        UID of the referent.
-                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                      type: string
-                  type: object
-                  x-kubernetes-map-type: atomic
-                type: array
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              phase:
-                description: |-
-                  phase represents the current phase of cluster actuation.
-                  E.g. Pending, Running, Terminating, Failed etc.
-                type: string
-              readyReplicas:
-                description: The number of ready replicas for this MachinePool. A
-                  machine is considered ready when the node has been created and is
-                  "Ready".
-                format: int32
-                type: integer
-              replicas:
-                description: replicas is the most recently observed number of replicas.
-                format: int32
-                type: integer
-              unavailableReplicas:
-                description: |-
-                  Total number of unavailable machine instances targeted by this machine pool.
-                  This is the total number of machine instances that are still required for
-                  the machine pool to have 100% available capacity. They may either
-                  be machine instances that are running but not yet available or machine instances
-                  that still have not been created.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                format: int32
-                type: integer
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in MachinePool's status with the V1Beta2 version.
-                properties:
-                  availableReplicas:
-                    description: availableReplicas is the number of available replicas
-                      for this MachinePool. A machine is considered available when
-                      Machine's Available condition is true.
-                    format: int32
-                    type: integer
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a MachinePool's current state.
-                      Known condition types are Available, BootstrapConfigReady, InfrastructureReady, MachinesReady, MachinesUpToDate,
-                      ScalingUp, ScalingDown, Remediating, Deleting, Paused.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                  readyReplicas:
-                    description: readyReplicas is the number of ready replicas for
-                      this MachinePool. A machine is considered ready when Machine's
-                      Ready condition is true.
-                    format: int32
-                    type: integer
-                  upToDateReplicas:
-                    description: upToDateReplicas is the number of up-to-date replicas
-                      targeted by this MachinePool. A machine is considered up-to-date
-                      when Machine's UpToDate condition is true.
-                    format: int32
-                    type: integer
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      scale:
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: machines.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: Machine
-    listKind: MachineList
-    plural: machines
-    shortNames:
-    - ma
-    singular: machine
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Provider ID
-      jsonPath: .spec.providerID
-      name: ProviderID
-      type: string
-    - description: Machine status such as Terminating/Pending/Running/Failed etc
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Kubernetes version associated with this Machine
-      jsonPath: .spec.version
-      name: Version
-      type: string
-    - description: Node name associated with this machine
-      jsonPath: .status.nodeRef.name
-      name: NodeName
-      priority: 1
-      type: string
-    deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          Machine is the Schema for the machines API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachineSpec defines the desired state of Machine.
-            properties:
-              bootstrap:
-                description: |-
-                  bootstrap is a reference to a local struct which encapsulates
-                  fields to configure the Machine’s bootstrapping mechanism.
-                properties:
-                  configRef:
-                    description: |-
-                      configRef is a reference to a bootstrap provider-specific resource
-                      that holds configuration details. The reference is optional to
-                      allow users/operators to specify Bootstrap.Data without
-                      the need of a controller.
-                    properties:
-                      apiVersion:
-                        description: API version of the referent.
-                        type: string
-                      fieldPath:
-                        description: |-
-                          If referring to a piece of an object instead of an entire object, this string
-                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                          For example, if the object reference is to a container within a pod, this would take on a value like:
-                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                          the event) or if no container name is specified "spec.containers[2]" (container with
-                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                          referencing a part of an object.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind of the referent.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      name:
-                        description: |-
-                          Name of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        type: string
-                      namespace:
-                        description: |-
-                          Namespace of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                        type: string
-                      resourceVersion:
-                        description: |-
-                          Specific resourceVersion to which this reference is made, if any.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                        type: string
-                      uid:
-                        description: |-
-                          UID of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                  data:
-                    description: |-
-                      data contains the bootstrap data, such as cloud-init details scripts.
-                      If nil, the Machine should remain in the Pending state.
-
-                      Deprecated: Switch to DataSecretName.
-                    type: string
-                  dataSecretName:
-                    description: |-
-                      dataSecretName is the name of the secret that stores the bootstrap data script.
-                      If nil, the Machine should remain in the Pending state.
-                    type: string
-                type: object
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              failureDomain:
-                description: |-
-                  failureDomain is the failure domain the machine will be created in.
-                  Must match a key in the FailureDomains map stored on the cluster object.
-                type: string
-              infrastructureRef:
-                description: |-
-                  infrastructureRef is a required reference to a custom resource
-                  offered by an infrastructure provider.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              nodeDrainTimeout:
-                description: |-
-                  nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                  The default value is 0, meaning that the node can be drained without any time limitations.
-                  NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                type: string
-              providerID:
-                description: |-
-                  providerID is the identification ID of the machine provided by the provider.
-                  This field must match the provider ID as seen on the node object corresponding to this machine.
-                  This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                  with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                  machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                  generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                  able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                  and then a comparison is done to find out unregistered machines and are marked for delete.
-                  This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                  be interfacing with cluster-api as generic provider.
-                type: string
-              version:
-                description: |-
-                  version defines the desired Kubernetes version.
-                  This field is meant to be optionally used by bootstrap providers.
-                type: string
-            required:
-            - bootstrap
-            - clusterName
-            - infrastructureRef
-            type: object
-          status:
-            description: MachineStatus defines the observed state of Machine.
-            properties:
-              addresses:
-                description: |-
-                  addresses is a list of addresses assigned to the machine.
-                  This field is copied from the infrastructure provider reference.
-                items:
-                  description: MachineAddress contains information for the node's
-                    address.
-                  properties:
-                    address:
-                      description: The machine address.
-                      type: string
-                    type:
-                      description: Machine address type, one of Hostname, ExternalIP
-                        or InternalIP.
-                      type: string
-                  required:
-                  - address
-                  - type
-                  type: object
-                type: array
-              bootstrapReady:
-                description: bootstrapReady is the state of the bootstrap provider.
-                type: boolean
-              conditions:
-                description: conditions defines current service state of the Machine.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  failureMessage will be set in the event that there is a terminal problem
-                  reconciling the Machine and will contain a more verbose string suitable
-                  for logging and human consumption.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the Machine's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the Machine object and/or logged in the
-                  controller's output.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason will be set in the event that there is a terminal problem
-                  reconciling the Machine and will contain a succinct value suitable
-                  for machine interpretation.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the Machine's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the Machine object and/or logged in the
-                  controller's output.
-                type: string
-              infrastructureReady:
-                description: infrastructureReady is the state of the infrastructure
-                  provider.
-                type: boolean
-              lastUpdated:
-                description: lastUpdated identifies when the phase of the Machine
-                  last transitioned.
-                format: date-time
-                type: string
-              nodeRef:
-                description: nodeRef will point to the corresponding Node if it exists.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              phase:
-                description: |-
-                  phase represents the current phase of machine actuation.
-                  E.g. Pending, Running, Terminating, Failed etc.
-                type: string
-              version:
-                description: |-
-                  version specifies the current version of Kubernetes running
-                  on the corresponding Node. This is meant to be a means of bubbling
-                  up status from the Node to the Machine.
-                  It is entirely optional, but useful for end-user UX if it’s present.
-                type: string
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .spec.clusterName
-      name: Cluster
-      type: string
-    - description: Time duration since creation of Machine
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Provider ID
-      jsonPath: .spec.providerID
-      name: ProviderID
-      type: string
-    - description: Machine status such as Terminating/Pending/Running/Failed etc
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Kubernetes version associated with this Machine
-      jsonPath: .spec.version
-      name: Version
-      type: string
-    - description: Node name associated with this machine
-      jsonPath: .status.nodeRef.name
-      name: NodeName
-      priority: 1
-      type: string
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          Machine is the Schema for the machines API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachineSpec defines the desired state of Machine.
-            properties:
-              bootstrap:
-                description: |-
-                  bootstrap is a reference to a local struct which encapsulates
-                  fields to configure the Machine’s bootstrapping mechanism.
-                properties:
-                  configRef:
-                    description: |-
-                      configRef is a reference to a bootstrap provider-specific resource
-                      that holds configuration details. The reference is optional to
-                      allow users/operators to specify Bootstrap.DataSecretName without
-                      the need of a controller.
-                    properties:
-                      apiVersion:
-                        description: API version of the referent.
-                        type: string
-                      fieldPath:
-                        description: |-
-                          If referring to a piece of an object instead of an entire object, this string
-                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                          For example, if the object reference is to a container within a pod, this would take on a value like:
-                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                          the event) or if no container name is specified "spec.containers[2]" (container with
-                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                          referencing a part of an object.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind of the referent.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      name:
-                        description: |-
-                          Name of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        type: string
-                      namespace:
-                        description: |-
-                          Namespace of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                        type: string
-                      resourceVersion:
-                        description: |-
-                          Specific resourceVersion to which this reference is made, if any.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                        type: string
-                      uid:
-                        description: |-
-                          UID of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                  dataSecretName:
-                    description: |-
-                      dataSecretName is the name of the secret that stores the bootstrap data script.
-                      If nil, the Machine should remain in the Pending state.
-                    type: string
-                type: object
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              failureDomain:
-                description: |-
-                  failureDomain is the failure domain the machine will be created in.
-                  Must match a key in the FailureDomains map stored on the cluster object.
-                type: string
-              infrastructureRef:
-                description: |-
-                  infrastructureRef is a required reference to a custom resource
-                  offered by an infrastructure provider.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              nodeDrainTimeout:
-                description: |-
-                  nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                  The default value is 0, meaning that the node can be drained without any time limitations.
-                  NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                type: string
-              providerID:
-                description: |-
-                  providerID is the identification ID of the machine provided by the provider.
-                  This field must match the provider ID as seen on the node object corresponding to this machine.
-                  This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                  with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                  machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                  generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                  able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                  and then a comparison is done to find out unregistered machines and are marked for delete.
-                  This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                  be interfacing with cluster-api as generic provider.
-                type: string
-              version:
-                description: |-
-                  version defines the desired Kubernetes version.
-                  This field is meant to be optionally used by bootstrap providers.
-                type: string
-            required:
-            - bootstrap
-            - clusterName
-            - infrastructureRef
-            type: object
-          status:
-            description: MachineStatus defines the observed state of Machine.
-            properties:
-              addresses:
-                description: |-
-                  addresses is a list of addresses assigned to the machine.
-                  This field is copied from the infrastructure provider reference.
-                items:
-                  description: MachineAddress contains information for the node's
-                    address.
-                  properties:
-                    address:
-                      description: The machine address.
-                      type: string
-                    type:
-                      description: Machine address type, one of Hostname, ExternalIP
-                        or InternalIP.
-                      type: string
-                  required:
-                  - address
-                  - type
-                  type: object
-                type: array
-              bootstrapReady:
-                description: bootstrapReady is the state of the bootstrap provider.
-                type: boolean
-              conditions:
-                description: conditions defines current service state of the Machine.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  failureMessage will be set in the event that there is a terminal problem
-                  reconciling the Machine and will contain a more verbose string suitable
-                  for logging and human consumption.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the Machine's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the Machine object and/or logged in the
-                  controller's output.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason will be set in the event that there is a terminal problem
-                  reconciling the Machine and will contain a succinct value suitable
-                  for machine interpretation.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the Machine's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the Machine object and/or logged in the
-                  controller's output.
-                type: string
-              infrastructureReady:
-                description: infrastructureReady is the state of the infrastructure
-                  provider.
-                type: boolean
-              lastUpdated:
-                description: lastUpdated identifies when the phase of the Machine
-                  last transitioned.
-                format: date-time
-                type: string
-              nodeInfo:
-                description: |-
-                  nodeInfo is a set of ids/uuids to uniquely identify the node.
-                  More info: https://kubernetes.io/docs/concepts/nodes/node/#info
-                properties:
-                  architecture:
-                    description: The Architecture reported by the node
-                    type: string
-                  bootID:
-                    description: Boot ID reported by the node.
-                    type: string
-                  containerRuntimeVersion:
-                    description: ContainerRuntime Version reported by the node through
-                      runtime remote API (e.g. containerd://1.4.2).
-                    type: string
-                  kernelVersion:
-                    description: Kernel Version reported by the node from 'uname -r'
-                      (e.g. 3.16.0-0.bpo.4-amd64).
-                    type: string
-                  kubeProxyVersion:
-                    description: 'Deprecated: KubeProxy Version reported by the node.'
-                    type: string
-                  kubeletVersion:
-                    description: Kubelet Version reported by the node.
-                    type: string
-                  machineID:
-                    description: |-
-                      MachineID reported by the node. For unique machine identification
-                      in the cluster this field is preferred. Learn more from man(5)
-                      machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
-                    type: string
-                  operatingSystem:
-                    description: The Operating System reported by the node
-                    type: string
-                  osImage:
-                    description: OS Image reported by the node from /etc/os-release
-                      (e.g. Debian GNU/Linux 7 (wheezy)).
-                    type: string
-                  systemUUID:
-                    description: |-
-                      SystemUUID reported by the node. For unique machine identification
-                      MachineID is preferred. This field is specific to Red Hat hosts
-                      https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
-                    type: string
-                required:
-                - architecture
-                - bootID
-                - containerRuntimeVersion
-                - kernelVersion
-                - kubeProxyVersion
-                - kubeletVersion
-                - machineID
-                - operatingSystem
-                - osImage
-                - systemUUID
-                type: object
-              nodeRef:
-                description: nodeRef will point to the corresponding Node if it exists.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              phase:
-                description: |-
-                  phase represents the current phase of machine actuation.
-                  E.g. Pending, Running, Terminating, Failed etc.
-                type: string
-              version:
-                description: |-
-                  version specifies the current version of Kubernetes running
-                  on the corresponding Node. This is meant to be a means of bubbling
-                  up status from the Node to the Machine.
-                  It is entirely optional, but useful for end-user UX if it’s present.
-                type: string
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .spec.clusterName
-      name: Cluster
-      type: string
-    - description: Node name associated with this machine
-      jsonPath: .status.nodeRef.name
-      name: NodeName
-      type: string
-    - description: Provider ID
-      jsonPath: .spec.providerID
-      name: ProviderID
-      type: string
-    - description: Machine status such as Terminating/Pending/Running/Failed etc
-      jsonPath: .status.phase
-      name: Phase
-      type: string
-    - description: Time duration since creation of Machine
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Kubernetes version associated with this Machine
-      jsonPath: .spec.version
-      name: Version
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: Machine is the Schema for the machines API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachineSpec defines the desired state of Machine.
-            properties:
-              bootstrap:
-                description: |-
-                  bootstrap is a reference to a local struct which encapsulates
-                  fields to configure the Machine’s bootstrapping mechanism.
-                properties:
-                  configRef:
-                    description: |-
-                      configRef is a reference to a bootstrap provider-specific resource
-                      that holds configuration details. The reference is optional to
-                      allow users/operators to specify Bootstrap.DataSecretName without
-                      the need of a controller.
-                    properties:
-                      apiVersion:
-                        description: API version of the referent.
-                        type: string
-                      fieldPath:
-                        description: |-
-                          If referring to a piece of an object instead of an entire object, this string
-                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                          For example, if the object reference is to a container within a pod, this would take on a value like:
-                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                          the event) or if no container name is specified "spec.containers[2]" (container with
-                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                          referencing a part of an object.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind of the referent.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      name:
-                        description: |-
-                          Name of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        type: string
-                      namespace:
-                        description: |-
-                          Namespace of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                        type: string
-                      resourceVersion:
-                        description: |-
-                          Specific resourceVersion to which this reference is made, if any.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                        type: string
-                      uid:
-                        description: |-
-                          UID of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                  dataSecretName:
-                    description: |-
-                      dataSecretName is the name of the secret that stores the bootstrap data script.
-                      If nil, the Machine should remain in the Pending state.
-                    type: string
-                type: object
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              failureDomain:
-                description: |-
-                  failureDomain is the failure domain the machine will be created in.
-                  Must match a key in the FailureDomains map stored on the cluster object.
-                type: string
-              infrastructureRef:
-                description: |-
-                  infrastructureRef is a required reference to a custom resource
-                  offered by an infrastructure provider.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              nodeDeletionTimeout:
-                description: |-
-                  nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
-                  hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                  Defaults to 10 seconds.
-                type: string
-              nodeDrainTimeout:
-                description: |-
-                  nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                  The default value is 0, meaning that the node can be drained without any time limitations.
-                  NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                type: string
-              nodeVolumeDetachTimeout:
-                description: |-
-                  nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                  to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                type: string
-              providerID:
-                description: |-
-                  providerID is the identification ID of the machine provided by the provider.
-                  This field must match the provider ID as seen on the node object corresponding to this machine.
-                  This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                  with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                  machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                  generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                  able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                  and then a comparison is done to find out unregistered machines and are marked for delete.
-                  This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                  be interfacing with cluster-api as generic provider.
-                type: string
-              readinessGates:
-                description: |-
-                  readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
-
-                  This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
-                  Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
-                  for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
-
-                  Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
-                  they can include the status of those components with a new condition and add this condition to ReadinessGates.
-
-                  NOTE: This field is considered only for computing v1beta2 conditions.
-                  NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
-                  readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
-                  readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
-                  This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
-                items:
-                  description: MachineReadinessGate contains the type of a Machine
-                    condition to be used as a readiness gate.
-                  properties:
-                    conditionType:
-                      description: |-
-                        conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
-                        If the conditions doesn't exist, it will be treated as unknown.
-                        Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
-                      maxLength: 316
-                      minLength: 1
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - conditionType
-                  type: object
-                maxItems: 32
-                type: array
-                x-kubernetes-list-map-keys:
-                - conditionType
-                x-kubernetes-list-type: map
-              version:
-                description: |-
-                  version defines the desired Kubernetes version.
-                  This field is meant to be optionally used by bootstrap providers.
-                type: string
-            required:
-            - bootstrap
-            - clusterName
-            - infrastructureRef
-            type: object
-          status:
-            description: MachineStatus defines the observed state of Machine.
-            properties:
-              addresses:
-                description: |-
-                  addresses is a list of addresses assigned to the machine.
-                  This field is copied from the infrastructure provider reference.
-                items:
-                  description: MachineAddress contains information for the node's
-                    address.
-                  properties:
-                    address:
-                      description: The machine address.
-                      type: string
-                    type:
-                      description: Machine address type, one of Hostname, ExternalIP,
-                        InternalIP, ExternalDNS or InternalDNS.
-                      type: string
-                  required:
-                  - address
-                  - type
-                  type: object
-                type: array
-              bootstrapReady:
-                description: bootstrapReady is the state of the bootstrap provider.
-                type: boolean
-              certificatesExpiryDate:
-                description: |-
-                  certificatesExpiryDate is the expiry date of the machine certificates.
-                  This value is only set for control plane machines.
-                format: date-time
-                type: string
-              conditions:
-                description: conditions defines current service state of the Machine.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              deletion:
-                description: |-
-                  deletion contains information relating to removal of the Machine.
-                  Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started.
-                properties:
-                  nodeDrainStartTime:
-                    description: |-
-                      nodeDrainStartTime is the time when the drain of the node started and is used to determine
-                      if the NodeDrainTimeout is exceeded.
-                      Only present when the Machine has a deletionTimestamp and draining the node had been started.
-                    format: date-time
-                    type: string
-                  waitForNodeVolumeDetachStartTime:
-                    description: |-
-                      waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started
-                      and is used to determine if the NodeVolumeDetachTimeout is exceeded.
-                      Detaching volumes from nodes is usually done by CSI implementations and the current state
-                      is observed from the node's `.Status.VolumesAttached` field.
-                      Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started.
-                    format: date-time
-                    type: string
-                type: object
-              failureMessage:
-                description: |-
-                  failureMessage will be set in the event that there is a terminal problem
-                  reconciling the Machine and will contain a more verbose string suitable
-                  for logging and human consumption.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the Machine's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the Machine object and/or logged in the
-                  controller's output.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason will be set in the event that there is a terminal problem
-                  reconciling the Machine and will contain a succinct value suitable
-                  for machine interpretation.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the Machine's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the Machine object and/or logged in the
-                  controller's output.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              infrastructureReady:
-                description: infrastructureReady is the state of the infrastructure
-                  provider.
-                type: boolean
-              lastUpdated:
-                description: lastUpdated identifies when the phase of the Machine
-                  last transitioned.
-                format: date-time
-                type: string
-              nodeInfo:
-                description: |-
-                  nodeInfo is a set of ids/uuids to uniquely identify the node.
-                  More info: https://kubernetes.io/docs/concepts/nodes/node/#info
-                properties:
-                  architecture:
-                    description: The Architecture reported by the node
-                    type: string
-                  bootID:
-                    description: Boot ID reported by the node.
-                    type: string
-                  containerRuntimeVersion:
-                    description: ContainerRuntime Version reported by the node through
-                      runtime remote API (e.g. containerd://1.4.2).
-                    type: string
-                  kernelVersion:
-                    description: Kernel Version reported by the node from 'uname -r'
-                      (e.g. 3.16.0-0.bpo.4-amd64).
-                    type: string
-                  kubeProxyVersion:
-                    description: 'Deprecated: KubeProxy Version reported by the node.'
-                    type: string
-                  kubeletVersion:
-                    description: Kubelet Version reported by the node.
-                    type: string
-                  machineID:
-                    description: |-
-                      MachineID reported by the node. For unique machine identification
-                      in the cluster this field is preferred. Learn more from man(5)
-                      machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
-                    type: string
-                  operatingSystem:
-                    description: The Operating System reported by the node
-                    type: string
-                  osImage:
-                    description: OS Image reported by the node from /etc/os-release
-                      (e.g. Debian GNU/Linux 7 (wheezy)).
-                    type: string
-                  systemUUID:
-                    description: |-
-                      SystemUUID reported by the node. For unique machine identification
-                      MachineID is preferred. This field is specific to Red Hat hosts
-                      https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
-                    type: string
-                required:
-                - architecture
-                - bootID
-                - containerRuntimeVersion
-                - kernelVersion
-                - kubeProxyVersion
-                - kubeletVersion
-                - machineID
-                - operatingSystem
-                - osImage
-                - systemUUID
-                type: object
-              nodeRef:
-                description: nodeRef will point to the corresponding Node if it exists.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              phase:
-                description: |-
-                  phase represents the current phase of machine actuation.
-                  E.g. Pending, Running, Terminating, Failed etc.
-                type: string
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in Machine's status with the V1Beta2 version.
-                properties:
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a Machine's current state.
-                      Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady,
-                      NodeHealthy, Deleting, Paused.
-                      If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added.
-                      Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions:
-                      APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: machinesets.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-webhook-service
-          namespace: capi-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: MachineSet
-    listKind: MachineSetList
-    plural: machinesets
-    shortNames:
-    - ms
-    singular: machineset
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Total number of non-terminated machines targeted by this machineset
-      jsonPath: .status.replicas
-      name: Replicas
-      type: integer
-    - description: Total number of available machines (ready for at least minReadySeconds)
-      jsonPath: .status.availableReplicas
-      name: Available
-      type: integer
-    - description: Total number of ready machines targeted by this machineset.
-      jsonPath: .status.readyReplicas
-      name: Ready
-      type: integer
-    deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          MachineSet is the Schema for the machinesets API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachineSetSpec defines the desired state of MachineSet.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              deletePolicy:
-                description: |-
-                  deletePolicy defines the policy used to identify nodes to delete when downscaling.
-                  Defaults to "Random".  Valid values are "Random, "Newest", "Oldest"
-                enum:
-                - Random
-                - Newest
-                - Oldest
-                type: string
-              minReadySeconds:
-                description: |-
-                  minReadySeconds is the minimum number of seconds for which a newly created machine should be ready.
-                  Defaults to 0 (machine will be considered available as soon as it is ready)
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  replicas is the number of desired replicas.
-                  This is a pointer to distinguish between explicit zero and unspecified.
-                  Defaults to 1.
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is a label query over machines that should match the replica count.
-                  Label keys and values that must match in order to be controlled by this MachineSet.
-                  It must match the machine template's labels.
-                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              template:
-                description: |-
-                  template is the object that describes the machine that will be created if
-                  insufficient replicas are detected.
-                  Object references to custom resources are treated as templates.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      generateName:
-                        description: |-
-                          generateName is an optional prefix, used by the server, to generate a unique
-                          name ONLY IF the Name field has not been provided.
-                          If this field is used, the name returned to the client will be different
-                          than the name passed. This value will also be combined with a unique suffix.
-                          The provided value has the same validation rules as the Name field,
-                          and may be truncated by the length of the suffix required to make the value
-                          unique on the server.
-
-                          If this field is specified and the generated name exists, the server will
-                          NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
-                          ServerTimeout indicating a unique name could not be found in the time allotted, and the client
-                          should retry (optionally after the time indicated in the Retry-After header).
-
-                          Applied only if Name is not specified.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        type: string
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                      name:
-                        description: |-
-                          name must be unique within a namespace. Is required when creating resources, although
-                          some resources may allow a client to request the generation of an appropriate name
-                          automatically. Name is primarily intended for creation idempotence and configuration
-                          definition.
-                          Cannot be updated.
-                          More info: http://kubernetes.io/docs/user-guide/identifiers#names
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        type: string
-                      namespace:
-                        description: |-
-                          namespace defines the space within each name must be unique. An empty namespace is
-                          equivalent to the "default" namespace, but "default" is the canonical representation.
-                          Not all objects are required to be scoped to a namespace - the value of this field for
-                          those objects will be empty.
-
-                          Must be a DNS_LABEL.
-                          Cannot be updated.
-                          More info: http://kubernetes.io/docs/user-guide/namespaces
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        type: string
-                      ownerReferences:
-                        description: |-
-                          List of objects depended by this object. If ALL objects in the list have
-                          been deleted, this object will be garbage collected. If this object is managed by a controller,
-                          then an entry in this list will point to this controller, with the controller field set to true.
-                          There cannot be more than one managing controller.
-
-                          Deprecated: This field has no function and is going to be removed in a next release.
-                        items:
-                          description: |-
-                            OwnerReference contains enough information to let you identify an owning
-                            object. An owning object must be in the same namespace as the dependent, or
-                            be cluster-scoped, so there is no namespace field.
-                          properties:
-                            apiVersion:
-                              description: API version of the referent.
-                              type: string
-                            blockOwnerDeletion:
-                              description: |-
-                                If true, AND if the owner has the "foregroundDeletion" finalizer, then
-                                the owner cannot be deleted from the key-value store until this
-                                reference is removed.
-                                See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
-                                for how the garbage collector interacts with this field and enforces the foreground deletion.
-                                Defaults to false.
-                                To set this field, a user needs "delete" permission of the owner,
-                                otherwise 422 (Unprocessable Entity) will be returned.
-                              type: boolean
-                            controller:
-                              description: If true, this reference points to the managing
-                                controller.
-                              type: boolean
-                            kind:
-                              description: |-
-                                Kind of the referent.
-                                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                              type: string
-                            name:
-                              description: |-
-                                Name of the referent.
-                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
-                              type: string
-                            uid:
-                              description: |-
-                                UID of the referent.
-                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
-                              type: string
-                          required:
-                          - apiVersion
-                          - kind
-                          - name
-                          - uid
-                          type: object
-                          x-kubernetes-map-type: atomic
-                        type: array
-                    type: object
-                  spec:
-                    description: |-
-                      Specification of the desired behavior of the machine.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-                    properties:
-                      bootstrap:
-                        description: |-
-                          bootstrap is a reference to a local struct which encapsulates
-                          fields to configure the Machine’s bootstrapping mechanism.
-                        properties:
-                          configRef:
-                            description: |-
-                              configRef is a reference to a bootstrap provider-specific resource
-                              that holds configuration details. The reference is optional to
-                              allow users/operators to specify Bootstrap.Data without
-                              the need of a controller.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          data:
-                            description: |-
-                              data contains the bootstrap data, such as cloud-init details scripts.
-                              If nil, the Machine should remain in the Pending state.
-
-                              Deprecated: Switch to DataSecretName.
-                            type: string
-                          dataSecretName:
-                            description: |-
-                              dataSecretName is the name of the secret that stores the bootstrap data script.
-                              If nil, the Machine should remain in the Pending state.
-                            type: string
-                        type: object
-                      clusterName:
-                        description: clusterName is the name of the Cluster this object
-                          belongs to.
-                        minLength: 1
-                        type: string
-                      failureDomain:
-                        description: |-
-                          failureDomain is the failure domain the machine will be created in.
-                          Must match a key in the FailureDomains map stored on the cluster object.
-                        type: string
-                      infrastructureRef:
-                        description: |-
-                          infrastructureRef is a required reference to a custom resource
-                          offered by an infrastructure provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      providerID:
-                        description: |-
-                          providerID is the identification ID of the machine provided by the provider.
-                          This field must match the provider ID as seen on the node object corresponding to this machine.
-                          This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                          with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                          machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                          generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                          able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                          and then a comparison is done to find out unregistered machines and are marked for delete.
-                          This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                          be interfacing with cluster-api as generic provider.
-                        type: string
-                      version:
-                        description: |-
-                          version defines the desired Kubernetes version.
-                          This field is meant to be optionally used by bootstrap providers.
-                        type: string
-                    required:
-                    - bootstrap
-                    - clusterName
-                    - infrastructureRef
-                    type: object
-                type: object
-            required:
-            - clusterName
-            - selector
-            type: object
-          status:
-            description: MachineSetStatus defines the observed state of MachineSet.
-            properties:
-              availableReplicas:
-                description: The number of available replicas (ready for at least
-                  minReadySeconds) for this MachineSet.
-                format: int32
-                type: integer
-              failureMessage:
-                type: string
-              failureReason:
-                description: |-
-                  In the event that there is a terminal problem reconciling the
-                  replicas, both FailureReason and FailureMessage will be set. FailureReason
-                  will be populated with a succinct value suitable for machine
-                  interpretation, while FailureMessage will contain a more verbose
-                  string suitable for logging and human consumption.
-
-                  These fields should not be set for transitive errors that a
-                  controller faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the MachineTemplate's spec or the configuration of
-                  the machine controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the machine controller, or the
-                  responsible machine controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the MachineSet object and/or logged in the
-                  controller's output.
-                type: string
-              fullyLabeledReplicas:
-                description: The number of replicas that have labels matching the
-                  labels of the machine template of the MachineSet.
-                format: int32
-                type: integer
-              observedGeneration:
-                description: observedGeneration reflects the generation of the most
-                  recently observed MachineSet.
-                format: int64
-                type: integer
-              readyReplicas:
-                description: The number of ready replicas for this MachineSet. A machine
-                  is considered ready when the node has been created and is "Ready".
-                format: int32
-                type: integer
-              replicas:
-                description: replicas is the most recently observed number of replicas.
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is the same as the label selector but in the string format to avoid introspection
-                  by clients. The string will be in the same format as the query-param syntax.
-                  More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
-                type: string
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      scale:
-        labelSelectorPath: .status.selector
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .spec.clusterName
-      name: Cluster
-      type: string
-    - description: Time duration since creation of MachineSet
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Total number of non-terminated machines targeted by this machineset
-      jsonPath: .status.replicas
-      name: Replicas
-      type: integer
-    - description: Total number of available machines (ready for at least minReadySeconds)
-      jsonPath: .status.availableReplicas
-      name: Available
-      type: integer
-    - description: Total number of ready machines targeted by this machineset.
-      jsonPath: .status.readyReplicas
-      name: Ready
-      type: integer
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          MachineSet is the Schema for the machinesets API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachineSetSpec defines the desired state of MachineSet.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              deletePolicy:
-                description: |-
-                  deletePolicy defines the policy used to identify nodes to delete when downscaling.
-                  Defaults to "Random".  Valid values are "Random, "Newest", "Oldest"
-                enum:
-                - Random
-                - Newest
-                - Oldest
-                type: string
-              minReadySeconds:
-                description: |-
-                  minReadySeconds is the minimum number of seconds for which a newly created machine should be ready.
-                  Defaults to 0 (machine will be considered available as soon as it is ready)
-                format: int32
-                type: integer
-              replicas:
-                default: 1
-                description: |-
-                  replicas is the number of desired replicas.
-                  This is a pointer to distinguish between explicit zero and unspecified.
-                  Defaults to 1.
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is a label query over machines that should match the replica count.
-                  Label keys and values that must match in order to be controlled by this MachineSet.
-                  It must match the machine template's labels.
-                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              template:
-                description: |-
-                  template is the object that describes the machine that will be created if
-                  insufficient replicas are detected.
-                  Object references to custom resources are treated as templates.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  spec:
-                    description: |-
-                      Specification of the desired behavior of the machine.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-                    properties:
-                      bootstrap:
-                        description: |-
-                          bootstrap is a reference to a local struct which encapsulates
-                          fields to configure the Machine’s bootstrapping mechanism.
-                        properties:
-                          configRef:
-                            description: |-
-                              configRef is a reference to a bootstrap provider-specific resource
-                              that holds configuration details. The reference is optional to
-                              allow users/operators to specify Bootstrap.DataSecretName without
-                              the need of a controller.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          dataSecretName:
-                            description: |-
-                              dataSecretName is the name of the secret that stores the bootstrap data script.
-                              If nil, the Machine should remain in the Pending state.
-                            type: string
-                        type: object
-                      clusterName:
-                        description: clusterName is the name of the Cluster this object
-                          belongs to.
-                        minLength: 1
-                        type: string
-                      failureDomain:
-                        description: |-
-                          failureDomain is the failure domain the machine will be created in.
-                          Must match a key in the FailureDomains map stored on the cluster object.
-                        type: string
-                      infrastructureRef:
-                        description: |-
-                          infrastructureRef is a required reference to a custom resource
-                          offered by an infrastructure provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      providerID:
-                        description: |-
-                          providerID is the identification ID of the machine provided by the provider.
-                          This field must match the provider ID as seen on the node object corresponding to this machine.
-                          This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                          with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                          machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                          generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                          able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                          and then a comparison is done to find out unregistered machines and are marked for delete.
-                          This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                          be interfacing with cluster-api as generic provider.
-                        type: string
-                      version:
-                        description: |-
-                          version defines the desired Kubernetes version.
-                          This field is meant to be optionally used by bootstrap providers.
-                        type: string
-                    required:
-                    - bootstrap
-                    - clusterName
-                    - infrastructureRef
-                    type: object
-                type: object
-            required:
-            - clusterName
-            - selector
-            type: object
-          status:
-            description: MachineSetStatus defines the observed state of MachineSet.
-            properties:
-              availableReplicas:
-                description: The number of available replicas (ready for at least
-                  minReadySeconds) for this MachineSet.
-                format: int32
-                type: integer
-              conditions:
-                description: conditions defines current service state of the MachineSet.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                type: string
-              failureReason:
-                description: |-
-                  In the event that there is a terminal problem reconciling the
-                  replicas, both FailureReason and FailureMessage will be set. FailureReason
-                  will be populated with a succinct value suitable for machine
-                  interpretation, while FailureMessage will contain a more verbose
-                  string suitable for logging and human consumption.
-
-                  These fields should not be set for transitive errors that a
-                  controller faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the MachineTemplate's spec or the configuration of
-                  the machine controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the machine controller, or the
-                  responsible machine controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the MachineSet object and/or logged in the
-                  controller's output.
-                type: string
-              fullyLabeledReplicas:
-                description: The number of replicas that have labels matching the
-                  labels of the machine template of the MachineSet.
-                format: int32
-                type: integer
-              observedGeneration:
-                description: observedGeneration reflects the generation of the most
-                  recently observed MachineSet.
-                format: int64
-                type: integer
-              readyReplicas:
-                description: The number of ready replicas for this MachineSet. A machine
-                  is considered ready when the node has been created and is "Ready".
-                format: int32
-                type: integer
-              replicas:
-                description: replicas is the most recently observed number of replicas.
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is the same as the label selector but in the string format to avoid introspection
-                  by clients. The string will be in the same format as the query-param syntax.
-                  More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
-                type: string
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      scale:
-        labelSelectorPath: .status.selector
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .spec.clusterName
-      name: Cluster
-      type: string
-    - description: Total number of machines desired by this machineset
-      jsonPath: .spec.replicas
-      name: Desired
-      priority: 10
-      type: integer
-    - description: Total number of non-terminated machines targeted by this machineset
-      jsonPath: .status.replicas
-      name: Replicas
-      type: integer
-    - description: Total number of ready machines targeted by this machineset.
-      jsonPath: .status.readyReplicas
-      name: Ready
-      type: integer
-    - description: Total number of available machines (ready for at least minReadySeconds)
-      jsonPath: .status.availableReplicas
-      name: Available
-      type: integer
-    - description: Time duration since creation of MachineSet
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Kubernetes version associated with this MachineSet
-      jsonPath: .spec.template.spec.version
-      name: Version
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: MachineSet is the Schema for the machinesets API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: MachineSetSpec defines the desired state of MachineSet.
-            properties:
-              clusterName:
-                description: clusterName is the name of the Cluster this object belongs
-                  to.
-                minLength: 1
-                type: string
-              deletePolicy:
-                description: |-
-                  deletePolicy defines the policy used to identify nodes to delete when downscaling.
-                  Defaults to "Random".  Valid values are "Random, "Newest", "Oldest"
-                enum:
-                - Random
-                - Newest
-                - Oldest
-                type: string
-              minReadySeconds:
-                description: |-
-                  minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available.
-                  Defaults to 0 (machine will be considered available as soon as the Node is ready)
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  replicas is the number of desired replicas.
-                  This is a pointer to distinguish between explicit zero and unspecified.
-
-                  Defaults to:
-                  * if the Kubernetes autoscaler min size and max size annotations are set:
-                    - if it's a new MachineSet, use min size
-                    - if the replicas field of the old MachineSet is < min size, use min size
-                    - if the replicas field of the old MachineSet is > max size, use max size
-                    - if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS
-                  * otherwise use 1
-                  Note: Defaulting will be run whenever the replicas field is not set:
-                  * A new MachineSet is created with replicas not set.
-                  * On an existing MachineSet the replicas field was first set and is now unset.
-                  Those cases are especially relevant for the following Kubernetes autoscaler use cases:
-                  * A new MachineSet is created and replicas should be managed by the autoscaler
-                  * An existing MachineSet which initially wasn't controlled by the autoscaler
-                    should be later controlled by the autoscaler
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is a label query over machines that should match the replica count.
-                  Label keys and values that must match in order to be controlled by this MachineSet.
-                  It must match the machine template's labels.
-                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              template:
-                description: |-
-                  template is the object that describes the machine that will be created if
-                  insufficient replicas are detected.
-                  Object references to custom resources are treated as templates.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  spec:
-                    description: |-
-                      Specification of the desired behavior of the machine.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-                    properties:
-                      bootstrap:
-                        description: |-
-                          bootstrap is a reference to a local struct which encapsulates
-                          fields to configure the Machine’s bootstrapping mechanism.
-                        properties:
-                          configRef:
-                            description: |-
-                              configRef is a reference to a bootstrap provider-specific resource
-                              that holds configuration details. The reference is optional to
-                              allow users/operators to specify Bootstrap.DataSecretName without
-                              the need of a controller.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          dataSecretName:
-                            description: |-
-                              dataSecretName is the name of the secret that stores the bootstrap data script.
-                              If nil, the Machine should remain in the Pending state.
-                            type: string
-                        type: object
-                      clusterName:
-                        description: clusterName is the name of the Cluster this object
-                          belongs to.
-                        minLength: 1
-                        type: string
-                      failureDomain:
-                        description: |-
-                          failureDomain is the failure domain the machine will be created in.
-                          Must match a key in the FailureDomains map stored on the cluster object.
-                        type: string
-                      infrastructureRef:
-                        description: |-
-                          infrastructureRef is a required reference to a custom resource
-                          offered by an infrastructure provider.
-                        properties:
-                          apiVersion:
-                            description: API version of the referent.
-                            type: string
-                          fieldPath:
-                            description: |-
-                              If referring to a piece of an object instead of an entire object, this string
-                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                              For example, if the object reference is to a container within a pod, this would take on a value like:
-                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                              the event) or if no container name is specified "spec.containers[2]" (container with
-                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                              referencing a part of an object.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind of the referent.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          name:
-                            description: |-
-                              Name of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            type: string
-                          namespace:
-                            description: |-
-                              Namespace of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                            type: string
-                          resourceVersion:
-                            description: |-
-                              Specific resourceVersion to which this reference is made, if any.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                            type: string
-                          uid:
-                            description: |-
-                              UID of the referent.
-                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                            type: string
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      nodeDeletionTimeout:
-                        description: |-
-                          nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
-                          hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                          Defaults to 10 seconds.
-                        type: string
-                      nodeDrainTimeout:
-                        description: |-
-                          nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
-                          The default value is 0, meaning that the node can be drained without any time limitations.
-                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                        type: string
-                      nodeVolumeDetachTimeout:
-                        description: |-
-                          nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                          to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                        type: string
-                      providerID:
-                        description: |-
-                          providerID is the identification ID of the machine provided by the provider.
-                          This field must match the provider ID as seen on the node object corresponding to this machine.
-                          This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
-                          with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
-                          machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
-                          generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
-                          able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
-                          and then a comparison is done to find out unregistered machines and are marked for delete.
-                          This field will be set by the actuators and consumed by higher level entities like autoscaler that will
-                          be interfacing with cluster-api as generic provider.
-                        type: string
-                      readinessGates:
-                        description: |-
-                          readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
-
-                          This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
-                          Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
-                          for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
-
-                          Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
-                          they can include the status of those components with a new condition and add this condition to ReadinessGates.
-
-                          NOTE: This field is considered only for computing v1beta2 conditions.
-                          NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
-                          readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
-                          readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
-                          This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
-                        items:
-                          description: MachineReadinessGate contains the type of a
-                            Machine condition to be used as a readiness gate.
-                          properties:
-                            conditionType:
-                              description: |-
-                                conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
-                                If the conditions doesn't exist, it will be treated as unknown.
-                                Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
-                              maxLength: 316
-                              minLength: 1
-                              pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                              type: string
-                          required:
-                          - conditionType
-                          type: object
-                        maxItems: 32
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - conditionType
-                        x-kubernetes-list-type: map
-                      version:
-                        description: |-
-                          version defines the desired Kubernetes version.
-                          This field is meant to be optionally used by bootstrap providers.
-                        type: string
-                    required:
-                    - bootstrap
-                    - clusterName
-                    - infrastructureRef
-                    type: object
-                type: object
-            required:
-            - clusterName
-            - selector
-            type: object
-          status:
-            description: MachineSetStatus defines the observed state of MachineSet.
-            properties:
-              availableReplicas:
-                description: The number of available replicas (ready for at least
-                  minReadySeconds) for this MachineSet.
-                format: int32
-                type: integer
-              conditions:
-                description: conditions defines current service state of the MachineSet.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: 'Deprecated: This field is deprecated and is going to
-                  be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md
-                  for more details.'
-                type: string
-              failureReason:
-                description: |-
-                  In the event that there is a terminal problem reconciling the
-                  replicas, both FailureReason and FailureMessage will be set. FailureReason
-                  will be populated with a succinct value suitable for machine
-                  interpretation, while FailureMessage will contain a more verbose
-                  string suitable for logging and human consumption.
-
-                  These fields should not be set for transitive errors that a
-                  controller faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the MachineTemplate's spec or the configuration of
-                  the machine controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the machine controller, or the
-                  responsible machine controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the MachineSet object and/or logged in the
-                  controller's output.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              fullyLabeledReplicas:
-                description: |-
-                  The number of replicas that have labels matching the labels of the machine template of the MachineSet.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                format: int32
-                type: integer
-              observedGeneration:
-                description: observedGeneration reflects the generation of the most
-                  recently observed MachineSet.
-                format: int64
-                type: integer
-              readyReplicas:
-                description: The number of ready replicas for this MachineSet. A machine
-                  is considered ready when the node has been created and is "Ready".
-                format: int32
-                type: integer
-              replicas:
-                description: replicas is the most recently observed number of replicas.
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is the same as the label selector but in the string format to avoid introspection
-                  by clients. The string will be in the same format as the query-param syntax.
-                  More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
-                type: string
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in MachineSet's status with the V1Beta2 version.
-                properties:
-                  availableReplicas:
-                    description: availableReplicas is the number of available replicas
-                      for this MachineSet. A machine is considered available when
-                      Machine's Available condition is true.
-                    format: int32
-                    type: integer
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a MachineSet's current state.
-                      Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                  readyReplicas:
-                    description: readyReplicas is the number of ready replicas for
-                      this MachineSet. A machine is considered ready when Machine's
-                      Ready condition is true.
-                    format: int32
-                    type: integer
-                  upToDateReplicas:
-                    description: upToDateReplicas is the number of up-to-date replicas
-                      for this MachineSet. A machine is considered up-to-date when
-                      Machine's UpToDate condition is true.
-                    format: int32
-                    type: integer
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      scale:
-        labelSelectorPath: .status.selector
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-manager
-  namespace: capi-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-leader-election-role
-  namespace: capi-system
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
----
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      cluster.x-k8s.io/aggregate-to-manager: "true"
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-aggregated-manager-role
-rules: []
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    cluster.x-k8s.io/aggregate-to-manager: "true"
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-manager-role
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - addons.cluster.x-k8s.io
-  resources:
-  - clusterresourcesets/finalizers
-  - clusterresourcesets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - addons.cluster.x-k8s.io
-  - bootstrap.cluster.x-k8s.io
-  - controlplane.cluster.x-k8s.io
-  - infrastructure.cluster.x-k8s.io
-  resources:
-  - '*'
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
-  - clusterclasses
-  - clusterclasses/status
-  - clusters
-  - clusters/finalizers
-  - clusters/status
-  - machinehealthchecks/finalizers
-  - machinehealthchecks/status
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
-  - machinedeployments
-  - machinedeployments/finalizers
-  - machinedeployments/status
-  - machinehealthchecks
-  - machinepools
-  - machinepools/finalizers
-  - machinepools/status
-  - machines
-  - machines/finalizers
-  - machines/status
-  - machinesets
-  - machinesets/finalizers
-  - machinesets/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
-  - machinedrainrules
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ipam.cluster.x-k8s.io
-  resources:
-  - ipaddressclaims
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - runtime.cluster.x-k8s.io
-  resources:
-  - extensionconfigs
-  - extensionconfigs/status
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-leader-election-rolebinding
-  namespace: capi-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: capi-leader-election-role
-subjects:
-- kind: ServiceAccount
-  name: capi-manager
-  namespace: capi-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: capi-aggregated-manager-role
-subjects:
-- kind: ServiceAccount
-  name: capi-manager
-  namespace: capi-system
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-webhook-service
-  namespace: capi-system
-spec:
-  ports:
-  - port: 443
-    targetPort: webhook-server
-  selector:
-    cluster.x-k8s.io/provider: cluster-api
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-    control-plane: controller-manager
-  name: capi-controller-manager
-  namespace: capi-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      cluster.x-k8s.io/provider: cluster-api
-      control-plane: controller-manager
-  strategy: {}
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        cluster.x-k8s.io/provider: cluster-api
-        control-plane: controller-manager
-    spec:
-      containers:
-      - args:
-        - --leader-elect
-        - --diagnostics-address=:8443
-        - --insecure-diagnostics=false
-        - --use-deprecated-infra-machine-naming=false
-        - --feature-gates=MachinePool=true,ClusterResourceSet=true,ClusterTopology=false,RuntimeSDK=false,MachineSetPreflightChecks=true,MachineWaitForVolumeDetachConsiderVolumeAttachments=true
-        command:
-        - /manager
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        image: registry.k8s.io/cluster-api/cluster-api-controller:v1.9.5
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: healthz
-        name: manager
-        ports:
-        - containerPort: 9443
-          name: webhook-server
-          protocol: TCP
-        - containerPort: 9440
-          name: healthz
-          protocol: TCP
-        - containerPort: 8443
-          name: metrics
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: healthz
-        resources: {}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsUser: 65532
-        terminationMessagePolicy: FallbackToLogsOnError
-        volumeMounts:
-        - mountPath: /tmp/k8s-webhook-server/serving-certs
-          name: cert
-          readOnly: true
-      securityContext:
-        runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: capi-manager
-      terminationGracePeriodSeconds: 10
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-      volumes:
-      - name: cert
-        secret:
-          secretName: capi-webhook-service-cert
-status: {}
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-mutating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /mutate-cluster-x-k8s-io-v1beta1-cluster
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.cluster.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - clusters
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.clusterclass.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - clusterclasses
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /mutate-cluster-x-k8s-io-v1beta1-machine
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.machine.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machines
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.machinedeployment.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machinedeployments
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.machinehealthcheck.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machinehealthchecks
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /mutate-cluster-x-k8s-io-v1beta1-machineset
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.machineset.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machinesets
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.extensionconfig.runtime.addons.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - runtime.cluster.x-k8s.io
-    apiVersions:
-    - v1alpha1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - extensionconfigs
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /mutate-cluster-x-k8s-io-v1beta1-machinepool
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.machinepool.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machinepools
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.clusterresourceset.addons.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - addons.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - clusterresourcesets
-  sideEffects: None
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: cluster-api
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-validating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-cluster-x-k8s-io-v1beta1-cluster
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.cluster.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    - DELETE
-    resources:
-    - clusters
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-cluster-x-k8s-io-v1beta1-clusterclass
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.clusterclass.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    - DELETE
-    resources:
-    - clusterclasses
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-cluster-x-k8s-io-v1beta1-machine
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.machine.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machines
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.machinedeployment.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machinedeployments
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-cluster-x-k8s-io-v1beta1-machinedrainrule
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.machinedrainrule.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machinedrainrules
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.machinehealthcheck.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machinehealthchecks
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-cluster-x-k8s-io-v1beta1-machineset
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.machineset.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machinesets
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.extensionconfig.runtime.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - runtime.cluster.x-k8s.io
-    apiVersions:
-    - v1alpha1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - extensionconfigs
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-cluster-x-k8s-io-v1beta1-machinepool
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.machinepool.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - machinepools
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.clusterresourceset.addons.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - addons.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - clusterresourcesets
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - addons.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - clusterresourcesetbindings
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddress
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.ipaddress.ipam.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - ipam.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    - DELETE
-    resources:
-    - ipaddresses
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-webhook-service
-      namespace: capi-system
-      path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddressclaim
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.ipaddressclaim.ipam.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - ipam.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    - DELETE
-    resources:
-    - ipaddressclaims
-  sideEffects: None
diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/bootstrap/kubeadm/bootstrap.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/bootstrap/kubeadm/bootstrap.yaml
deleted file mode 100644
index 65bf20b..0000000
--- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/bootstrap/kubeadm/bootstrap.yaml
+++ /dev/null
@@ -1,7998 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-    control-plane: controller-manager
-  name: capi-kubeadm-bootstrap-system
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-selfsigned-issuer
-  namespace: capi-kubeadm-bootstrap-system
-spec:
-  selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-serving-cert
-  namespace: capi-kubeadm-bootstrap-system
-spec:
-  dnsNames:
-  - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc
-  - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local
-  issuerRef:
-    kind: Issuer
-    name: capi-kubeadm-bootstrap-selfsigned-issuer
-  secretName: capi-kubeadm-bootstrap-webhook-service-cert
-  subject:
-    organizations:
-    - k8s-sig-cluster-lifecycle
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    cluster.x-k8s.io/v1beta1: v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: kubeadmconfigs.bootstrap.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-kubeadm-bootstrap-webhook-service
-          namespace: capi-kubeadm-bootstrap-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: bootstrap.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: KubeadmConfig
-    listKind: KubeadmConfigList
-    plural: kubeadmconfigs
-    singular: kubeadmconfig
-  scope: Namespaced
-  versions:
-  - deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          KubeadmConfig is the Schema for the kubeadmconfigs API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: |-
-              KubeadmConfigSpec defines the desired state of KubeadmConfig.
-              Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
-            properties:
-              clusterConfiguration:
-                description: clusterConfiguration along with InitConfiguration are
-                  the configurations necessary for the init command
-                properties:
-                  apiServer:
-                    description: APIServer contains extra settings for the API server
-                      control plane component
-                    properties:
-                      certSANs:
-                        description: CertSANs sets extra Subject Alternative Names
-                          for the API Server signing cert.
-                        items:
-                          type: string
-                        type: array
-                      extraArgs:
-                        additionalProperties:
-                          type: string
-                        description: ExtraArgs is an extra set of flags to pass to
-                          the control plane component.
-                        type: object
-                      extraVolumes:
-                        description: ExtraVolumes is an extra set of host volumes,
-                          mounted to the control plane component.
-                        items:
-                          description: |-
-                            HostPathMount contains elements describing volumes that are mounted from the
-                            host.
-                          properties:
-                            hostPath:
-                              description: |-
-                                HostPath is the path in the host that will be mounted inside
-                                the pod.
-                              type: string
-                            mountPath:
-                              description: MountPath is the path inside the pod where
-                                hostPath will be mounted.
-                              type: string
-                            name:
-                              description: Name of the volume inside the pod template.
-                              type: string
-                            pathType:
-                              description: PathType is the type of the HostPath.
-                              type: string
-                            readOnly:
-                              description: ReadOnly controls write access to the volume
-                              type: boolean
-                          required:
-                          - hostPath
-                          - mountPath
-                          - name
-                          type: object
-                        type: array
-                      timeoutForControlPlane:
-                        description: TimeoutForControlPlane controls the timeout that
-                          we use for API server to appear
-                        type: string
-                    type: object
-                  apiVersion:
-                    description: |-
-                      APIVersion defines the versioned schema of this representation of an object.
-                      Servers should convert recognized schemas to the latest internal value, and
-                      may reject unrecognized values.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                    type: string
-                  certificatesDir:
-                    description: |-
-                      CertificatesDir specifies where to store or look for all required certificates.
-                      NB: if not provided, this will default to `/etc/kubernetes/pki`
-                    type: string
-                  clusterName:
-                    description: The cluster name
-                    type: string
-                  controlPlaneEndpoint:
-                    description: |-
-                      ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                      can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                      In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                      are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                      the BindPort is used.
-                      Possible usages are:
-                      e.g. In a cluster with more than one control plane instances, this field should be
-                      assigned the address of the external load balancer in front of the
-                      control plane instances.
-                      e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                      could be used for assigning a stable DNS to the control plane.
-                      NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                    type: string
-                  controllerManager:
-                    description: ControllerManager contains extra settings for the
-                      controller manager control plane component
-                    properties:
-                      extraArgs:
-                        additionalProperties:
-                          type: string
-                        description: ExtraArgs is an extra set of flags to pass to
-                          the control plane component.
-                        type: object
-                      extraVolumes:
-                        description: ExtraVolumes is an extra set of host volumes,
-                          mounted to the control plane component.
-                        items:
-                          description: |-
-                            HostPathMount contains elements describing volumes that are mounted from the
-                            host.
-                          properties:
-                            hostPath:
-                              description: |-
-                                HostPath is the path in the host that will be mounted inside
-                                the pod.
-                              type: string
-                            mountPath:
-                              description: MountPath is the path inside the pod where
-                                hostPath will be mounted.
-                              type: string
-                            name:
-                              description: Name of the volume inside the pod template.
-                              type: string
-                            pathType:
-                              description: PathType is the type of the HostPath.
-                              type: string
-                            readOnly:
-                              description: ReadOnly controls write access to the volume
-                              type: boolean
-                          required:
-                          - hostPath
-                          - mountPath
-                          - name
-                          type: object
-                        type: array
-                    type: object
-                  dns:
-                    description: DNS defines the options for the DNS add-on installed
-                      in the cluster.
-                    properties:
-                      imageRepository:
-                        description: |-
-                          ImageRepository sets the container registry to pull images from.
-                          if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                        type: string
-                      imageTag:
-                        description: |-
-                          ImageTag allows to specify a tag for the image.
-                          In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                        type: string
-                      type:
-                        description: Type defines the DNS add-on to be used
-                        type: string
-                    type: object
-                  etcd:
-                    description: |-
-                      Etcd holds configuration for etcd.
-                      NB: This value defaults to a Local (stacked) etcd
-                    properties:
-                      external:
-                        description: |-
-                          External describes how to connect to an external etcd cluster
-                          Local and External are mutually exclusive
-                        properties:
-                          caFile:
-                            description: |-
-                              CAFile is an SSL Certificate Authority file used to secure etcd communication.
-                              Required if using a TLS connection.
-                            type: string
-                          certFile:
-                            description: |-
-                              CertFile is an SSL certification file used to secure etcd communication.
-                              Required if using a TLS connection.
-                            type: string
-                          endpoints:
-                            description: Endpoints of etcd members. Required for ExternalEtcd.
-                            items:
-                              type: string
-                            type: array
-                          keyFile:
-                            description: |-
-                              KeyFile is an SSL key file used to secure etcd communication.
-                              Required if using a TLS connection.
-                            type: string
-                        required:
-                        - caFile
-                        - certFile
-                        - endpoints
-                        - keyFile
-                        type: object
-                      local:
-                        description: |-
-                          Local provides configuration knobs for configuring the local etcd instance
-                          Local and External are mutually exclusive
-                        properties:
-                          dataDir:
-                            description: |-
-                              DataDir is the directory etcd will place its data.
-                              Defaults to "/var/lib/etcd".
-                            type: string
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              ExtraArgs are extra arguments provided to the etcd binary
-                              when run inside a static pod.
-                            type: object
-                          imageRepository:
-                            description: |-
-                              ImageRepository sets the container registry to pull images from.
-                              if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                            type: string
-                          imageTag:
-                            description: |-
-                              ImageTag allows to specify a tag for the image.
-                              In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                            type: string
-                          peerCertSANs:
-                            description: PeerCertSANs sets extra Subject Alternative
-                              Names for the etcd peer signing cert.
-                            items:
-                              type: string
-                            type: array
-                          serverCertSANs:
-                            description: ServerCertSANs sets extra Subject Alternative
-                              Names for the etcd server signing cert.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                    type: object
-                  featureGates:
-                    additionalProperties:
-                      type: boolean
-                    description: FeatureGates enabled by the user.
-                    type: object
-                  imageRepository:
-                    description: |-
-                      ImageRepository sets the container registry to pull images from.
-                      If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                      `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io`
-                      will be used for all the other images.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind is a string value representing the REST resource this object represents.
-                      Servers may infer this from the endpoint the client submits requests to.
-                      Cannot be updated.
-                      In CamelCase.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  kubernetesVersion:
-                    description: |-
-                      KubernetesVersion is the target version of the control plane.
-                      NB: This value defaults to the Machine object spec.version
-                    type: string
-                  networking:
-                    description: |-
-                      Networking holds configuration for the networking topology of the cluster.
-                      NB: This value defaults to the Cluster object spec.clusterNetwork.
-                    properties:
-                      dnsDomain:
-                        description: DNSDomain is the dns domain used by k8s services.
-                          Defaults to "cluster.local".
-                        type: string
-                      podSubnet:
-                        description: |-
-                          PodSubnet is the subnet used by pods.
-                          If unset, the API server will not allocate CIDR ranges for every node.
-                          Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                        type: string
-                      serviceSubnet:
-                        description: |-
-                          ServiceSubnet is the subnet used by k8s services.
-                          Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                          to "10.96.0.0/12" if that's unset.
-                        type: string
-                    type: object
-                  scheduler:
-                    description: Scheduler contains extra settings for the scheduler
-                      control plane component
-                    properties:
-                      extraArgs:
-                        additionalProperties:
-                          type: string
-                        description: ExtraArgs is an extra set of flags to pass to
-                          the control plane component.
-                        type: object
-                      extraVolumes:
-                        description: ExtraVolumes is an extra set of host volumes,
-                          mounted to the control plane component.
-                        items:
-                          description: |-
-                            HostPathMount contains elements describing volumes that are mounted from the
-                            host.
-                          properties:
-                            hostPath:
-                              description: |-
-                                HostPath is the path in the host that will be mounted inside
-                                the pod.
-                              type: string
-                            mountPath:
-                              description: MountPath is the path inside the pod where
-                                hostPath will be mounted.
-                              type: string
-                            name:
-                              description: Name of the volume inside the pod template.
-                              type: string
-                            pathType:
-                              description: PathType is the type of the HostPath.
-                              type: string
-                            readOnly:
-                              description: ReadOnly controls write access to the volume
-                              type: boolean
-                          required:
-                          - hostPath
-                          - mountPath
-                          - name
-                          type: object
-                        type: array
-                    type: object
-                  useHyperKubeImage:
-                    description: UseHyperKubeImage controls if hyperkube should be
-                      used for Kubernetes components instead of their respective separate
-                      images
-                    type: boolean
-                type: object
-              diskSetup:
-                description: diskSetup specifies options for the creation of partition
-                  tables and file systems on devices.
-                properties:
-                  filesystems:
-                    description: filesystems specifies the list of file systems to
-                      setup.
-                    items:
-                      description: Filesystem defines the file systems to be created.
-                      properties:
-                        device:
-                          description: device specifies the device name
-                          type: string
-                        extraOpts:
-                          description: extraOpts defined extra options to add to the
-                            command for creating the file system.
-                          items:
-                            type: string
-                          type: array
-                        filesystem:
-                          description: filesystem specifies the file system type.
-                          type: string
-                        label:
-                          description: label specifies the file system label to be
-                            used. If set to None, no label is used.
-                          type: string
-                        overwrite:
-                          description: |-
-                            overwrite defines whether or not to overwrite any existing filesystem.
-                            If true, any pre-existing file system will be destroyed. Use with Caution.
-                          type: boolean
-                        partition:
-                          description: 'partition specifies the partition to use.
-                            The valid options are: "auto|any", "auto", "any", "none",
-                            and <NUM>, where NUM is the actual partition number.'
-                          type: string
-                        replaceFS:
-                          description: |-
-                            replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                            NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                          type: string
-                      required:
-                      - device
-                      - filesystem
-                      - label
-                      type: object
-                    type: array
-                  partitions:
-                    description: partitions specifies the list of the partitions to
-                      setup.
-                    items:
-                      description: Partition defines how to create and layout a partition.
-                      properties:
-                        device:
-                          description: device is the name of the device.
-                          type: string
-                        layout:
-                          description: |-
-                            layout specifies the device layout.
-                            If it is true, a single partition will be created for the entire device.
-                            When layout is false, it means don't partition or ignore existing partitioning.
-                          type: boolean
-                        overwrite:
-                          description: |-
-                            overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                            Use with caution. Default is 'false'.
-                          type: boolean
-                        tableType:
-                          description: |-
-                            tableType specifies the tupe of partition table. The following are supported:
-                            'mbr': default and setups a MS-DOS partition table
-                            'gpt': setups a GPT partition table
-                          type: string
-                      required:
-                      - device
-                      - layout
-                      type: object
-                    type: array
-                type: object
-              files:
-                description: files specifies extra files to be passed to user_data
-                  upon creation.
-                items:
-                  description: File defines the input for generating write_files in
-                    cloud-init.
-                  properties:
-                    content:
-                      description: content is the actual content of the file.
-                      type: string
-                    contentFrom:
-                      description: contentFrom is a referenced source of content to
-                        populate the file.
-                      properties:
-                        secret:
-                          description: secret represents a secret that should populate
-                            this file.
-                          properties:
-                            key:
-                              description: key is the key in the secret's data map
-                                for this value.
-                              type: string
-                            name:
-                              description: name of the secret in the KubeadmBootstrapConfig's
-                                namespace to use.
-                              type: string
-                          required:
-                          - key
-                          - name
-                          type: object
-                      required:
-                      - secret
-                      type: object
-                    encoding:
-                      description: encoding specifies the encoding of the file contents.
-                      enum:
-                      - base64
-                      - gzip
-                      - gzip+base64
-                      type: string
-                    owner:
-                      description: owner specifies the ownership of the file, e.g.
-                        "root:root".
-                      type: string
-                    path:
-                      description: path specifies the full path on disk where to store
-                        the file.
-                      type: string
-                    permissions:
-                      description: permissions specifies the permissions to assign
-                        to the file, e.g. "0640".
-                      type: string
-                  required:
-                  - path
-                  type: object
-                type: array
-              format:
-                description: format specifies the output format of the bootstrap data
-                enum:
-                - cloud-config
-                type: string
-              initConfiguration:
-                description: initConfiguration along with ClusterConfiguration are
-                  the configurations necessary for the init command
-                properties:
-                  apiVersion:
-                    description: |-
-                      APIVersion defines the versioned schema of this representation of an object.
-                      Servers should convert recognized schemas to the latest internal value, and
-                      may reject unrecognized values.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                    type: string
-                  bootstrapTokens:
-                    description: |-
-                      BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                      This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                    items:
-                      description: BootstrapToken describes one bootstrap token, stored
-                        as a Secret in the cluster.
-                      properties:
-                        description:
-                          description: |-
-                            Description sets a human-friendly message why this token exists and what it's used
-                            for, so other administrators can know its purpose.
-                          type: string
-                        expires:
-                          description: |-
-                            Expires specifies the timestamp when this token expires. Defaults to being set
-                            dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                          format: date-time
-                          type: string
-                        groups:
-                          description: |-
-                            Groups specifies the extra groups that this token will authenticate as when/if
-                            used for authentication
-                          items:
-                            type: string
-                          type: array
-                        token:
-                          description: |-
-                            Token is used for establishing bidirectional trust between nodes and control-planes.
-                            Used for joining nodes in the cluster.
-                          type: string
-                        ttl:
-                          description: |-
-                            TTL defines the time to live for this token. Defaults to 24h.
-                            Expires and TTL are mutually exclusive.
-                          type: string
-                        usages:
-                          description: |-
-                            Usages describes the ways in which this token can be used. Can by default be used
-                            for establishing bidirectional trust, but that can be changed here.
-                          items:
-                            type: string
-                          type: array
-                      required:
-                      - token
-                      type: object
-                    type: array
-                  kind:
-                    description: |-
-                      Kind is a string value representing the REST resource this object represents.
-                      Servers may infer this from the endpoint the client submits requests to.
-                      Cannot be updated.
-                      In CamelCase.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  localAPIEndpoint:
-                    description: |-
-                      LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                      In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                      is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                      configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                      on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                      fails you may set the desired value here.
-                    properties:
-                      advertiseAddress:
-                        description: AdvertiseAddress sets the IP address for the
-                          API server to advertise.
-                        type: string
-                      bindPort:
-                        description: |-
-                          BindPort sets the secure port for the API Server to bind to.
-                          Defaults to 6443.
-                        format: int32
-                        type: integer
-                    required:
-                    - advertiseAddress
-                    - bindPort
-                    type: object
-                  nodeRegistration:
-                    description: |-
-                      NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                      When used in the context of control plane nodes, NodeRegistration should remain consistent
-                      across both InitConfiguration and JoinConfiguration
-                    properties:
-                      criSocket:
-                        description: CRISocket is used to retrieve container runtime
-                          info. This information will be annotated to the Node API
-                          object, for later re-use
-                        type: string
-                      kubeletExtraArgs:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                          kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                          Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                        type: object
-                      name:
-                        description: |-
-                          Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                          This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                          Defaults to the hostname of the node if not provided.
-                        type: string
-                      taints:
-                        description: |-
-                          Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                          it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                          empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                        items:
-                          description: |-
-                            The node this Taint is attached to has the "effect" on
-                            any pod that does not tolerate the Taint.
-                          properties:
-                            effect:
-                              description: |-
-                                Required. The effect of the taint on pods
-                                that do not tolerate the taint.
-                                Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                              type: string
-                            key:
-                              description: Required. The taint key to be applied to
-                                a node.
-                              type: string
-                            timeAdded:
-                              description: |-
-                                TimeAdded represents the time at which the taint was added.
-                                It is only written for NoExecute taints.
-                              format: date-time
-                              type: string
-                            value:
-                              description: The taint value corresponding to the taint
-                                key.
-                              type: string
-                          required:
-                          - effect
-                          - key
-                          type: object
-                        type: array
-                    type: object
-                type: object
-              joinConfiguration:
-                description: joinConfiguration is the kubeadm configuration for the
-                  join command
-                properties:
-                  apiVersion:
-                    description: |-
-                      APIVersion defines the versioned schema of this representation of an object.
-                      Servers should convert recognized schemas to the latest internal value, and
-                      may reject unrecognized values.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                    type: string
-                  caCertPath:
-                    description: |-
-                      CACertPath is the path to the SSL certificate authority used to
-                      secure comunications between node and control-plane.
-                      Defaults to "/etc/kubernetes/pki/ca.crt".
-                    type: string
-                  controlPlane:
-                    description: |-
-                      ControlPlane defines the additional control plane instance to be deployed on the joining node.
-                      If nil, no additional control plane instance will be deployed.
-                    properties:
-                      localAPIEndpoint:
-                        description: LocalAPIEndpoint represents the endpoint of the
-                          API server instance to be deployed on this node.
-                        properties:
-                          advertiseAddress:
-                            description: AdvertiseAddress sets the IP address for
-                              the API server to advertise.
-                            type: string
-                          bindPort:
-                            description: |-
-                              BindPort sets the secure port for the API Server to bind to.
-                              Defaults to 6443.
-                            format: int32
-                            type: integer
-                        required:
-                        - advertiseAddress
-                        - bindPort
-                        type: object
-                    type: object
-                  discovery:
-                    description: Discovery specifies the options for the kubelet to
-                      use during the TLS Bootstrap process
-                    properties:
-                      bootstrapToken:
-                        description: |-
-                          BootstrapToken is used to set the options for bootstrap token based discovery
-                          BootstrapToken and File are mutually exclusive
-                        properties:
-                          apiServerEndpoint:
-                            description: APIServerEndpoint is an IP or domain name
-                              to the API server from which info will be fetched.
-                            type: string
-                          caCertHashes:
-                            description: |-
-                              CACertHashes specifies a set of public key pins to verify
-                              when token-based discovery is used. The root CA found during discovery
-                              must match one of these values. Specifying an empty set disables root CA
-                              pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                              where the only currently supported type is "sha256". This is a hex-encoded
-                              SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                              ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                              openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                            items:
-                              type: string
-                            type: array
-                          token:
-                            description: |-
-                              Token is a token used to validate cluster information
-                              fetched from the control-plane.
-                            type: string
-                          unsafeSkipCAVerification:
-                            description: |-
-                              UnsafeSkipCAVerification allows token-based discovery
-                              without CA verification via CACertHashes. This can weaken
-                              the security of kubeadm since other nodes can impersonate the control-plane.
-                            type: boolean
-                        required:
-                        - token
-                        - unsafeSkipCAVerification
-                        type: object
-                      file:
-                        description: |-
-                          File is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                          BootstrapToken and File are mutually exclusive
-                        properties:
-                          kubeConfigPath:
-                            description: KubeConfigPath is used to specify the actual
-                              file path or URL to the kubeconfig file from which to
-                              load cluster information
-                            type: string
-                        required:
-                        - kubeConfigPath
-                        type: object
-                      timeout:
-                        description: Timeout modifies the discovery timeout
-                        type: string
-                      tlsBootstrapToken:
-                        description: |-
-                          TLSBootstrapToken is a token used for TLS bootstrapping.
-                          If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                          If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                        type: string
-                    type: object
-                  kind:
-                    description: |-
-                      Kind is a string value representing the REST resource this object represents.
-                      Servers may infer this from the endpoint the client submits requests to.
-                      Cannot be updated.
-                      In CamelCase.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  nodeRegistration:
-                    description: |-
-                      NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                      When used in the context of control plane nodes, NodeRegistration should remain consistent
-                      across both InitConfiguration and JoinConfiguration
-                    properties:
-                      criSocket:
-                        description: CRISocket is used to retrieve container runtime
-                          info. This information will be annotated to the Node API
-                          object, for later re-use
-                        type: string
-                      kubeletExtraArgs:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                          kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                          Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                        type: object
-                      name:
-                        description: |-
-                          Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                          This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                          Defaults to the hostname of the node if not provided.
-                        type: string
-                      taints:
-                        description: |-
-                          Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                          it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                          empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                        items:
-                          description: |-
-                            The node this Taint is attached to has the "effect" on
-                            any pod that does not tolerate the Taint.
-                          properties:
-                            effect:
-                              description: |-
-                                Required. The effect of the taint on pods
-                                that do not tolerate the taint.
-                                Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                              type: string
-                            key:
-                              description: Required. The taint key to be applied to
-                                a node.
-                              type: string
-                            timeAdded:
-                              description: |-
-                                TimeAdded represents the time at which the taint was added.
-                                It is only written for NoExecute taints.
-                              format: date-time
-                              type: string
-                            value:
-                              description: The taint value corresponding to the taint
-                                key.
-                              type: string
-                          required:
-                          - effect
-                          - key
-                          type: object
-                        type: array
-                    type: object
-                type: object
-              mounts:
-                description: mounts specifies a list of mount points to be setup.
-                items:
-                  description: MountPoints defines input for generated mounts in cloud-init.
-                  items:
-                    type: string
-                  type: array
-                type: array
-              ntp:
-                description: ntp specifies NTP configuration
-                properties:
-                  enabled:
-                    description: enabled specifies whether NTP should be enabled
-                    type: boolean
-                  servers:
-                    description: servers specifies which NTP servers to use
-                    items:
-                      type: string
-                    type: array
-                type: object
-              postKubeadmCommands:
-                description: postKubeadmCommands specifies extra commands to run after
-                  kubeadm runs
-                items:
-                  type: string
-                type: array
-              preKubeadmCommands:
-                description: preKubeadmCommands specifies extra commands to run before
-                  kubeadm runs
-                items:
-                  type: string
-                type: array
-              useExperimentalRetryJoin:
-                description: |-
-                  useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                  script with retries for joins.
-
-                  This is meant to be an experimental temporary workaround on some environments
-                  where joins fail due to timing (and other issues). The long term goal is to add retries to
-                  kubeadm proper and use that functionality.
-
-                  This will add about 40KB to userdata
-
-                  For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-                type: boolean
-              users:
-                description: users specifies extra users to add
-                items:
-                  description: User defines the input for a generated user in cloud-init.
-                  properties:
-                    gecos:
-                      description: gecos specifies the gecos to use for the user
-                      type: string
-                    groups:
-                      description: groups specifies the additional groups for the
-                        user
-                      type: string
-                    homeDir:
-                      description: homeDir specifies the home directory to use for
-                        the user
-                      type: string
-                    inactive:
-                      description: inactive specifies whether to mark the user as
-                        inactive
-                      type: boolean
-                    lockPassword:
-                      description: lockPassword specifies if password login should
-                        be disabled
-                      type: boolean
-                    name:
-                      description: name specifies the user name
-                      type: string
-                    passwd:
-                      description: passwd specifies a hashed password for the user
-                      type: string
-                    primaryGroup:
-                      description: primaryGroup specifies the primary group for the
-                        user
-                      type: string
-                    shell:
-                      description: shell specifies the user's shell
-                      type: string
-                    sshAuthorizedKeys:
-                      description: sshAuthorizedKeys specifies a list of ssh authorized
-                        keys for the user
-                      items:
-                        type: string
-                      type: array
-                    sudo:
-                      description: sudo specifies a sudo role for the user
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              verbosity:
-                description: |-
-                  verbosity is the number for the kubeadm log level verbosity.
-                  It overrides the `--v` flag in kubeadm commands.
-                format: int32
-                type: integer
-            type: object
-          status:
-            description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
-            properties:
-              bootstrapData:
-                description: |-
-                  bootstrapData will be a cloud-init script for now.
-
-                  Deprecated: Switch to DataSecretName.
-                format: byte
-                type: string
-              conditions:
-                description: conditions defines current service state of the KubeadmConfig.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              dataSecretName:
-                description: dataSecretName is the name of the secret that stores
-                  the bootstrap data script.
-                type: string
-              failureMessage:
-                description: failureMessage will be set on non-retryable errors
-                type: string
-              failureReason:
-                description: failureReason will be set on non-retryable errors
-                type: string
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              ready:
-                description: ready indicates the BootstrapData field is ready to be
-                  consumed
-                type: boolean
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of KubeadmConfig
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          KubeadmConfig is the Schema for the kubeadmconfigs API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: |-
-              KubeadmConfigSpec defines the desired state of KubeadmConfig.
-              Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
-            properties:
-              clusterConfiguration:
-                description: clusterConfiguration along with InitConfiguration are
-                  the configurations necessary for the init command
-                properties:
-                  apiServer:
-                    description: apiServer contains extra settings for the API server
-                      control plane component
-                    properties:
-                      certSANs:
-                        description: certSANs sets extra Subject Alternative Names
-                          for the API Server signing cert.
-                        items:
-                          type: string
-                        type: array
-                      extraArgs:
-                        additionalProperties:
-                          type: string
-                        description: extraArgs is an extra set of flags to pass to
-                          the control plane component.
-                        type: object
-                      extraVolumes:
-                        description: extraVolumes is an extra set of host volumes,
-                          mounted to the control plane component.
-                        items:
-                          description: |-
-                            HostPathMount contains elements describing volumes that are mounted from the
-                            host.
-                          properties:
-                            hostPath:
-                              description: |-
-                                hostPath is the path in the host that will be mounted inside
-                                the pod.
-                              type: string
-                            mountPath:
-                              description: mountPath is the path inside the pod where
-                                hostPath will be mounted.
-                              type: string
-                            name:
-                              description: name of the volume inside the pod template.
-                              type: string
-                            pathType:
-                              description: pathType is the type of the HostPath.
-                              type: string
-                            readOnly:
-                              description: readOnly controls write access to the volume
-                              type: boolean
-                          required:
-                          - hostPath
-                          - mountPath
-                          - name
-                          type: object
-                        type: array
-                      timeoutForControlPlane:
-                        description: timeoutForControlPlane controls the timeout that
-                          we use for API server to appear
-                        type: string
-                    type: object
-                  apiVersion:
-                    description: |-
-                      APIVersion defines the versioned schema of this representation of an object.
-                      Servers should convert recognized schemas to the latest internal value, and
-                      may reject unrecognized values.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                    type: string
-                  certificatesDir:
-                    description: |-
-                      certificatesDir specifies where to store or look for all required certificates.
-                      NB: if not provided, this will default to `/etc/kubernetes/pki`
-                    type: string
-                  clusterName:
-                    description: The cluster name
-                    type: string
-                  controlPlaneEndpoint:
-                    description: |-
-                      controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                      can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                      In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                      are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                      the BindPort is used.
-                      Possible usages are:
-                      e.g. In a cluster with more than one control plane instances, this field should be
-                      assigned the address of the external load balancer in front of the
-                      control plane instances.
-                      e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                      could be used for assigning a stable DNS to the control plane.
-                      NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                    type: string
-                  controllerManager:
-                    description: controllerManager contains extra settings for the
-                      controller manager control plane component
-                    properties:
-                      extraArgs:
-                        additionalProperties:
-                          type: string
-                        description: extraArgs is an extra set of flags to pass to
-                          the control plane component.
-                        type: object
-                      extraVolumes:
-                        description: extraVolumes is an extra set of host volumes,
-                          mounted to the control plane component.
-                        items:
-                          description: |-
-                            HostPathMount contains elements describing volumes that are mounted from the
-                            host.
-                          properties:
-                            hostPath:
-                              description: |-
-                                hostPath is the path in the host that will be mounted inside
-                                the pod.
-                              type: string
-                            mountPath:
-                              description: mountPath is the path inside the pod where
-                                hostPath will be mounted.
-                              type: string
-                            name:
-                              description: name of the volume inside the pod template.
-                              type: string
-                            pathType:
-                              description: pathType is the type of the HostPath.
-                              type: string
-                            readOnly:
-                              description: readOnly controls write access to the volume
-                              type: boolean
-                          required:
-                          - hostPath
-                          - mountPath
-                          - name
-                          type: object
-                        type: array
-                    type: object
-                  dns:
-                    description: dns defines the options for the DNS add-on installed
-                      in the cluster.
-                    properties:
-                      imageRepository:
-                        description: |-
-                          imageRepository sets the container registry to pull images from.
-                          if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                        type: string
-                      imageTag:
-                        description: |-
-                          imageTag allows to specify a tag for the image.
-                          In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                        type: string
-                    type: object
-                  etcd:
-                    description: |-
-                      etcd holds configuration for etcd.
-                      NB: This value defaults to a Local (stacked) etcd
-                    properties:
-                      external:
-                        description: |-
-                          external describes how to connect to an external etcd cluster
-                          Local and External are mutually exclusive
-                        properties:
-                          caFile:
-                            description: |-
-                              caFile is an SSL Certificate Authority file used to secure etcd communication.
-                              Required if using a TLS connection.
-                            type: string
-                          certFile:
-                            description: |-
-                              certFile is an SSL certification file used to secure etcd communication.
-                              Required if using a TLS connection.
-                            type: string
-                          endpoints:
-                            description: endpoints of etcd members. Required for ExternalEtcd.
-                            items:
-                              type: string
-                            type: array
-                          keyFile:
-                            description: |-
-                              keyFile is an SSL key file used to secure etcd communication.
-                              Required if using a TLS connection.
-                            type: string
-                        required:
-                        - caFile
-                        - certFile
-                        - endpoints
-                        - keyFile
-                        type: object
-                      local:
-                        description: |-
-                          local provides configuration knobs for configuring the local etcd instance
-                          Local and External are mutually exclusive
-                        properties:
-                          dataDir:
-                            description: |-
-                              dataDir is the directory etcd will place its data.
-                              Defaults to "/var/lib/etcd".
-                            type: string
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              extraArgs are extra arguments provided to the etcd binary
-                              when run inside a static pod.
-                            type: object
-                          imageRepository:
-                            description: |-
-                              imageRepository sets the container registry to pull images from.
-                              if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                            type: string
-                          imageTag:
-                            description: |-
-                              imageTag allows to specify a tag for the image.
-                              In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                            type: string
-                          peerCertSANs:
-                            description: peerCertSANs sets extra Subject Alternative
-                              Names for the etcd peer signing cert.
-                            items:
-                              type: string
-                            type: array
-                          serverCertSANs:
-                            description: serverCertSANs sets extra Subject Alternative
-                              Names for the etcd server signing cert.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                    type: object
-                  featureGates:
-                    additionalProperties:
-                      type: boolean
-                    description: featureGates enabled by the user.
-                    type: object
-                  imageRepository:
-                    description: |-
-                      imageRepository sets the container registry to pull images from.
-                      If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                      `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
-                      will be used for all the other images.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind is a string value representing the REST resource this object represents.
-                      Servers may infer this from the endpoint the client submits requests to.
-                      Cannot be updated.
-                      In CamelCase.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  kubernetesVersion:
-                    description: |-
-                      kubernetesVersion is the target version of the control plane.
-                      NB: This value defaults to the Machine object spec.version
-                    type: string
-                  networking:
-                    description: |-
-                      networking holds configuration for the networking topology of the cluster.
-                      NB: This value defaults to the Cluster object spec.clusterNetwork.
-                    properties:
-                      dnsDomain:
-                        description: dnsDomain is the dns domain used by k8s services.
-                          Defaults to "cluster.local".
-                        type: string
-                      podSubnet:
-                        description: |-
-                          podSubnet is the subnet used by pods.
-                          If unset, the API server will not allocate CIDR ranges for every node.
-                          Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                        type: string
-                      serviceSubnet:
-                        description: |-
-                          serviceSubnet is the subnet used by k8s services.
-                          Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                          to "10.96.0.0/12" if that's unset.
-                        type: string
-                    type: object
-                  scheduler:
-                    description: scheduler contains extra settings for the scheduler
-                      control plane component
-                    properties:
-                      extraArgs:
-                        additionalProperties:
-                          type: string
-                        description: extraArgs is an extra set of flags to pass to
-                          the control plane component.
-                        type: object
-                      extraVolumes:
-                        description: extraVolumes is an extra set of host volumes,
-                          mounted to the control plane component.
-                        items:
-                          description: |-
-                            HostPathMount contains elements describing volumes that are mounted from the
-                            host.
-                          properties:
-                            hostPath:
-                              description: |-
-                                hostPath is the path in the host that will be mounted inside
-                                the pod.
-                              type: string
-                            mountPath:
-                              description: mountPath is the path inside the pod where
-                                hostPath will be mounted.
-                              type: string
-                            name:
-                              description: name of the volume inside the pod template.
-                              type: string
-                            pathType:
-                              description: pathType is the type of the HostPath.
-                              type: string
-                            readOnly:
-                              description: readOnly controls write access to the volume
-                              type: boolean
-                          required:
-                          - hostPath
-                          - mountPath
-                          - name
-                          type: object
-                        type: array
-                    type: object
-                type: object
-              diskSetup:
-                description: diskSetup specifies options for the creation of partition
-                  tables and file systems on devices.
-                properties:
-                  filesystems:
-                    description: filesystems specifies the list of file systems to
-                      setup.
-                    items:
-                      description: Filesystem defines the file systems to be created.
-                      properties:
-                        device:
-                          description: device specifies the device name
-                          type: string
-                        extraOpts:
-                          description: extraOpts defined extra options to add to the
-                            command for creating the file system.
-                          items:
-                            type: string
-                          type: array
-                        filesystem:
-                          description: filesystem specifies the file system type.
-                          type: string
-                        label:
-                          description: label specifies the file system label to be
-                            used. If set to None, no label is used.
-                          type: string
-                        overwrite:
-                          description: |-
-                            overwrite defines whether or not to overwrite any existing filesystem.
-                            If true, any pre-existing file system will be destroyed. Use with Caution.
-                          type: boolean
-                        partition:
-                          description: 'partition specifies the partition to use.
-                            The valid options are: "auto|any", "auto", "any", "none",
-                            and <NUM>, where NUM is the actual partition number.'
-                          type: string
-                        replaceFS:
-                          description: |-
-                            replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                            NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                          type: string
-                      required:
-                      - device
-                      - filesystem
-                      - label
-                      type: object
-                    type: array
-                  partitions:
-                    description: partitions specifies the list of the partitions to
-                      setup.
-                    items:
-                      description: Partition defines how to create and layout a partition.
-                      properties:
-                        device:
-                          description: device is the name of the device.
-                          type: string
-                        layout:
-                          description: |-
-                            layout specifies the device layout.
-                            If it is true, a single partition will be created for the entire device.
-                            When layout is false, it means don't partition or ignore existing partitioning.
-                          type: boolean
-                        overwrite:
-                          description: |-
-                            overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                            Use with caution. Default is 'false'.
-                          type: boolean
-                        tableType:
-                          description: |-
-                            tableType specifies the tupe of partition table. The following are supported:
-                            'mbr': default and setups a MS-DOS partition table
-                            'gpt': setups a GPT partition table
-                          type: string
-                      required:
-                      - device
-                      - layout
-                      type: object
-                    type: array
-                type: object
-              files:
-                description: files specifies extra files to be passed to user_data
-                  upon creation.
-                items:
-                  description: File defines the input for generating write_files in
-                    cloud-init.
-                  properties:
-                    content:
-                      description: content is the actual content of the file.
-                      type: string
-                    contentFrom:
-                      description: contentFrom is a referenced source of content to
-                        populate the file.
-                      properties:
-                        secret:
-                          description: secret represents a secret that should populate
-                            this file.
-                          properties:
-                            key:
-                              description: key is the key in the secret's data map
-                                for this value.
-                              type: string
-                            name:
-                              description: name of the secret in the KubeadmBootstrapConfig's
-                                namespace to use.
-                              type: string
-                          required:
-                          - key
-                          - name
-                          type: object
-                      required:
-                      - secret
-                      type: object
-                    encoding:
-                      description: encoding specifies the encoding of the file contents.
-                      enum:
-                      - base64
-                      - gzip
-                      - gzip+base64
-                      type: string
-                    owner:
-                      description: owner specifies the ownership of the file, e.g.
-                        "root:root".
-                      type: string
-                    path:
-                      description: path specifies the full path on disk where to store
-                        the file.
-                      type: string
-                    permissions:
-                      description: permissions specifies the permissions to assign
-                        to the file, e.g. "0640".
-                      type: string
-                  required:
-                  - path
-                  type: object
-                type: array
-              format:
-                description: format specifies the output format of the bootstrap data
-                enum:
-                - cloud-config
-                type: string
-              initConfiguration:
-                description: initConfiguration along with ClusterConfiguration are
-                  the configurations necessary for the init command
-                properties:
-                  apiVersion:
-                    description: |-
-                      APIVersion defines the versioned schema of this representation of an object.
-                      Servers should convert recognized schemas to the latest internal value, and
-                      may reject unrecognized values.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                    type: string
-                  bootstrapTokens:
-                    description: |-
-                      bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                      This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                    items:
-                      description: BootstrapToken describes one bootstrap token, stored
-                        as a Secret in the cluster.
-                      properties:
-                        description:
-                          description: |-
-                            description sets a human-friendly message why this token exists and what it's used
-                            for, so other administrators can know its purpose.
-                          type: string
-                        expires:
-                          description: |-
-                            expires specifies the timestamp when this token expires. Defaults to being set
-                            dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                          format: date-time
-                          type: string
-                        groups:
-                          description: |-
-                            groups specifies the extra groups that this token will authenticate as when/if
-                            used for authentication
-                          items:
-                            type: string
-                          type: array
-                        token:
-                          description: |-
-                            token is used for establishing bidirectional trust between nodes and control-planes.
-                            Used for joining nodes in the cluster.
-                          type: string
-                        ttl:
-                          description: |-
-                            ttl defines the time to live for this token. Defaults to 24h.
-                            Expires and TTL are mutually exclusive.
-                          type: string
-                        usages:
-                          description: |-
-                            usages describes the ways in which this token can be used. Can by default be used
-                            for establishing bidirectional trust, but that can be changed here.
-                          items:
-                            type: string
-                          type: array
-                      required:
-                      - token
-                      type: object
-                    type: array
-                  kind:
-                    description: |-
-                      Kind is a string value representing the REST resource this object represents.
-                      Servers may infer this from the endpoint the client submits requests to.
-                      Cannot be updated.
-                      In CamelCase.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  localAPIEndpoint:
-                    description: |-
-                      localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                      In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                      is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                      configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                      on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                      fails you may set the desired value here.
-                    properties:
-                      advertiseAddress:
-                        description: advertiseAddress sets the IP address for the
-                          API server to advertise.
-                        type: string
-                      bindPort:
-                        description: |-
-                          bindPort sets the secure port for the API Server to bind to.
-                          Defaults to 6443.
-                        format: int32
-                        type: integer
-                    type: object
-                  nodeRegistration:
-                    description: |-
-                      nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                      When used in the context of control plane nodes, NodeRegistration should remain consistent
-                      across both InitConfiguration and JoinConfiguration
-                    properties:
-                      criSocket:
-                        description: criSocket is used to retrieve container runtime
-                          info. This information will be annotated to the Node API
-                          object, for later re-use
-                        type: string
-                      ignorePreflightErrors:
-                        description: ignorePreflightErrors provides a slice of pre-flight
-                          errors to be ignored when the current node is registered.
-                        items:
-                          type: string
-                        type: array
-                      kubeletExtraArgs:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                          kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                          Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                        type: object
-                      name:
-                        description: |-
-                          name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                          This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                          Defaults to the hostname of the node if not provided.
-                        type: string
-                      taints:
-                        description: |-
-                          taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                          it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                          empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                        items:
-                          description: |-
-                            The node this Taint is attached to has the "effect" on
-                            any pod that does not tolerate the Taint.
-                          properties:
-                            effect:
-                              description: |-
-                                Required. The effect of the taint on pods
-                                that do not tolerate the taint.
-                                Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                              type: string
-                            key:
-                              description: Required. The taint key to be applied to
-                                a node.
-                              type: string
-                            timeAdded:
-                              description: |-
-                                TimeAdded represents the time at which the taint was added.
-                                It is only written for NoExecute taints.
-                              format: date-time
-                              type: string
-                            value:
-                              description: The taint value corresponding to the taint
-                                key.
-                              type: string
-                          required:
-                          - effect
-                          - key
-                          type: object
-                        type: array
-                    type: object
-                type: object
-              joinConfiguration:
-                description: joinConfiguration is the kubeadm configuration for the
-                  join command
-                properties:
-                  apiVersion:
-                    description: |-
-                      APIVersion defines the versioned schema of this representation of an object.
-                      Servers should convert recognized schemas to the latest internal value, and
-                      may reject unrecognized values.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                    type: string
-                  caCertPath:
-                    description: |-
-                      caCertPath is the path to the SSL certificate authority used to
-                      secure comunications between node and control-plane.
-                      Defaults to "/etc/kubernetes/pki/ca.crt".
-                    type: string
-                  controlPlane:
-                    description: |-
-                      controlPlane defines the additional control plane instance to be deployed on the joining node.
-                      If nil, no additional control plane instance will be deployed.
-                    properties:
-                      localAPIEndpoint:
-                        description: localAPIEndpoint represents the endpoint of the
-                          API server instance to be deployed on this node.
-                        properties:
-                          advertiseAddress:
-                            description: advertiseAddress sets the IP address for
-                              the API server to advertise.
-                            type: string
-                          bindPort:
-                            description: |-
-                              bindPort sets the secure port for the API Server to bind to.
-                              Defaults to 6443.
-                            format: int32
-                            type: integer
-                        type: object
-                    type: object
-                  discovery:
-                    description: discovery specifies the options for the kubelet to
-                      use during the TLS Bootstrap process
-                    properties:
-                      bootstrapToken:
-                        description: |-
-                          bootstrapToken is used to set the options for bootstrap token based discovery
-                          BootstrapToken and File are mutually exclusive
-                        properties:
-                          apiServerEndpoint:
-                            description: apiServerEndpoint is an IP or domain name
-                              to the API server from which info will be fetched.
-                            type: string
-                          caCertHashes:
-                            description: |-
-                              caCertHashes specifies a set of public key pins to verify
-                              when token-based discovery is used. The root CA found during discovery
-                              must match one of these values. Specifying an empty set disables root CA
-                              pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                              where the only currently supported type is "sha256". This is a hex-encoded
-                              SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                              ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                              openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                            items:
-                              type: string
-                            type: array
-                          token:
-                            description: |-
-                              token is a token used to validate cluster information
-                              fetched from the control-plane.
-                            type: string
-                          unsafeSkipCAVerification:
-                            description: |-
-                              unsafeSkipCAVerification allows token-based discovery
-                              without CA verification via CACertHashes. This can weaken
-                              the security of kubeadm since other nodes can impersonate the control-plane.
-                            type: boolean
-                        required:
-                        - token
-                        type: object
-                      file:
-                        description: |-
-                          file is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                          BootstrapToken and File are mutually exclusive
-                        properties:
-                          kubeConfigPath:
-                            description: kubeConfigPath is used to specify the actual
-                              file path or URL to the kubeconfig file from which to
-                              load cluster information
-                            type: string
-                        required:
-                        - kubeConfigPath
-                        type: object
-                      timeout:
-                        description: timeout modifies the discovery timeout
-                        type: string
-                      tlsBootstrapToken:
-                        description: |-
-                          tlsBootstrapToken is a token used for TLS bootstrapping.
-                          If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                          If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                        type: string
-                    type: object
-                  kind:
-                    description: |-
-                      Kind is a string value representing the REST resource this object represents.
-                      Servers may infer this from the endpoint the client submits requests to.
-                      Cannot be updated.
-                      In CamelCase.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  nodeRegistration:
-                    description: |-
-                      nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                      When used in the context of control plane nodes, NodeRegistration should remain consistent
-                      across both InitConfiguration and JoinConfiguration
-                    properties:
-                      criSocket:
-                        description: criSocket is used to retrieve container runtime
-                          info. This information will be annotated to the Node API
-                          object, for later re-use
-                        type: string
-                      ignorePreflightErrors:
-                        description: ignorePreflightErrors provides a slice of pre-flight
-                          errors to be ignored when the current node is registered.
-                        items:
-                          type: string
-                        type: array
-                      kubeletExtraArgs:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                          kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                          Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                        type: object
-                      name:
-                        description: |-
-                          name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                          This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                          Defaults to the hostname of the node if not provided.
-                        type: string
-                      taints:
-                        description: |-
-                          taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                          it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                          empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                        items:
-                          description: |-
-                            The node this Taint is attached to has the "effect" on
-                            any pod that does not tolerate the Taint.
-                          properties:
-                            effect:
-                              description: |-
-                                Required. The effect of the taint on pods
-                                that do not tolerate the taint.
-                                Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                              type: string
-                            key:
-                              description: Required. The taint key to be applied to
-                                a node.
-                              type: string
-                            timeAdded:
-                              description: |-
-                                TimeAdded represents the time at which the taint was added.
-                                It is only written for NoExecute taints.
-                              format: date-time
-                              type: string
-                            value:
-                              description: The taint value corresponding to the taint
-                                key.
-                              type: string
-                          required:
-                          - effect
-                          - key
-                          type: object
-                        type: array
-                    type: object
-                type: object
-              mounts:
-                description: mounts specifies a list of mount points to be setup.
-                items:
-                  description: MountPoints defines input for generated mounts in cloud-init.
-                  items:
-                    type: string
-                  type: array
-                type: array
-              ntp:
-                description: ntp specifies NTP configuration
-                properties:
-                  enabled:
-                    description: enabled specifies whether NTP should be enabled
-                    type: boolean
-                  servers:
-                    description: servers specifies which NTP servers to use
-                    items:
-                      type: string
-                    type: array
-                type: object
-              postKubeadmCommands:
-                description: postKubeadmCommands specifies extra commands to run after
-                  kubeadm runs
-                items:
-                  type: string
-                type: array
-              preKubeadmCommands:
-                description: preKubeadmCommands specifies extra commands to run before
-                  kubeadm runs
-                items:
-                  type: string
-                type: array
-              useExperimentalRetryJoin:
-                description: |-
-                  useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                  script with retries for joins.
-
-                  This is meant to be an experimental temporary workaround on some environments
-                  where joins fail due to timing (and other issues). The long term goal is to add retries to
-                  kubeadm proper and use that functionality.
-
-                  This will add about 40KB to userdata
-
-                  For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-                type: boolean
-              users:
-                description: users specifies extra users to add
-                items:
-                  description: User defines the input for a generated user in cloud-init.
-                  properties:
-                    gecos:
-                      description: gecos specifies the gecos to use for the user
-                      type: string
-                    groups:
-                      description: groups specifies the additional groups for the
-                        user
-                      type: string
-                    homeDir:
-                      description: homeDir specifies the home directory to use for
-                        the user
-                      type: string
-                    inactive:
-                      description: inactive specifies whether to mark the user as
-                        inactive
-                      type: boolean
-                    lockPassword:
-                      description: lockPassword specifies if password login should
-                        be disabled
-                      type: boolean
-                    name:
-                      description: name specifies the user name
-                      type: string
-                    passwd:
-                      description: passwd specifies a hashed password for the user
-                      type: string
-                    primaryGroup:
-                      description: primaryGroup specifies the primary group for the
-                        user
-                      type: string
-                    shell:
-                      description: shell specifies the user's shell
-                      type: string
-                    sshAuthorizedKeys:
-                      description: sshAuthorizedKeys specifies a list of ssh authorized
-                        keys for the user
-                      items:
-                        type: string
-                      type: array
-                    sudo:
-                      description: sudo specifies a sudo role for the user
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              verbosity:
-                description: |-
-                  verbosity is the number for the kubeadm log level verbosity.
-                  It overrides the `--v` flag in kubeadm commands.
-                format: int32
-                type: integer
-            type: object
-          status:
-            description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
-            properties:
-              conditions:
-                description: conditions defines current service state of the KubeadmConfig.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              dataSecretName:
-                description: dataSecretName is the name of the secret that stores
-                  the bootstrap data script.
-                type: string
-              failureMessage:
-                description: failureMessage will be set on non-retryable errors
-                type: string
-              failureReason:
-                description: failureReason will be set on non-retryable errors
-                type: string
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              ready:
-                description: ready indicates the BootstrapData field is ready to be
-                  consumed
-                type: boolean
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
-      name: Cluster
-      type: string
-    - description: Time duration since creation of KubeadmConfig
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: KubeadmConfig is the Schema for the kubeadmconfigs API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: |-
-              KubeadmConfigSpec defines the desired state of KubeadmConfig.
-              Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
-            properties:
-              clusterConfiguration:
-                description: clusterConfiguration along with InitConfiguration are
-                  the configurations necessary for the init command
-                properties:
-                  apiServer:
-                    description: apiServer contains extra settings for the API server
-                      control plane component
-                    properties:
-                      certSANs:
-                        description: certSANs sets extra Subject Alternative Names
-                          for the API Server signing cert.
-                        items:
-                          type: string
-                        type: array
-                      extraArgs:
-                        additionalProperties:
-                          type: string
-                        description: extraArgs is an extra set of flags to pass to
-                          the control plane component.
-                        type: object
-                      extraEnvs:
-                        description: |-
-                          extraEnvs is an extra set of environment variables to pass to the control plane component.
-                          Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                          This option takes effect only on Kubernetes >=1.31.0.
-                        items:
-                          description: EnvVar represents an environment variable present
-                            in a Container.
-                          properties:
-                            name:
-                              description: Name of the environment variable. Must
-                                be a C_IDENTIFIER.
-                              type: string
-                            value:
-                              description: |-
-                                Variable references $(VAR_NAME) are expanded
-                                using the previously defined environment variables in the container and
-                                any service environment variables. If a variable cannot be resolved,
-                                the reference in the input string will be unchanged. Double $ are reduced
-                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                Escaped references will never be expanded, regardless of whether the variable
-                                exists or not.
-                                Defaults to "".
-                              type: string
-                            valueFrom:
-                              description: Source for the environment variable's value.
-                                Cannot be used if value is not empty.
-                              properties:
-                                configMapKeyRef:
-                                  description: Selects a key of a ConfigMap.
-                                  properties:
-                                    key:
-                                      description: The key to select.
-                                      type: string
-                                    name:
-                                      default: ""
-                                      description: |-
-                                        Name of the referent.
-                                        This field is effectively required, but due to backwards compatibility is
-                                        allowed to be empty. Instances of this type with an empty value here are
-                                        almost certainly wrong.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    optional:
-                                      description: Specify whether the ConfigMap or
-                                        its key must be defined
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                fieldRef:
-                                  description: |-
-                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                  properties:
-                                    apiVersion:
-                                      description: Version of the schema the FieldPath
-                                        is written in terms of, defaults to "v1".
-                                      type: string
-                                    fieldPath:
-                                      description: Path of the field to select in
-                                        the specified API version.
-                                      type: string
-                                  required:
-                                  - fieldPath
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                resourceFieldRef:
-                                  description: |-
-                                    Selects a resource of the container: only resources limits and requests
-                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                  properties:
-                                    containerName:
-                                      description: 'Container name: required for volumes,
-                                        optional for env vars'
-                                      type: string
-                                    divisor:
-                                      anyOf:
-                                      - type: integer
-                                      - type: string
-                                      description: Specifies the output format of
-                                        the exposed resources, defaults to "1"
-                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                      x-kubernetes-int-or-string: true
-                                    resource:
-                                      description: 'Required: resource to select'
-                                      type: string
-                                  required:
-                                  - resource
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                secretKeyRef:
-                                  description: Selects a key of a secret in the pod's
-                                    namespace
-                                  properties:
-                                    key:
-                                      description: The key of the secret to select
-                                        from.  Must be a valid secret key.
-                                      type: string
-                                    name:
-                                      default: ""
-                                      description: |-
-                                        Name of the referent.
-                                        This field is effectively required, but due to backwards compatibility is
-                                        allowed to be empty. Instances of this type with an empty value here are
-                                        almost certainly wrong.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    optional:
-                                      description: Specify whether the Secret or its
-                                        key must be defined
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        type: array
-                      extraVolumes:
-                        description: extraVolumes is an extra set of host volumes,
-                          mounted to the control plane component.
-                        items:
-                          description: |-
-                            HostPathMount contains elements describing volumes that are mounted from the
-                            host.
-                          properties:
-                            hostPath:
-                              description: |-
-                                hostPath is the path in the host that will be mounted inside
-                                the pod.
-                              type: string
-                            mountPath:
-                              description: mountPath is the path inside the pod where
-                                hostPath will be mounted.
-                              type: string
-                            name:
-                              description: name of the volume inside the pod template.
-                              type: string
-                            pathType:
-                              description: pathType is the type of the HostPath.
-                              type: string
-                            readOnly:
-                              description: readOnly controls write access to the volume
-                              type: boolean
-                          required:
-                          - hostPath
-                          - mountPath
-                          - name
-                          type: object
-                        type: array
-                      timeoutForControlPlane:
-                        description: timeoutForControlPlane controls the timeout that
-                          we use for API server to appear
-                        type: string
-                    type: object
-                  apiVersion:
-                    description: |-
-                      APIVersion defines the versioned schema of this representation of an object.
-                      Servers should convert recognized schemas to the latest internal value, and
-                      may reject unrecognized values.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                    type: string
-                  certificatesDir:
-                    description: |-
-                      certificatesDir specifies where to store or look for all required certificates.
-                      NB: if not provided, this will default to `/etc/kubernetes/pki`
-                    type: string
-                  clusterName:
-                    description: The cluster name
-                    type: string
-                  controlPlaneEndpoint:
-                    description: |-
-                      controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                      can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                      In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                      are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                      the BindPort is used.
-                      Possible usages are:
-                      e.g. In a cluster with more than one control plane instances, this field should be
-                      assigned the address of the external load balancer in front of the
-                      control plane instances.
-                      e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                      could be used for assigning a stable DNS to the control plane.
-                      NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                    type: string
-                  controllerManager:
-                    description: controllerManager contains extra settings for the
-                      controller manager control plane component
-                    properties:
-                      extraArgs:
-                        additionalProperties:
-                          type: string
-                        description: extraArgs is an extra set of flags to pass to
-                          the control plane component.
-                        type: object
-                      extraEnvs:
-                        description: |-
-                          extraEnvs is an extra set of environment variables to pass to the control plane component.
-                          Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                          This option takes effect only on Kubernetes >=1.31.0.
-                        items:
-                          description: EnvVar represents an environment variable present
-                            in a Container.
-                          properties:
-                            name:
-                              description: Name of the environment variable. Must
-                                be a C_IDENTIFIER.
-                              type: string
-                            value:
-                              description: |-
-                                Variable references $(VAR_NAME) are expanded
-                                using the previously defined environment variables in the container and
-                                any service environment variables. If a variable cannot be resolved,
-                                the reference in the input string will be unchanged. Double $ are reduced
-                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                Escaped references will never be expanded, regardless of whether the variable
-                                exists or not.
-                                Defaults to "".
-                              type: string
-                            valueFrom:
-                              description: Source for the environment variable's value.
-                                Cannot be used if value is not empty.
-                              properties:
-                                configMapKeyRef:
-                                  description: Selects a key of a ConfigMap.
-                                  properties:
-                                    key:
-                                      description: The key to select.
-                                      type: string
-                                    name:
-                                      default: ""
-                                      description: |-
-                                        Name of the referent.
-                                        This field is effectively required, but due to backwards compatibility is
-                                        allowed to be empty. Instances of this type with an empty value here are
-                                        almost certainly wrong.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    optional:
-                                      description: Specify whether the ConfigMap or
-                                        its key must be defined
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                fieldRef:
-                                  description: |-
-                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                  properties:
-                                    apiVersion:
-                                      description: Version of the schema the FieldPath
-                                        is written in terms of, defaults to "v1".
-                                      type: string
-                                    fieldPath:
-                                      description: Path of the field to select in
-                                        the specified API version.
-                                      type: string
-                                  required:
-                                  - fieldPath
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                resourceFieldRef:
-                                  description: |-
-                                    Selects a resource of the container: only resources limits and requests
-                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                  properties:
-                                    containerName:
-                                      description: 'Container name: required for volumes,
-                                        optional for env vars'
-                                      type: string
-                                    divisor:
-                                      anyOf:
-                                      - type: integer
-                                      - type: string
-                                      description: Specifies the output format of
-                                        the exposed resources, defaults to "1"
-                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                      x-kubernetes-int-or-string: true
-                                    resource:
-                                      description: 'Required: resource to select'
-                                      type: string
-                                  required:
-                                  - resource
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                secretKeyRef:
-                                  description: Selects a key of a secret in the pod's
-                                    namespace
-                                  properties:
-                                    key:
-                                      description: The key of the secret to select
-                                        from.  Must be a valid secret key.
-                                      type: string
-                                    name:
-                                      default: ""
-                                      description: |-
-                                        Name of the referent.
-                                        This field is effectively required, but due to backwards compatibility is
-                                        allowed to be empty. Instances of this type with an empty value here are
-                                        almost certainly wrong.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    optional:
-                                      description: Specify whether the Secret or its
-                                        key must be defined
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        type: array
-                      extraVolumes:
-                        description: extraVolumes is an extra set of host volumes,
-                          mounted to the control plane component.
-                        items:
-                          description: |-
-                            HostPathMount contains elements describing volumes that are mounted from the
-                            host.
-                          properties:
-                            hostPath:
-                              description: |-
-                                hostPath is the path in the host that will be mounted inside
-                                the pod.
-                              type: string
-                            mountPath:
-                              description: mountPath is the path inside the pod where
-                                hostPath will be mounted.
-                              type: string
-                            name:
-                              description: name of the volume inside the pod template.
-                              type: string
-                            pathType:
-                              description: pathType is the type of the HostPath.
-                              type: string
-                            readOnly:
-                              description: readOnly controls write access to the volume
-                              type: boolean
-                          required:
-                          - hostPath
-                          - mountPath
-                          - name
-                          type: object
-                        type: array
-                    type: object
-                  dns:
-                    description: dns defines the options for the DNS add-on installed
-                      in the cluster.
-                    properties:
-                      imageRepository:
-                        description: |-
-                          imageRepository sets the container registry to pull images from.
-                          if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                        type: string
-                      imageTag:
-                        description: |-
-                          imageTag allows to specify a tag for the image.
-                          In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                        type: string
-                    type: object
-                  etcd:
-                    description: |-
-                      etcd holds configuration for etcd.
-                      NB: This value defaults to a Local (stacked) etcd
-                    properties:
-                      external:
-                        description: |-
-                          external describes how to connect to an external etcd cluster
-                          Local and External are mutually exclusive
-                        properties:
-                          caFile:
-                            description: |-
-                              caFile is an SSL Certificate Authority file used to secure etcd communication.
-                              Required if using a TLS connection.
-                            type: string
-                          certFile:
-                            description: |-
-                              certFile is an SSL certification file used to secure etcd communication.
-                              Required if using a TLS connection.
-                            type: string
-                          endpoints:
-                            description: endpoints of etcd members. Required for ExternalEtcd.
-                            items:
-                              type: string
-                            type: array
-                          keyFile:
-                            description: |-
-                              keyFile is an SSL key file used to secure etcd communication.
-                              Required if using a TLS connection.
-                            type: string
-                        required:
-                        - caFile
-                        - certFile
-                        - endpoints
-                        - keyFile
-                        type: object
-                      local:
-                        description: |-
-                          local provides configuration knobs for configuring the local etcd instance
-                          Local and External are mutually exclusive
-                        properties:
-                          dataDir:
-                            description: |-
-                              dataDir is the directory etcd will place its data.
-                              Defaults to "/var/lib/etcd".
-                            type: string
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              extraArgs are extra arguments provided to the etcd binary
-                              when run inside a static pod.
-                            type: object
-                          extraEnvs:
-                            description: |-
-                              extraEnvs is an extra set of environment variables to pass to the control plane component.
-                              Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                              This option takes effect only on Kubernetes >=1.31.0.
-                            items:
-                              description: EnvVar represents an environment variable
-                                present in a Container.
-                              properties:
-                                name:
-                                  description: Name of the environment variable. Must
-                                    be a C_IDENTIFIER.
-                                  type: string
-                                value:
-                                  description: |-
-                                    Variable references $(VAR_NAME) are expanded
-                                    using the previously defined environment variables in the container and
-                                    any service environment variables. If a variable cannot be resolved,
-                                    the reference in the input string will be unchanged. Double $ are reduced
-                                    to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                    "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                    Escaped references will never be expanded, regardless of whether the variable
-                                    exists or not.
-                                    Defaults to "".
-                                  type: string
-                                valueFrom:
-                                  description: Source for the environment variable's
-                                    value. Cannot be used if value is not empty.
-                                  properties:
-                                    configMapKeyRef:
-                                      description: Selects a key of a ConfigMap.
-                                      properties:
-                                        key:
-                                          description: The key to select.
-                                          type: string
-                                        name:
-                                          default: ""
-                                          description: |-
-                                            Name of the referent.
-                                            This field is effectively required, but due to backwards compatibility is
-                                            allowed to be empty. Instances of this type with an empty value here are
-                                            almost certainly wrong.
-                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                          type: string
-                                        optional:
-                                          description: Specify whether the ConfigMap
-                                            or its key must be defined
-                                          type: boolean
-                                      required:
-                                      - key
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    fieldRef:
-                                      description: |-
-                                        Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                        spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                      properties:
-                                        apiVersion:
-                                          description: Version of the schema the FieldPath
-                                            is written in terms of, defaults to "v1".
-                                          type: string
-                                        fieldPath:
-                                          description: Path of the field to select
-                                            in the specified API version.
-                                          type: string
-                                      required:
-                                      - fieldPath
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    resourceFieldRef:
-                                      description: |-
-                                        Selects a resource of the container: only resources limits and requests
-                                        (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                      properties:
-                                        containerName:
-                                          description: 'Container name: required for
-                                            volumes, optional for env vars'
-                                          type: string
-                                        divisor:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Specifies the output format
-                                            of the exposed resources, defaults to
-                                            "1"
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        resource:
-                                          description: 'Required: resource to select'
-                                          type: string
-                                      required:
-                                      - resource
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    secretKeyRef:
-                                      description: Selects a key of a secret in the
-                                        pod's namespace
-                                      properties:
-                                        key:
-                                          description: The key of the secret to select
-                                            from.  Must be a valid secret key.
-                                          type: string
-                                        name:
-                                          default: ""
-                                          description: |-
-                                            Name of the referent.
-                                            This field is effectively required, but due to backwards compatibility is
-                                            allowed to be empty. Instances of this type with an empty value here are
-                                            almost certainly wrong.
-                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                          type: string
-                                        optional:
-                                          description: Specify whether the Secret
-                                            or its key must be defined
-                                          type: boolean
-                                      required:
-                                      - key
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                  type: object
-                              required:
-                              - name
-                              type: object
-                            type: array
-                          imageRepository:
-                            description: |-
-                              imageRepository sets the container registry to pull images from.
-                              if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                            type: string
-                          imageTag:
-                            description: |-
-                              imageTag allows to specify a tag for the image.
-                              In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                            type: string
-                          peerCertSANs:
-                            description: peerCertSANs sets extra Subject Alternative
-                              Names for the etcd peer signing cert.
-                            items:
-                              type: string
-                            type: array
-                          serverCertSANs:
-                            description: serverCertSANs sets extra Subject Alternative
-                              Names for the etcd server signing cert.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                    type: object
-                  featureGates:
-                    additionalProperties:
-                      type: boolean
-                    description: featureGates enabled by the user.
-                    type: object
-                  imageRepository:
-                    description: |-
-                      imageRepository sets the container registry to pull images from.
-                      * If not set, the default registry of kubeadm will be used, i.e.
-                        * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
-                        * k8s.gcr.io (old registry): all older versions
-                        Please note that when imageRepository is not set we don't allow upgrades to
-                        versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
-                        a newer patch version with the new registry instead (i.e. >= v1.22.17,
-                        >= v1.23.15, >= v1.24.9, >= v1.25.0).
-                      * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                       `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
-                        and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind is a string value representing the REST resource this object represents.
-                      Servers may infer this from the endpoint the client submits requests to.
-                      Cannot be updated.
-                      In CamelCase.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  kubernetesVersion:
-                    description: |-
-                      kubernetesVersion is the target version of the control plane.
-                      NB: This value defaults to the Machine object spec.version
-                    type: string
-                  networking:
-                    description: |-
-                      networking holds configuration for the networking topology of the cluster.
-                      NB: This value defaults to the Cluster object spec.clusterNetwork.
-                    properties:
-                      dnsDomain:
-                        description: dnsDomain is the dns domain used by k8s services.
-                          Defaults to "cluster.local".
-                        type: string
-                      podSubnet:
-                        description: |-
-                          podSubnet is the subnet used by pods.
-                          If unset, the API server will not allocate CIDR ranges for every node.
-                          Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                        type: string
-                      serviceSubnet:
-                        description: |-
-                          serviceSubnet is the subnet used by k8s services.
-                          Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                          to "10.96.0.0/12" if that's unset.
-                        type: string
-                    type: object
-                  scheduler:
-                    description: scheduler contains extra settings for the scheduler
-                      control plane component
-                    properties:
-                      extraArgs:
-                        additionalProperties:
-                          type: string
-                        description: extraArgs is an extra set of flags to pass to
-                          the control plane component.
-                        type: object
-                      extraEnvs:
-                        description: |-
-                          extraEnvs is an extra set of environment variables to pass to the control plane component.
-                          Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                          This option takes effect only on Kubernetes >=1.31.0.
-                        items:
-                          description: EnvVar represents an environment variable present
-                            in a Container.
-                          properties:
-                            name:
-                              description: Name of the environment variable. Must
-                                be a C_IDENTIFIER.
-                              type: string
-                            value:
-                              description: |-
-                                Variable references $(VAR_NAME) are expanded
-                                using the previously defined environment variables in the container and
-                                any service environment variables. If a variable cannot be resolved,
-                                the reference in the input string will be unchanged. Double $ are reduced
-                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                Escaped references will never be expanded, regardless of whether the variable
-                                exists or not.
-                                Defaults to "".
-                              type: string
-                            valueFrom:
-                              description: Source for the environment variable's value.
-                                Cannot be used if value is not empty.
-                              properties:
-                                configMapKeyRef:
-                                  description: Selects a key of a ConfigMap.
-                                  properties:
-                                    key:
-                                      description: The key to select.
-                                      type: string
-                                    name:
-                                      default: ""
-                                      description: |-
-                                        Name of the referent.
-                                        This field is effectively required, but due to backwards compatibility is
-                                        allowed to be empty. Instances of this type with an empty value here are
-                                        almost certainly wrong.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    optional:
-                                      description: Specify whether the ConfigMap or
-                                        its key must be defined
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                fieldRef:
-                                  description: |-
-                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                  properties:
-                                    apiVersion:
-                                      description: Version of the schema the FieldPath
-                                        is written in terms of, defaults to "v1".
-                                      type: string
-                                    fieldPath:
-                                      description: Path of the field to select in
-                                        the specified API version.
-                                      type: string
-                                  required:
-                                  - fieldPath
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                resourceFieldRef:
-                                  description: |-
-                                    Selects a resource of the container: only resources limits and requests
-                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                  properties:
-                                    containerName:
-                                      description: 'Container name: required for volumes,
-                                        optional for env vars'
-                                      type: string
-                                    divisor:
-                                      anyOf:
-                                      - type: integer
-                                      - type: string
-                                      description: Specifies the output format of
-                                        the exposed resources, defaults to "1"
-                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                      x-kubernetes-int-or-string: true
-                                    resource:
-                                      description: 'Required: resource to select'
-                                      type: string
-                                  required:
-                                  - resource
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                                secretKeyRef:
-                                  description: Selects a key of a secret in the pod's
-                                    namespace
-                                  properties:
-                                    key:
-                                      description: The key of the secret to select
-                                        from.  Must be a valid secret key.
-                                      type: string
-                                    name:
-                                      default: ""
-                                      description: |-
-                                        Name of the referent.
-                                        This field is effectively required, but due to backwards compatibility is
-                                        allowed to be empty. Instances of this type with an empty value here are
-                                        almost certainly wrong.
-                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                      type: string
-                                    optional:
-                                      description: Specify whether the Secret or its
-                                        key must be defined
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                  x-kubernetes-map-type: atomic
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        type: array
-                      extraVolumes:
-                        description: extraVolumes is an extra set of host volumes,
-                          mounted to the control plane component.
-                        items:
-                          description: |-
-                            HostPathMount contains elements describing volumes that are mounted from the
-                            host.
-                          properties:
-                            hostPath:
-                              description: |-
-                                hostPath is the path in the host that will be mounted inside
-                                the pod.
-                              type: string
-                            mountPath:
-                              description: mountPath is the path inside the pod where
-                                hostPath will be mounted.
-                              type: string
-                            name:
-                              description: name of the volume inside the pod template.
-                              type: string
-                            pathType:
-                              description: pathType is the type of the HostPath.
-                              type: string
-                            readOnly:
-                              description: readOnly controls write access to the volume
-                              type: boolean
-                          required:
-                          - hostPath
-                          - mountPath
-                          - name
-                          type: object
-                        type: array
-                    type: object
-                type: object
-              diskSetup:
-                description: diskSetup specifies options for the creation of partition
-                  tables and file systems on devices.
-                properties:
-                  filesystems:
-                    description: filesystems specifies the list of file systems to
-                      setup.
-                    items:
-                      description: Filesystem defines the file systems to be created.
-                      properties:
-                        device:
-                          description: device specifies the device name
-                          type: string
-                        extraOpts:
-                          description: extraOpts defined extra options to add to the
-                            command for creating the file system.
-                          items:
-                            type: string
-                          type: array
-                        filesystem:
-                          description: filesystem specifies the file system type.
-                          type: string
-                        label:
-                          description: label specifies the file system label to be
-                            used. If set to None, no label is used.
-                          type: string
-                        overwrite:
-                          description: |-
-                            overwrite defines whether or not to overwrite any existing filesystem.
-                            If true, any pre-existing file system will be destroyed. Use with Caution.
-                          type: boolean
-                        partition:
-                          description: 'partition specifies the partition to use.
-                            The valid options are: "auto|any", "auto", "any", "none",
-                            and <NUM>, where NUM is the actual partition number.'
-                          type: string
-                        replaceFS:
-                          description: |-
-                            replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                            NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                          type: string
-                      required:
-                      - device
-                      - filesystem
-                      - label
-                      type: object
-                    type: array
-                  partitions:
-                    description: partitions specifies the list of the partitions to
-                      setup.
-                    items:
-                      description: Partition defines how to create and layout a partition.
-                      properties:
-                        device:
-                          description: device is the name of the device.
-                          type: string
-                        layout:
-                          description: |-
-                            layout specifies the device layout.
-                            If it is true, a single partition will be created for the entire device.
-                            When layout is false, it means don't partition or ignore existing partitioning.
-                          type: boolean
-                        overwrite:
-                          description: |-
-                            overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                            Use with caution. Default is 'false'.
-                          type: boolean
-                        tableType:
-                          description: |-
-                            tableType specifies the tupe of partition table. The following are supported:
-                            'mbr': default and setups a MS-DOS partition table
-                            'gpt': setups a GPT partition table
-                          type: string
-                      required:
-                      - device
-                      - layout
-                      type: object
-                    type: array
-                type: object
-              files:
-                description: files specifies extra files to be passed to user_data
-                  upon creation.
-                items:
-                  description: File defines the input for generating write_files in
-                    cloud-init.
-                  properties:
-                    append:
-                      description: append specifies whether to append Content to existing
-                        file if Path exists.
-                      type: boolean
-                    content:
-                      description: content is the actual content of the file.
-                      type: string
-                    contentFrom:
-                      description: contentFrom is a referenced source of content to
-                        populate the file.
-                      properties:
-                        secret:
-                          description: secret represents a secret that should populate
-                            this file.
-                          properties:
-                            key:
-                              description: key is the key in the secret's data map
-                                for this value.
-                              type: string
-                            name:
-                              description: name of the secret in the KubeadmBootstrapConfig's
-                                namespace to use.
-                              type: string
-                          required:
-                          - key
-                          - name
-                          type: object
-                      required:
-                      - secret
-                      type: object
-                    encoding:
-                      description: encoding specifies the encoding of the file contents.
-                      enum:
-                      - base64
-                      - gzip
-                      - gzip+base64
-                      type: string
-                    owner:
-                      description: owner specifies the ownership of the file, e.g.
-                        "root:root".
-                      type: string
-                    path:
-                      description: path specifies the full path on disk where to store
-                        the file.
-                      type: string
-                    permissions:
-                      description: permissions specifies the permissions to assign
-                        to the file, e.g. "0640".
-                      type: string
-                  required:
-                  - path
-                  type: object
-                type: array
-              format:
-                description: format specifies the output format of the bootstrap data
-                enum:
-                - cloud-config
-                - ignition
-                type: string
-              ignition:
-                description: ignition contains Ignition specific configuration.
-                properties:
-                  containerLinuxConfig:
-                    description: containerLinuxConfig contains CLC specific configuration.
-                    properties:
-                      additionalConfig:
-                        description: |-
-                          additionalConfig contains additional configuration to be merged with the Ignition
-                          configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
-
-                          The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
-                        type: string
-                      strict:
-                        description: strict controls if AdditionalConfig should be
-                          strictly parsed. If so, warnings are treated as errors.
-                        type: boolean
-                    type: object
-                type: object
-              initConfiguration:
-                description: initConfiguration along with ClusterConfiguration are
-                  the configurations necessary for the init command
-                properties:
-                  apiVersion:
-                    description: |-
-                      APIVersion defines the versioned schema of this representation of an object.
-                      Servers should convert recognized schemas to the latest internal value, and
-                      may reject unrecognized values.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                    type: string
-                  bootstrapTokens:
-                    description: |-
-                      bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                      This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                    items:
-                      description: BootstrapToken describes one bootstrap token, stored
-                        as a Secret in the cluster.
-                      properties:
-                        description:
-                          description: |-
-                            description sets a human-friendly message why this token exists and what it's used
-                            for, so other administrators can know its purpose.
-                          type: string
-                        expires:
-                          description: |-
-                            expires specifies the timestamp when this token expires. Defaults to being set
-                            dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                          format: date-time
-                          type: string
-                        groups:
-                          description: |-
-                            groups specifies the extra groups that this token will authenticate as when/if
-                            used for authentication
-                          items:
-                            type: string
-                          type: array
-                        token:
-                          description: |-
-                            token is used for establishing bidirectional trust between nodes and control-planes.
-                            Used for joining nodes in the cluster.
-                          type: string
-                        ttl:
-                          description: |-
-                            ttl defines the time to live for this token. Defaults to 24h.
-                            Expires and TTL are mutually exclusive.
-                          type: string
-                        usages:
-                          description: |-
-                            usages describes the ways in which this token can be used. Can by default be used
-                            for establishing bidirectional trust, but that can be changed here.
-                          items:
-                            type: string
-                          type: array
-                      required:
-                      - token
-                      type: object
-                    type: array
-                  kind:
-                    description: |-
-                      Kind is a string value representing the REST resource this object represents.
-                      Servers may infer this from the endpoint the client submits requests to.
-                      Cannot be updated.
-                      In CamelCase.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  localAPIEndpoint:
-                    description: |-
-                      localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                      In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                      is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                      configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                      on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                      fails you may set the desired value here.
-                    properties:
-                      advertiseAddress:
-                        description: advertiseAddress sets the IP address for the
-                          API server to advertise.
-                        type: string
-                      bindPort:
-                        description: |-
-                          bindPort sets the secure port for the API Server to bind to.
-                          Defaults to 6443.
-                        format: int32
-                        type: integer
-                    type: object
-                  nodeRegistration:
-                    description: |-
-                      nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                      When used in the context of control plane nodes, NodeRegistration should remain consistent
-                      across both InitConfiguration and JoinConfiguration
-                    properties:
-                      criSocket:
-                        description: criSocket is used to retrieve container runtime
-                          info. This information will be annotated to the Node API
-                          object, for later re-use
-                        type: string
-                      ignorePreflightErrors:
-                        description: ignorePreflightErrors provides a slice of pre-flight
-                          errors to be ignored when the current node is registered.
-                        items:
-                          type: string
-                        type: array
-                      imagePullPolicy:
-                        description: |-
-                          imagePullPolicy specifies the policy for image pulling
-                          during kubeadm "init" and "join" operations. The value of
-                          this field must be one of "Always", "IfNotPresent" or
-                          "Never". Defaults to "IfNotPresent". This can be used only
-                          with Kubernetes version equal to 1.22 and later.
-                        enum:
-                        - Always
-                        - IfNotPresent
-                        - Never
-                        type: string
-                      imagePullSerial:
-                        description: |-
-                          imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
-                          This option takes effect only on Kubernetes >=1.31.0.
-                          Default: true (defaulted in kubeadm)
-                        type: boolean
-                      kubeletExtraArgs:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                          kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                          Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                        type: object
-                      name:
-                        description: |-
-                          name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                          This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                          Defaults to the hostname of the node if not provided.
-                        type: string
-                      taints:
-                        description: |-
-                          taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                          it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                          empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
-                        items:
-                          description: |-
-                            The node this Taint is attached to has the "effect" on
-                            any pod that does not tolerate the Taint.
-                          properties:
-                            effect:
-                              description: |-
-                                Required. The effect of the taint on pods
-                                that do not tolerate the taint.
-                                Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                              type: string
-                            key:
-                              description: Required. The taint key to be applied to
-                                a node.
-                              type: string
-                            timeAdded:
-                              description: |-
-                                TimeAdded represents the time at which the taint was added.
-                                It is only written for NoExecute taints.
-                              format: date-time
-                              type: string
-                            value:
-                              description: The taint value corresponding to the taint
-                                key.
-                              type: string
-                          required:
-                          - effect
-                          - key
-                          type: object
-                        type: array
-                    type: object
-                  patches:
-                    description: |-
-                      patches contains options related to applying patches to components deployed by kubeadm during
-                      "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
-                    properties:
-                      directory:
-                        description: |-
-                          directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
-                          For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
-                          "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
-                          of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
-                          The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
-                          "suffix" is an optional string that can be used to determine which patches are applied
-                          first alpha-numerically.
-                          These files can be written into the target directory via KubeadmConfig.Files which
-                          specifies additional files to be created on the machine, either with content inline or
-                          by referencing a secret.
-                        type: string
-                    type: object
-                  skipPhases:
-                    description: |-
-                      skipPhases is a list of phases to skip during command execution.
-                      The list of phases can be obtained with the "kubeadm init --help" command.
-                      This option takes effect only on Kubernetes >=1.22.0.
-                    items:
-                      type: string
-                    type: array
-                type: object
-              joinConfiguration:
-                description: joinConfiguration is the kubeadm configuration for the
-                  join command
-                properties:
-                  apiVersion:
-                    description: |-
-                      APIVersion defines the versioned schema of this representation of an object.
-                      Servers should convert recognized schemas to the latest internal value, and
-                      may reject unrecognized values.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                    type: string
-                  caCertPath:
-                    description: |-
-                      caCertPath is the path to the SSL certificate authority used to
-                      secure comunications between node and control-plane.
-                      Defaults to "/etc/kubernetes/pki/ca.crt".
-                    type: string
-                  controlPlane:
-                    description: |-
-                      controlPlane defines the additional control plane instance to be deployed on the joining node.
-                      If nil, no additional control plane instance will be deployed.
-                    properties:
-                      localAPIEndpoint:
-                        description: localAPIEndpoint represents the endpoint of the
-                          API server instance to be deployed on this node.
-                        properties:
-                          advertiseAddress:
-                            description: advertiseAddress sets the IP address for
-                              the API server to advertise.
-                            type: string
-                          bindPort:
-                            description: |-
-                              bindPort sets the secure port for the API Server to bind to.
-                              Defaults to 6443.
-                            format: int32
-                            type: integer
-                        type: object
-                    type: object
-                  discovery:
-                    description: discovery specifies the options for the kubelet to
-                      use during the TLS Bootstrap process
-                    properties:
-                      bootstrapToken:
-                        description: |-
-                          bootstrapToken is used to set the options for bootstrap token based discovery
-                          BootstrapToken and File are mutually exclusive
-                        properties:
-                          apiServerEndpoint:
-                            description: apiServerEndpoint is an IP or domain name
-                              to the API server from which info will be fetched.
-                            type: string
-                          caCertHashes:
-                            description: |-
-                              caCertHashes specifies a set of public key pins to verify
-                              when token-based discovery is used. The root CA found during discovery
-                              must match one of these values. Specifying an empty set disables root CA
-                              pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                              where the only currently supported type is "sha256". This is a hex-encoded
-                              SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                              ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                              openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                            items:
-                              type: string
-                            type: array
-                          token:
-                            description: |-
-                              token is a token used to validate cluster information
-                              fetched from the control-plane.
-                            type: string
-                          unsafeSkipCAVerification:
-                            description: |-
-                              unsafeSkipCAVerification allows token-based discovery
-                              without CA verification via CACertHashes. This can weaken
-                              the security of kubeadm since other nodes can impersonate the control-plane.
-                            type: boolean
-                        required:
-                        - token
-                        type: object
-                      file:
-                        description: |-
-                          file is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                          BootstrapToken and File are mutually exclusive
-                        properties:
-                          kubeConfig:
-                            description: |-
-                              kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
-                              The file is generated at the path specified in KubeConfigPath.
-
-                              Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
-                              Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
-                            properties:
-                              cluster:
-                                description: |-
-                                  cluster contains information about how to communicate with the kubernetes cluster.
-
-                                  By default the following fields are automatically populated:
-                                  - Server with the Cluster's ControlPlaneEndpoint.
-                                  - CertificateAuthorityData with the Cluster's CA certificate.
-                                properties:
-                                  certificateAuthorityData:
-                                    description: |-
-                                      certificateAuthorityData contains PEM-encoded certificate authority certificates.
-
-                                      Defaults to the Cluster's CA certificate if empty.
-                                    format: byte
-                                    type: string
-                                  insecureSkipTLSVerify:
-                                    description: insecureSkipTLSVerify skips the validity
-                                      check for the server's certificate. This will
-                                      make your HTTPS connections insecure.
-                                    type: boolean
-                                  proxyURL:
-                                    description: |-
-                                      proxyURL is the URL to the proxy to be used for all requests made by this
-                                      client. URLs with "http", "https", and "socks5" schemes are supported.  If
-                                      this configuration is not provided or the empty string, the client
-                                      attempts to construct a proxy configuration from http_proxy and
-                                      https_proxy environment variables. If these environment variables are not
-                                      set, the client does not attempt to proxy requests.
-
-                                      socks5 proxying does not currently support spdy streaming endpoints (exec,
-                                      attach, port forward).
-                                    type: string
-                                  server:
-                                    description: |-
-                                      server is the address of the kubernetes cluster (https://hostname:port).
-
-                                      Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
-                                    type: string
-                                  tlsServerName:
-                                    description: tlsServerName is used to check server
-                                      certificate. If TLSServerName is empty, the
-                                      hostname used to contact the server is used.
-                                    type: string
-                                type: object
-                              user:
-                                description: |-
-                                  user contains information that describes identity information.
-                                  This is used to tell the kubernetes cluster who you are.
-                                properties:
-                                  authProvider:
-                                    description: authProvider specifies a custom authentication
-                                      plugin for the kubernetes cluster.
-                                    properties:
-                                      config:
-                                        additionalProperties:
-                                          type: string
-                                        description: config holds the parameters for
-                                          the authentication plugin.
-                                        type: object
-                                      name:
-                                        description: name is the name of the authentication
-                                          plugin.
-                                        type: string
-                                    required:
-                                    - name
-                                    type: object
-                                  exec:
-                                    description: exec specifies a custom exec-based
-                                      authentication plugin for the kubernetes cluster.
-                                    properties:
-                                      apiVersion:
-                                        description: |-
-                                          Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
-                                          the same encoding version as the input.
-                                          Defaults to client.authentication.k8s.io/v1 if not set.
-                                        type: string
-                                      args:
-                                        description: Arguments to pass to the command
-                                          when executing it.
-                                        items:
-                                          type: string
-                                        type: array
-                                      command:
-                                        description: command to execute.
-                                        type: string
-                                      env:
-                                        description: |-
-                                          env defines additional environment variables to expose to the process. These
-                                          are unioned with the host's environment, as well as variables client-go uses
-                                          to pass argument to the plugin.
-                                        items:
-                                          description: |-
-                                            KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
-                                            credential plugin.
-                                          properties:
-                                            name:
-                                              type: string
-                                            value:
-                                              type: string
-                                          required:
-                                          - name
-                                          - value
-                                          type: object
-                                        type: array
-                                      provideClusterInfo:
-                                        description: |-
-                                          provideClusterInfo determines whether or not to provide cluster information,
-                                          which could potentially contain very large CA data, to this exec plugin as a
-                                          part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
-                                          to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
-                                          reading this environment variable.
-                                        type: boolean
-                                    required:
-                                    - command
-                                    type: object
-                                type: object
-                            required:
-                            - user
-                            type: object
-                          kubeConfigPath:
-                            description: kubeConfigPath is used to specify the actual
-                              file path or URL to the kubeconfig file from which to
-                              load cluster information
-                            type: string
-                        required:
-                        - kubeConfigPath
-                        type: object
-                      timeout:
-                        description: timeout modifies the discovery timeout
-                        type: string
-                      tlsBootstrapToken:
-                        description: |-
-                          tlsBootstrapToken is a token used for TLS bootstrapping.
-                          If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                          If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                        type: string
-                    type: object
-                  kind:
-                    description: |-
-                      Kind is a string value representing the REST resource this object represents.
-                      Servers may infer this from the endpoint the client submits requests to.
-                      Cannot be updated.
-                      In CamelCase.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  nodeRegistration:
-                    description: |-
-                      nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                      When used in the context of control plane nodes, NodeRegistration should remain consistent
-                      across both InitConfiguration and JoinConfiguration
-                    properties:
-                      criSocket:
-                        description: criSocket is used to retrieve container runtime
-                          info. This information will be annotated to the Node API
-                          object, for later re-use
-                        type: string
-                      ignorePreflightErrors:
-                        description: ignorePreflightErrors provides a slice of pre-flight
-                          errors to be ignored when the current node is registered.
-                        items:
-                          type: string
-                        type: array
-                      imagePullPolicy:
-                        description: |-
-                          imagePullPolicy specifies the policy for image pulling
-                          during kubeadm "init" and "join" operations. The value of
-                          this field must be one of "Always", "IfNotPresent" or
-                          "Never". Defaults to "IfNotPresent". This can be used only
-                          with Kubernetes version equal to 1.22 and later.
-                        enum:
-                        - Always
-                        - IfNotPresent
-                        - Never
-                        type: string
-                      imagePullSerial:
-                        description: |-
-                          imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
-                          This option takes effect only on Kubernetes >=1.31.0.
-                          Default: true (defaulted in kubeadm)
-                        type: boolean
-                      kubeletExtraArgs:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                          kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                          Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                        type: object
-                      name:
-                        description: |-
-                          name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                          This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                          Defaults to the hostname of the node if not provided.
-                        type: string
-                      taints:
-                        description: |-
-                          taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                          it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                          empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
-                        items:
-                          description: |-
-                            The node this Taint is attached to has the "effect" on
-                            any pod that does not tolerate the Taint.
-                          properties:
-                            effect:
-                              description: |-
-                                Required. The effect of the taint on pods
-                                that do not tolerate the taint.
-                                Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                              type: string
-                            key:
-                              description: Required. The taint key to be applied to
-                                a node.
-                              type: string
-                            timeAdded:
-                              description: |-
-                                TimeAdded represents the time at which the taint was added.
-                                It is only written for NoExecute taints.
-                              format: date-time
-                              type: string
-                            value:
-                              description: The taint value corresponding to the taint
-                                key.
-                              type: string
-                          required:
-                          - effect
-                          - key
-                          type: object
-                        type: array
-                    type: object
-                  patches:
-                    description: |-
-                      patches contains options related to applying patches to components deployed by kubeadm during
-                      "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
-                    properties:
-                      directory:
-                        description: |-
-                          directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
-                          For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
-                          "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
-                          of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
-                          The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
-                          "suffix" is an optional string that can be used to determine which patches are applied
-                          first alpha-numerically.
-                          These files can be written into the target directory via KubeadmConfig.Files which
-                          specifies additional files to be created on the machine, either with content inline or
-                          by referencing a secret.
-                        type: string
-                    type: object
-                  skipPhases:
-                    description: |-
-                      skipPhases is a list of phases to skip during command execution.
-                      The list of phases can be obtained with the "kubeadm init --help" command.
-                      This option takes effect only on Kubernetes >=1.22.0.
-                    items:
-                      type: string
-                    type: array
-                type: object
-              mounts:
-                description: mounts specifies a list of mount points to be setup.
-                items:
-                  description: MountPoints defines input for generated mounts in cloud-init.
-                  items:
-                    type: string
-                  type: array
-                type: array
-              ntp:
-                description: ntp specifies NTP configuration
-                properties:
-                  enabled:
-                    description: enabled specifies whether NTP should be enabled
-                    type: boolean
-                  servers:
-                    description: servers specifies which NTP servers to use
-                    items:
-                      type: string
-                    type: array
-                type: object
-              postKubeadmCommands:
-                description: postKubeadmCommands specifies extra commands to run after
-                  kubeadm runs
-                items:
-                  type: string
-                type: array
-              preKubeadmCommands:
-                description: preKubeadmCommands specifies extra commands to run before
-                  kubeadm runs
-                items:
-                  type: string
-                type: array
-              useExperimentalRetryJoin:
-                description: |-
-                  useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                  script with retries for joins.
-
-                  This is meant to be an experimental temporary workaround on some environments
-                  where joins fail due to timing (and other issues). The long term goal is to add retries to
-                  kubeadm proper and use that functionality.
-
-                  This will add about 40KB to userdata
-
-                  For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-
-                  Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
-                  When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
-                type: boolean
-              users:
-                description: users specifies extra users to add
-                items:
-                  description: User defines the input for a generated user in cloud-init.
-                  properties:
-                    gecos:
-                      description: gecos specifies the gecos to use for the user
-                      type: string
-                    groups:
-                      description: groups specifies the additional groups for the
-                        user
-                      type: string
-                    homeDir:
-                      description: homeDir specifies the home directory to use for
-                        the user
-                      type: string
-                    inactive:
-                      description: inactive specifies whether to mark the user as
-                        inactive
-                      type: boolean
-                    lockPassword:
-                      description: lockPassword specifies if password login should
-                        be disabled
-                      type: boolean
-                    name:
-                      description: name specifies the user name
-                      type: string
-                    passwd:
-                      description: passwd specifies a hashed password for the user
-                      type: string
-                    passwdFrom:
-                      description: passwdFrom is a referenced source of passwd to
-                        populate the passwd.
-                      properties:
-                        secret:
-                          description: secret represents a secret that should populate
-                            this password.
-                          properties:
-                            key:
-                              description: key is the key in the secret's data map
-                                for this value.
-                              type: string
-                            name:
-                              description: name of the secret in the KubeadmBootstrapConfig's
-                                namespace to use.
-                              type: string
-                          required:
-                          - key
-                          - name
-                          type: object
-                      required:
-                      - secret
-                      type: object
-                    primaryGroup:
-                      description: primaryGroup specifies the primary group for the
-                        user
-                      type: string
-                    shell:
-                      description: shell specifies the user's shell
-                      type: string
-                    sshAuthorizedKeys:
-                      description: sshAuthorizedKeys specifies a list of ssh authorized
-                        keys for the user
-                      items:
-                        type: string
-                      type: array
-                    sudo:
-                      description: sudo specifies a sudo role for the user
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              verbosity:
-                description: |-
-                  verbosity is the number for the kubeadm log level verbosity.
-                  It overrides the `--v` flag in kubeadm commands.
-                format: int32
-                type: integer
-            type: object
-          status:
-            description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
-            properties:
-              conditions:
-                description: conditions defines current service state of the KubeadmConfig.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              dataSecretName:
-                description: dataSecretName is the name of the secret that stores
-                  the bootstrap data script.
-                type: string
-              failureMessage:
-                description: |-
-                  failureMessage will be set on non-retryable errors
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason will be set on non-retryable errors
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              ready:
-                description: ready indicates the BootstrapData field is ready to be
-                  consumed
-                type: boolean
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in KubeadmConfig's status with the V1Beta2 version.
-                properties:
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a KubeadmConfig's current state.
-                      Known condition types are Ready, DataSecretAvailable, CertificatesAvailable.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    cluster.x-k8s.io/v1beta1: v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-kubeadm-bootstrap-webhook-service
-          namespace: capi-kubeadm-bootstrap-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: bootstrap.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: KubeadmConfigTemplate
-    listKind: KubeadmConfigTemplateList
-    plural: kubeadmconfigtemplates
-    singular: kubeadmconfigtemplate
-  scope: Namespaced
-  versions:
-  - deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
-            properties:
-              template:
-                description: KubeadmConfigTemplateResource defines the Template structure.
-                properties:
-                  spec:
-                    description: |-
-                      KubeadmConfigSpec defines the desired state of KubeadmConfig.
-                      Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
-                    properties:
-                      clusterConfiguration:
-                        description: clusterConfiguration along with InitConfiguration
-                          are the configurations necessary for the init command
-                        properties:
-                          apiServer:
-                            description: APIServer contains extra settings for the
-                              API server control plane component
-                            properties:
-                              certSANs:
-                                description: CertSANs sets extra Subject Alternative
-                                  Names for the API Server signing cert.
-                                items:
-                                  type: string
-                                type: array
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: ExtraArgs is an extra set of flags to
-                                  pass to the control plane component.
-                                type: object
-                              extraVolumes:
-                                description: ExtraVolumes is an extra set of host
-                                  volumes, mounted to the control plane component.
-                                items:
-                                  description: |-
-                                    HostPathMount contains elements describing volumes that are mounted from the
-                                    host.
-                                  properties:
-                                    hostPath:
-                                      description: |-
-                                        HostPath is the path in the host that will be mounted inside
-                                        the pod.
-                                      type: string
-                                    mountPath:
-                                      description: MountPath is the path inside the
-                                        pod where hostPath will be mounted.
-                                      type: string
-                                    name:
-                                      description: Name of the volume inside the pod
-                                        template.
-                                      type: string
-                                    pathType:
-                                      description: PathType is the type of the HostPath.
-                                      type: string
-                                    readOnly:
-                                      description: ReadOnly controls write access
-                                        to the volume
-                                      type: boolean
-                                  required:
-                                  - hostPath
-                                  - mountPath
-                                  - name
-                                  type: object
-                                type: array
-                              timeoutForControlPlane:
-                                description: TimeoutForControlPlane controls the timeout
-                                  that we use for API server to appear
-                                type: string
-                            type: object
-                          apiVersion:
-                            description: |-
-                              APIVersion defines the versioned schema of this representation of an object.
-                              Servers should convert recognized schemas to the latest internal value, and
-                              may reject unrecognized values.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                            type: string
-                          certificatesDir:
-                            description: |-
-                              CertificatesDir specifies where to store or look for all required certificates.
-                              NB: if not provided, this will default to `/etc/kubernetes/pki`
-                            type: string
-                          clusterName:
-                            description: The cluster name
-                            type: string
-                          controlPlaneEndpoint:
-                            description: |-
-                              ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                              can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                              In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                              are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                              the BindPort is used.
-                              Possible usages are:
-                              e.g. In a cluster with more than one control plane instances, this field should be
-                              assigned the address of the external load balancer in front of the
-                              control plane instances.
-                              e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                              could be used for assigning a stable DNS to the control plane.
-                              NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                            type: string
-                          controllerManager:
-                            description: ControllerManager contains extra settings
-                              for the controller manager control plane component
-                            properties:
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: ExtraArgs is an extra set of flags to
-                                  pass to the control plane component.
-                                type: object
-                              extraVolumes:
-                                description: ExtraVolumes is an extra set of host
-                                  volumes, mounted to the control plane component.
-                                items:
-                                  description: |-
-                                    HostPathMount contains elements describing volumes that are mounted from the
-                                    host.
-                                  properties:
-                                    hostPath:
-                                      description: |-
-                                        HostPath is the path in the host that will be mounted inside
-                                        the pod.
-                                      type: string
-                                    mountPath:
-                                      description: MountPath is the path inside the
-                                        pod where hostPath will be mounted.
-                                      type: string
-                                    name:
-                                      description: Name of the volume inside the pod
-                                        template.
-                                      type: string
-                                    pathType:
-                                      description: PathType is the type of the HostPath.
-                                      type: string
-                                    readOnly:
-                                      description: ReadOnly controls write access
-                                        to the volume
-                                      type: boolean
-                                  required:
-                                  - hostPath
-                                  - mountPath
-                                  - name
-                                  type: object
-                                type: array
-                            type: object
-                          dns:
-                            description: DNS defines the options for the DNS add-on
-                              installed in the cluster.
-                            properties:
-                              imageRepository:
-                                description: |-
-                                  ImageRepository sets the container registry to pull images from.
-                                  if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                type: string
-                              imageTag:
-                                description: |-
-                                  ImageTag allows to specify a tag for the image.
-                                  In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                type: string
-                              type:
-                                description: Type defines the DNS add-on to be used
-                                type: string
-                            type: object
-                          etcd:
-                            description: |-
-                              Etcd holds configuration for etcd.
-                              NB: This value defaults to a Local (stacked) etcd
-                            properties:
-                              external:
-                                description: |-
-                                  External describes how to connect to an external etcd cluster
-                                  Local and External are mutually exclusive
-                                properties:
-                                  caFile:
-                                    description: |-
-                                      CAFile is an SSL Certificate Authority file used to secure etcd communication.
-                                      Required if using a TLS connection.
-                                    type: string
-                                  certFile:
-                                    description: |-
-                                      CertFile is an SSL certification file used to secure etcd communication.
-                                      Required if using a TLS connection.
-                                    type: string
-                                  endpoints:
-                                    description: Endpoints of etcd members. Required
-                                      for ExternalEtcd.
-                                    items:
-                                      type: string
-                                    type: array
-                                  keyFile:
-                                    description: |-
-                                      KeyFile is an SSL key file used to secure etcd communication.
-                                      Required if using a TLS connection.
-                                    type: string
-                                required:
-                                - caFile
-                                - certFile
-                                - endpoints
-                                - keyFile
-                                type: object
-                              local:
-                                description: |-
-                                  Local provides configuration knobs for configuring the local etcd instance
-                                  Local and External are mutually exclusive
-                                properties:
-                                  dataDir:
-                                    description: |-
-                                      DataDir is the directory etcd will place its data.
-                                      Defaults to "/var/lib/etcd".
-                                    type: string
-                                  extraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: |-
-                                      ExtraArgs are extra arguments provided to the etcd binary
-                                      when run inside a static pod.
-                                    type: object
-                                  imageRepository:
-                                    description: |-
-                                      ImageRepository sets the container registry to pull images from.
-                                      if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                    type: string
-                                  imageTag:
-                                    description: |-
-                                      ImageTag allows to specify a tag for the image.
-                                      In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                    type: string
-                                  peerCertSANs:
-                                    description: PeerCertSANs sets extra Subject Alternative
-                                      Names for the etcd peer signing cert.
-                                    items:
-                                      type: string
-                                    type: array
-                                  serverCertSANs:
-                                    description: ServerCertSANs sets extra Subject
-                                      Alternative Names for the etcd server signing
-                                      cert.
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          featureGates:
-                            additionalProperties:
-                              type: boolean
-                            description: FeatureGates enabled by the user.
-                            type: object
-                          imageRepository:
-                            description: |-
-                              ImageRepository sets the container registry to pull images from.
-                              If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                              `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io`
-                              will be used for all the other images.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind is a string value representing the REST resource this object represents.
-                              Servers may infer this from the endpoint the client submits requests to.
-                              Cannot be updated.
-                              In CamelCase.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          kubernetesVersion:
-                            description: |-
-                              KubernetesVersion is the target version of the control plane.
-                              NB: This value defaults to the Machine object spec.version
-                            type: string
-                          networking:
-                            description: |-
-                              Networking holds configuration for the networking topology of the cluster.
-                              NB: This value defaults to the Cluster object spec.clusterNetwork.
-                            properties:
-                              dnsDomain:
-                                description: DNSDomain is the dns domain used by k8s
-                                  services. Defaults to "cluster.local".
-                                type: string
-                              podSubnet:
-                                description: |-
-                                  PodSubnet is the subnet used by pods.
-                                  If unset, the API server will not allocate CIDR ranges for every node.
-                                  Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                                type: string
-                              serviceSubnet:
-                                description: |-
-                                  ServiceSubnet is the subnet used by k8s services.
-                                  Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                                  to "10.96.0.0/12" if that's unset.
-                                type: string
-                            type: object
-                          scheduler:
-                            description: Scheduler contains extra settings for the
-                              scheduler control plane component
-                            properties:
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: ExtraArgs is an extra set of flags to
-                                  pass to the control plane component.
-                                type: object
-                              extraVolumes:
-                                description: ExtraVolumes is an extra set of host
-                                  volumes, mounted to the control plane component.
-                                items:
-                                  description: |-
-                                    HostPathMount contains elements describing volumes that are mounted from the
-                                    host.
-                                  properties:
-                                    hostPath:
-                                      description: |-
-                                        HostPath is the path in the host that will be mounted inside
-                                        the pod.
-                                      type: string
-                                    mountPath:
-                                      description: MountPath is the path inside the
-                                        pod where hostPath will be mounted.
-                                      type: string
-                                    name:
-                                      description: Name of the volume inside the pod
-                                        template.
-                                      type: string
-                                    pathType:
-                                      description: PathType is the type of the HostPath.
-                                      type: string
-                                    readOnly:
-                                      description: ReadOnly controls write access
-                                        to the volume
-                                      type: boolean
-                                  required:
-                                  - hostPath
-                                  - mountPath
-                                  - name
-                                  type: object
-                                type: array
-                            type: object
-                          useHyperKubeImage:
-                            description: UseHyperKubeImage controls if hyperkube should
-                              be used for Kubernetes components instead of their respective
-                              separate images
-                            type: boolean
-                        type: object
-                      diskSetup:
-                        description: diskSetup specifies options for the creation
-                          of partition tables and file systems on devices.
-                        properties:
-                          filesystems:
-                            description: filesystems specifies the list of file systems
-                              to setup.
-                            items:
-                              description: Filesystem defines the file systems to
-                                be created.
-                              properties:
-                                device:
-                                  description: device specifies the device name
-                                  type: string
-                                extraOpts:
-                                  description: extraOpts defined extra options to
-                                    add to the command for creating the file system.
-                                  items:
-                                    type: string
-                                  type: array
-                                filesystem:
-                                  description: filesystem specifies the file system
-                                    type.
-                                  type: string
-                                label:
-                                  description: label specifies the file system label
-                                    to be used. If set to None, no label is used.
-                                  type: string
-                                overwrite:
-                                  description: |-
-                                    overwrite defines whether or not to overwrite any existing filesystem.
-                                    If true, any pre-existing file system will be destroyed. Use with Caution.
-                                  type: boolean
-                                partition:
-                                  description: 'partition specifies the partition
-                                    to use. The valid options are: "auto|any", "auto",
-                                    "any", "none", and <NUM>, where NUM is the actual
-                                    partition number.'
-                                  type: string
-                                replaceFS:
-                                  description: |-
-                                    replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                                    NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                                  type: string
-                              required:
-                              - device
-                              - filesystem
-                              - label
-                              type: object
-                            type: array
-                          partitions:
-                            description: partitions specifies the list of the partitions
-                              to setup.
-                            items:
-                              description: Partition defines how to create and layout
-                                a partition.
-                              properties:
-                                device:
-                                  description: device is the name of the device.
-                                  type: string
-                                layout:
-                                  description: |-
-                                    layout specifies the device layout.
-                                    If it is true, a single partition will be created for the entire device.
-                                    When layout is false, it means don't partition or ignore existing partitioning.
-                                  type: boolean
-                                overwrite:
-                                  description: |-
-                                    overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                                    Use with caution. Default is 'false'.
-                                  type: boolean
-                                tableType:
-                                  description: |-
-                                    tableType specifies the tupe of partition table. The following are supported:
-                                    'mbr': default and setups a MS-DOS partition table
-                                    'gpt': setups a GPT partition table
-                                  type: string
-                              required:
-                              - device
-                              - layout
-                              type: object
-                            type: array
-                        type: object
-                      files:
-                        description: files specifies extra files to be passed to user_data
-                          upon creation.
-                        items:
-                          description: File defines the input for generating write_files
-                            in cloud-init.
-                          properties:
-                            content:
-                              description: content is the actual content of the file.
-                              type: string
-                            contentFrom:
-                              description: contentFrom is a referenced source of content
-                                to populate the file.
-                              properties:
-                                secret:
-                                  description: secret represents a secret that should
-                                    populate this file.
-                                  properties:
-                                    key:
-                                      description: key is the key in the secret's
-                                        data map for this value.
-                                      type: string
-                                    name:
-                                      description: name of the secret in the KubeadmBootstrapConfig's
-                                        namespace to use.
-                                      type: string
-                                  required:
-                                  - key
-                                  - name
-                                  type: object
-                              required:
-                              - secret
-                              type: object
-                            encoding:
-                              description: encoding specifies the encoding of the
-                                file contents.
-                              enum:
-                              - base64
-                              - gzip
-                              - gzip+base64
-                              type: string
-                            owner:
-                              description: owner specifies the ownership of the file,
-                                e.g. "root:root".
-                              type: string
-                            path:
-                              description: path specifies the full path on disk where
-                                to store the file.
-                              type: string
-                            permissions:
-                              description: permissions specifies the permissions to
-                                assign to the file, e.g. "0640".
-                              type: string
-                          required:
-                          - path
-                          type: object
-                        type: array
-                      format:
-                        description: format specifies the output format of the bootstrap
-                          data
-                        enum:
-                        - cloud-config
-                        type: string
-                      initConfiguration:
-                        description: initConfiguration along with ClusterConfiguration
-                          are the configurations necessary for the init command
-                        properties:
-                          apiVersion:
-                            description: |-
-                              APIVersion defines the versioned schema of this representation of an object.
-                              Servers should convert recognized schemas to the latest internal value, and
-                              may reject unrecognized values.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                            type: string
-                          bootstrapTokens:
-                            description: |-
-                              BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                              This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                            items:
-                              description: BootstrapToken describes one bootstrap
-                                token, stored as a Secret in the cluster.
-                              properties:
-                                description:
-                                  description: |-
-                                    Description sets a human-friendly message why this token exists and what it's used
-                                    for, so other administrators can know its purpose.
-                                  type: string
-                                expires:
-                                  description: |-
-                                    Expires specifies the timestamp when this token expires. Defaults to being set
-                                    dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                                  format: date-time
-                                  type: string
-                                groups:
-                                  description: |-
-                                    Groups specifies the extra groups that this token will authenticate as when/if
-                                    used for authentication
-                                  items:
-                                    type: string
-                                  type: array
-                                token:
-                                  description: |-
-                                    Token is used for establishing bidirectional trust between nodes and control-planes.
-                                    Used for joining nodes in the cluster.
-                                  type: string
-                                ttl:
-                                  description: |-
-                                    TTL defines the time to live for this token. Defaults to 24h.
-                                    Expires and TTL are mutually exclusive.
-                                  type: string
-                                usages:
-                                  description: |-
-                                    Usages describes the ways in which this token can be used. Can by default be used
-                                    for establishing bidirectional trust, but that can be changed here.
-                                  items:
-                                    type: string
-                                  type: array
-                              required:
-                              - token
-                              type: object
-                            type: array
-                          kind:
-                            description: |-
-                              Kind is a string value representing the REST resource this object represents.
-                              Servers may infer this from the endpoint the client submits requests to.
-                              Cannot be updated.
-                              In CamelCase.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          localAPIEndpoint:
-                            description: |-
-                              LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                              In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                              is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                              configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                              on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                              fails you may set the desired value here.
-                            properties:
-                              advertiseAddress:
-                                description: AdvertiseAddress sets the IP address
-                                  for the API server to advertise.
-                                type: string
-                              bindPort:
-                                description: |-
-                                  BindPort sets the secure port for the API Server to bind to.
-                                  Defaults to 6443.
-                                format: int32
-                                type: integer
-                            required:
-                            - advertiseAddress
-                            - bindPort
-                            type: object
-                          nodeRegistration:
-                            description: |-
-                              NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                              When used in the context of control plane nodes, NodeRegistration should remain consistent
-                              across both InitConfiguration and JoinConfiguration
-                            properties:
-                              criSocket:
-                                description: CRISocket is used to retrieve container
-                                  runtime info. This information will be annotated
-                                  to the Node API object, for later re-use
-                                type: string
-                              kubeletExtraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                  kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                  Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                type: object
-                              name:
-                                description: |-
-                                  Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                  This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                  Defaults to the hostname of the node if not provided.
-                                type: string
-                              taints:
-                                description: |-
-                                  Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                  it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                  empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                                items:
-                                  description: |-
-                                    The node this Taint is attached to has the "effect" on
-                                    any pod that does not tolerate the Taint.
-                                  properties:
-                                    effect:
-                                      description: |-
-                                        Required. The effect of the taint on pods
-                                        that do not tolerate the taint.
-                                        Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                      type: string
-                                    key:
-                                      description: Required. The taint key to be applied
-                                        to a node.
-                                      type: string
-                                    timeAdded:
-                                      description: |-
-                                        TimeAdded represents the time at which the taint was added.
-                                        It is only written for NoExecute taints.
-                                      format: date-time
-                                      type: string
-                                    value:
-                                      description: The taint value corresponding to
-                                        the taint key.
-                                      type: string
-                                  required:
-                                  - effect
-                                  - key
-                                  type: object
-                                type: array
-                            type: object
-                        type: object
-                      joinConfiguration:
-                        description: joinConfiguration is the kubeadm configuration
-                          for the join command
-                        properties:
-                          apiVersion:
-                            description: |-
-                              APIVersion defines the versioned schema of this representation of an object.
-                              Servers should convert recognized schemas to the latest internal value, and
-                              may reject unrecognized values.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                            type: string
-                          caCertPath:
-                            description: |-
-                              CACertPath is the path to the SSL certificate authority used to
-                              secure comunications between node and control-plane.
-                              Defaults to "/etc/kubernetes/pki/ca.crt".
-                            type: string
-                          controlPlane:
-                            description: |-
-                              ControlPlane defines the additional control plane instance to be deployed on the joining node.
-                              If nil, no additional control plane instance will be deployed.
-                            properties:
-                              localAPIEndpoint:
-                                description: LocalAPIEndpoint represents the endpoint
-                                  of the API server instance to be deployed on this
-                                  node.
-                                properties:
-                                  advertiseAddress:
-                                    description: AdvertiseAddress sets the IP address
-                                      for the API server to advertise.
-                                    type: string
-                                  bindPort:
-                                    description: |-
-                                      BindPort sets the secure port for the API Server to bind to.
-                                      Defaults to 6443.
-                                    format: int32
-                                    type: integer
-                                required:
-                                - advertiseAddress
-                                - bindPort
-                                type: object
-                            type: object
-                          discovery:
-                            description: Discovery specifies the options for the kubelet
-                              to use during the TLS Bootstrap process
-                            properties:
-                              bootstrapToken:
-                                description: |-
-                                  BootstrapToken is used to set the options for bootstrap token based discovery
-                                  BootstrapToken and File are mutually exclusive
-                                properties:
-                                  apiServerEndpoint:
-                                    description: APIServerEndpoint is an IP or domain
-                                      name to the API server from which info will
-                                      be fetched.
-                                    type: string
-                                  caCertHashes:
-                                    description: |-
-                                      CACertHashes specifies a set of public key pins to verify
-                                      when token-based discovery is used. The root CA found during discovery
-                                      must match one of these values. Specifying an empty set disables root CA
-                                      pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                                      where the only currently supported type is "sha256". This is a hex-encoded
-                                      SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                                      ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                                      openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                                    items:
-                                      type: string
-                                    type: array
-                                  token:
-                                    description: |-
-                                      Token is a token used to validate cluster information
-                                      fetched from the control-plane.
-                                    type: string
-                                  unsafeSkipCAVerification:
-                                    description: |-
-                                      UnsafeSkipCAVerification allows token-based discovery
-                                      without CA verification via CACertHashes. This can weaken
-                                      the security of kubeadm since other nodes can impersonate the control-plane.
-                                    type: boolean
-                                required:
-                                - token
-                                - unsafeSkipCAVerification
-                                type: object
-                              file:
-                                description: |-
-                                  File is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                                  BootstrapToken and File are mutually exclusive
-                                properties:
-                                  kubeConfigPath:
-                                    description: KubeConfigPath is used to specify
-                                      the actual file path or URL to the kubeconfig
-                                      file from which to load cluster information
-                                    type: string
-                                required:
-                                - kubeConfigPath
-                                type: object
-                              timeout:
-                                description: Timeout modifies the discovery timeout
-                                type: string
-                              tlsBootstrapToken:
-                                description: |-
-                                  TLSBootstrapToken is a token used for TLS bootstrapping.
-                                  If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                                  If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                                type: string
-                            type: object
-                          kind:
-                            description: |-
-                              Kind is a string value representing the REST resource this object represents.
-                              Servers may infer this from the endpoint the client submits requests to.
-                              Cannot be updated.
-                              In CamelCase.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          nodeRegistration:
-                            description: |-
-                              NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                              When used in the context of control plane nodes, NodeRegistration should remain consistent
-                              across both InitConfiguration and JoinConfiguration
-                            properties:
-                              criSocket:
-                                description: CRISocket is used to retrieve container
-                                  runtime info. This information will be annotated
-                                  to the Node API object, for later re-use
-                                type: string
-                              kubeletExtraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                  kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                  Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                type: object
-                              name:
-                                description: |-
-                                  Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                  This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                  Defaults to the hostname of the node if not provided.
-                                type: string
-                              taints:
-                                description: |-
-                                  Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                  it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                  empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                                items:
-                                  description: |-
-                                    The node this Taint is attached to has the "effect" on
-                                    any pod that does not tolerate the Taint.
-                                  properties:
-                                    effect:
-                                      description: |-
-                                        Required. The effect of the taint on pods
-                                        that do not tolerate the taint.
-                                        Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                      type: string
-                                    key:
-                                      description: Required. The taint key to be applied
-                                        to a node.
-                                      type: string
-                                    timeAdded:
-                                      description: |-
-                                        TimeAdded represents the time at which the taint was added.
-                                        It is only written for NoExecute taints.
-                                      format: date-time
-                                      type: string
-                                    value:
-                                      description: The taint value corresponding to
-                                        the taint key.
-                                      type: string
-                                  required:
-                                  - effect
-                                  - key
-                                  type: object
-                                type: array
-                            type: object
-                        type: object
-                      mounts:
-                        description: mounts specifies a list of mount points to be
-                          setup.
-                        items:
-                          description: MountPoints defines input for generated mounts
-                            in cloud-init.
-                          items:
-                            type: string
-                          type: array
-                        type: array
-                      ntp:
-                        description: ntp specifies NTP configuration
-                        properties:
-                          enabled:
-                            description: enabled specifies whether NTP should be enabled
-                            type: boolean
-                          servers:
-                            description: servers specifies which NTP servers to use
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      postKubeadmCommands:
-                        description: postKubeadmCommands specifies extra commands
-                          to run after kubeadm runs
-                        items:
-                          type: string
-                        type: array
-                      preKubeadmCommands:
-                        description: preKubeadmCommands specifies extra commands to
-                          run before kubeadm runs
-                        items:
-                          type: string
-                        type: array
-                      useExperimentalRetryJoin:
-                        description: |-
-                          useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                          script with retries for joins.
-
-                          This is meant to be an experimental temporary workaround on some environments
-                          where joins fail due to timing (and other issues). The long term goal is to add retries to
-                          kubeadm proper and use that functionality.
-
-                          This will add about 40KB to userdata
-
-                          For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-                        type: boolean
-                      users:
-                        description: users specifies extra users to add
-                        items:
-                          description: User defines the input for a generated user
-                            in cloud-init.
-                          properties:
-                            gecos:
-                              description: gecos specifies the gecos to use for the
-                                user
-                              type: string
-                            groups:
-                              description: groups specifies the additional groups
-                                for the user
-                              type: string
-                            homeDir:
-                              description: homeDir specifies the home directory to
-                                use for the user
-                              type: string
-                            inactive:
-                              description: inactive specifies whether to mark the
-                                user as inactive
-                              type: boolean
-                            lockPassword:
-                              description: lockPassword specifies if password login
-                                should be disabled
-                              type: boolean
-                            name:
-                              description: name specifies the user name
-                              type: string
-                            passwd:
-                              description: passwd specifies a hashed password for
-                                the user
-                              type: string
-                            primaryGroup:
-                              description: primaryGroup specifies the primary group
-                                for the user
-                              type: string
-                            shell:
-                              description: shell specifies the user's shell
-                              type: string
-                            sshAuthorizedKeys:
-                              description: sshAuthorizedKeys specifies a list of ssh
-                                authorized keys for the user
-                              items:
-                                type: string
-                              type: array
-                            sudo:
-                              description: sudo specifies a sudo role for the user
-                              type: string
-                          required:
-                          - name
-                          type: object
-                        type: array
-                      verbosity:
-                        description: |-
-                          verbosity is the number for the kubeadm log level verbosity.
-                          It overrides the `--v` flag in kubeadm commands.
-                        format: int32
-                        type: integer
-                    type: object
-                type: object
-            required:
-            - template
-            type: object
-        type: object
-    served: false
-    storage: false
-  - additionalPrinterColumns:
-    - description: Time duration since creation of KubeadmConfigTemplate
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
-            properties:
-              template:
-                description: KubeadmConfigTemplateResource defines the Template structure.
-                properties:
-                  spec:
-                    description: |-
-                      KubeadmConfigSpec defines the desired state of KubeadmConfig.
-                      Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
-                    properties:
-                      clusterConfiguration:
-                        description: clusterConfiguration along with InitConfiguration
-                          are the configurations necessary for the init command
-                        properties:
-                          apiServer:
-                            description: apiServer contains extra settings for the
-                              API server control plane component
-                            properties:
-                              certSANs:
-                                description: certSANs sets extra Subject Alternative
-                                  Names for the API Server signing cert.
-                                items:
-                                  type: string
-                                type: array
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: extraArgs is an extra set of flags to
-                                  pass to the control plane component.
-                                type: object
-                              extraVolumes:
-                                description: extraVolumes is an extra set of host
-                                  volumes, mounted to the control plane component.
-                                items:
-                                  description: |-
-                                    HostPathMount contains elements describing volumes that are mounted from the
-                                    host.
-                                  properties:
-                                    hostPath:
-                                      description: |-
-                                        hostPath is the path in the host that will be mounted inside
-                                        the pod.
-                                      type: string
-                                    mountPath:
-                                      description: mountPath is the path inside the
-                                        pod where hostPath will be mounted.
-                                      type: string
-                                    name:
-                                      description: name of the volume inside the pod
-                                        template.
-                                      type: string
-                                    pathType:
-                                      description: pathType is the type of the HostPath.
-                                      type: string
-                                    readOnly:
-                                      description: readOnly controls write access
-                                        to the volume
-                                      type: boolean
-                                  required:
-                                  - hostPath
-                                  - mountPath
-                                  - name
-                                  type: object
-                                type: array
-                              timeoutForControlPlane:
-                                description: timeoutForControlPlane controls the timeout
-                                  that we use for API server to appear
-                                type: string
-                            type: object
-                          apiVersion:
-                            description: |-
-                              APIVersion defines the versioned schema of this representation of an object.
-                              Servers should convert recognized schemas to the latest internal value, and
-                              may reject unrecognized values.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                            type: string
-                          certificatesDir:
-                            description: |-
-                              certificatesDir specifies where to store or look for all required certificates.
-                              NB: if not provided, this will default to `/etc/kubernetes/pki`
-                            type: string
-                          clusterName:
-                            description: The cluster name
-                            type: string
-                          controlPlaneEndpoint:
-                            description: |-
-                              controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                              can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                              In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                              are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                              the BindPort is used.
-                              Possible usages are:
-                              e.g. In a cluster with more than one control plane instances, this field should be
-                              assigned the address of the external load balancer in front of the
-                              control plane instances.
-                              e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                              could be used for assigning a stable DNS to the control plane.
-                              NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                            type: string
-                          controllerManager:
-                            description: controllerManager contains extra settings
-                              for the controller manager control plane component
-                            properties:
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: extraArgs is an extra set of flags to
-                                  pass to the control plane component.
-                                type: object
-                              extraVolumes:
-                                description: extraVolumes is an extra set of host
-                                  volumes, mounted to the control plane component.
-                                items:
-                                  description: |-
-                                    HostPathMount contains elements describing volumes that are mounted from the
-                                    host.
-                                  properties:
-                                    hostPath:
-                                      description: |-
-                                        hostPath is the path in the host that will be mounted inside
-                                        the pod.
-                                      type: string
-                                    mountPath:
-                                      description: mountPath is the path inside the
-                                        pod where hostPath will be mounted.
-                                      type: string
-                                    name:
-                                      description: name of the volume inside the pod
-                                        template.
-                                      type: string
-                                    pathType:
-                                      description: pathType is the type of the HostPath.
-                                      type: string
-                                    readOnly:
-                                      description: readOnly controls write access
-                                        to the volume
-                                      type: boolean
-                                  required:
-                                  - hostPath
-                                  - mountPath
-                                  - name
-                                  type: object
-                                type: array
-                            type: object
-                          dns:
-                            description: dns defines the options for the DNS add-on
-                              installed in the cluster.
-                            properties:
-                              imageRepository:
-                                description: |-
-                                  imageRepository sets the container registry to pull images from.
-                                  if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                type: string
-                              imageTag:
-                                description: |-
-                                  imageTag allows to specify a tag for the image.
-                                  In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                type: string
-                            type: object
-                          etcd:
-                            description: |-
-                              etcd holds configuration for etcd.
-                              NB: This value defaults to a Local (stacked) etcd
-                            properties:
-                              external:
-                                description: |-
-                                  external describes how to connect to an external etcd cluster
-                                  Local and External are mutually exclusive
-                                properties:
-                                  caFile:
-                                    description: |-
-                                      caFile is an SSL Certificate Authority file used to secure etcd communication.
-                                      Required if using a TLS connection.
-                                    type: string
-                                  certFile:
-                                    description: |-
-                                      certFile is an SSL certification file used to secure etcd communication.
-                                      Required if using a TLS connection.
-                                    type: string
-                                  endpoints:
-                                    description: endpoints of etcd members. Required
-                                      for ExternalEtcd.
-                                    items:
-                                      type: string
-                                    type: array
-                                  keyFile:
-                                    description: |-
-                                      keyFile is an SSL key file used to secure etcd communication.
-                                      Required if using a TLS connection.
-                                    type: string
-                                required:
-                                - caFile
-                                - certFile
-                                - endpoints
-                                - keyFile
-                                type: object
-                              local:
-                                description: |-
-                                  local provides configuration knobs for configuring the local etcd instance
-                                  Local and External are mutually exclusive
-                                properties:
-                                  dataDir:
-                                    description: |-
-                                      dataDir is the directory etcd will place its data.
-                                      Defaults to "/var/lib/etcd".
-                                    type: string
-                                  extraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: |-
-                                      extraArgs are extra arguments provided to the etcd binary
-                                      when run inside a static pod.
-                                    type: object
-                                  imageRepository:
-                                    description: |-
-                                      imageRepository sets the container registry to pull images from.
-                                      if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                    type: string
-                                  imageTag:
-                                    description: |-
-                                      imageTag allows to specify a tag for the image.
-                                      In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                    type: string
-                                  peerCertSANs:
-                                    description: peerCertSANs sets extra Subject Alternative
-                                      Names for the etcd peer signing cert.
-                                    items:
-                                      type: string
-                                    type: array
-                                  serverCertSANs:
-                                    description: serverCertSANs sets extra Subject
-                                      Alternative Names for the etcd server signing
-                                      cert.
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          featureGates:
-                            additionalProperties:
-                              type: boolean
-                            description: featureGates enabled by the user.
-                            type: object
-                          imageRepository:
-                            description: |-
-                              imageRepository sets the container registry to pull images from.
-                              If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                              `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
-                              will be used for all the other images.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind is a string value representing the REST resource this object represents.
-                              Servers may infer this from the endpoint the client submits requests to.
-                              Cannot be updated.
-                              In CamelCase.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          kubernetesVersion:
-                            description: |-
-                              kubernetesVersion is the target version of the control plane.
-                              NB: This value defaults to the Machine object spec.version
-                            type: string
-                          networking:
-                            description: |-
-                              networking holds configuration for the networking topology of the cluster.
-                              NB: This value defaults to the Cluster object spec.clusterNetwork.
-                            properties:
-                              dnsDomain:
-                                description: dnsDomain is the dns domain used by k8s
-                                  services. Defaults to "cluster.local".
-                                type: string
-                              podSubnet:
-                                description: |-
-                                  podSubnet is the subnet used by pods.
-                                  If unset, the API server will not allocate CIDR ranges for every node.
-                                  Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                                type: string
-                              serviceSubnet:
-                                description: |-
-                                  serviceSubnet is the subnet used by k8s services.
-                                  Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                                  to "10.96.0.0/12" if that's unset.
-                                type: string
-                            type: object
-                          scheduler:
-                            description: scheduler contains extra settings for the
-                              scheduler control plane component
-                            properties:
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: extraArgs is an extra set of flags to
-                                  pass to the control plane component.
-                                type: object
-                              extraVolumes:
-                                description: extraVolumes is an extra set of host
-                                  volumes, mounted to the control plane component.
-                                items:
-                                  description: |-
-                                    HostPathMount contains elements describing volumes that are mounted from the
-                                    host.
-                                  properties:
-                                    hostPath:
-                                      description: |-
-                                        hostPath is the path in the host that will be mounted inside
-                                        the pod.
-                                      type: string
-                                    mountPath:
-                                      description: mountPath is the path inside the
-                                        pod where hostPath will be mounted.
-                                      type: string
-                                    name:
-                                      description: name of the volume inside the pod
-                                        template.
-                                      type: string
-                                    pathType:
-                                      description: pathType is the type of the HostPath.
-                                      type: string
-                                    readOnly:
-                                      description: readOnly controls write access
-                                        to the volume
-                                      type: boolean
-                                  required:
-                                  - hostPath
-                                  - mountPath
-                                  - name
-                                  type: object
-                                type: array
-                            type: object
-                        type: object
-                      diskSetup:
-                        description: diskSetup specifies options for the creation
-                          of partition tables and file systems on devices.
-                        properties:
-                          filesystems:
-                            description: filesystems specifies the list of file systems
-                              to setup.
-                            items:
-                              description: Filesystem defines the file systems to
-                                be created.
-                              properties:
-                                device:
-                                  description: device specifies the device name
-                                  type: string
-                                extraOpts:
-                                  description: extraOpts defined extra options to
-                                    add to the command for creating the file system.
-                                  items:
-                                    type: string
-                                  type: array
-                                filesystem:
-                                  description: filesystem specifies the file system
-                                    type.
-                                  type: string
-                                label:
-                                  description: label specifies the file system label
-                                    to be used. If set to None, no label is used.
-                                  type: string
-                                overwrite:
-                                  description: |-
-                                    overwrite defines whether or not to overwrite any existing filesystem.
-                                    If true, any pre-existing file system will be destroyed. Use with Caution.
-                                  type: boolean
-                                partition:
-                                  description: 'partition specifies the partition
-                                    to use. The valid options are: "auto|any", "auto",
-                                    "any", "none", and <NUM>, where NUM is the actual
-                                    partition number.'
-                                  type: string
-                                replaceFS:
-                                  description: |-
-                                    replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                                    NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                                  type: string
-                              required:
-                              - device
-                              - filesystem
-                              - label
-                              type: object
-                            type: array
-                          partitions:
-                            description: partitions specifies the list of the partitions
-                              to setup.
-                            items:
-                              description: Partition defines how to create and layout
-                                a partition.
-                              properties:
-                                device:
-                                  description: device is the name of the device.
-                                  type: string
-                                layout:
-                                  description: |-
-                                    layout specifies the device layout.
-                                    If it is true, a single partition will be created for the entire device.
-                                    When layout is false, it means don't partition or ignore existing partitioning.
-                                  type: boolean
-                                overwrite:
-                                  description: |-
-                                    overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                                    Use with caution. Default is 'false'.
-                                  type: boolean
-                                tableType:
-                                  description: |-
-                                    tableType specifies the tupe of partition table. The following are supported:
-                                    'mbr': default and setups a MS-DOS partition table
-                                    'gpt': setups a GPT partition table
-                                  type: string
-                              required:
-                              - device
-                              - layout
-                              type: object
-                            type: array
-                        type: object
-                      files:
-                        description: files specifies extra files to be passed to user_data
-                          upon creation.
-                        items:
-                          description: File defines the input for generating write_files
-                            in cloud-init.
-                          properties:
-                            content:
-                              description: content is the actual content of the file.
-                              type: string
-                            contentFrom:
-                              description: contentFrom is a referenced source of content
-                                to populate the file.
-                              properties:
-                                secret:
-                                  description: secret represents a secret that should
-                                    populate this file.
-                                  properties:
-                                    key:
-                                      description: key is the key in the secret's
-                                        data map for this value.
-                                      type: string
-                                    name:
-                                      description: name of the secret in the KubeadmBootstrapConfig's
-                                        namespace to use.
-                                      type: string
-                                  required:
-                                  - key
-                                  - name
-                                  type: object
-                              required:
-                              - secret
-                              type: object
-                            encoding:
-                              description: encoding specifies the encoding of the
-                                file contents.
-                              enum:
-                              - base64
-                              - gzip
-                              - gzip+base64
-                              type: string
-                            owner:
-                              description: owner specifies the ownership of the file,
-                                e.g. "root:root".
-                              type: string
-                            path:
-                              description: path specifies the full path on disk where
-                                to store the file.
-                              type: string
-                            permissions:
-                              description: permissions specifies the permissions to
-                                assign to the file, e.g. "0640".
-                              type: string
-                          required:
-                          - path
-                          type: object
-                        type: array
-                      format:
-                        description: format specifies the output format of the bootstrap
-                          data
-                        enum:
-                        - cloud-config
-                        type: string
-                      initConfiguration:
-                        description: initConfiguration along with ClusterConfiguration
-                          are the configurations necessary for the init command
-                        properties:
-                          apiVersion:
-                            description: |-
-                              APIVersion defines the versioned schema of this representation of an object.
-                              Servers should convert recognized schemas to the latest internal value, and
-                              may reject unrecognized values.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                            type: string
-                          bootstrapTokens:
-                            description: |-
-                              bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                              This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                            items:
-                              description: BootstrapToken describes one bootstrap
-                                token, stored as a Secret in the cluster.
-                              properties:
-                                description:
-                                  description: |-
-                                    description sets a human-friendly message why this token exists and what it's used
-                                    for, so other administrators can know its purpose.
-                                  type: string
-                                expires:
-                                  description: |-
-                                    expires specifies the timestamp when this token expires. Defaults to being set
-                                    dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                                  format: date-time
-                                  type: string
-                                groups:
-                                  description: |-
-                                    groups specifies the extra groups that this token will authenticate as when/if
-                                    used for authentication
-                                  items:
-                                    type: string
-                                  type: array
-                                token:
-                                  description: |-
-                                    token is used for establishing bidirectional trust between nodes and control-planes.
-                                    Used for joining nodes in the cluster.
-                                  type: string
-                                ttl:
-                                  description: |-
-                                    ttl defines the time to live for this token. Defaults to 24h.
-                                    Expires and TTL are mutually exclusive.
-                                  type: string
-                                usages:
-                                  description: |-
-                                    usages describes the ways in which this token can be used. Can by default be used
-                                    for establishing bidirectional trust, but that can be changed here.
-                                  items:
-                                    type: string
-                                  type: array
-                              required:
-                              - token
-                              type: object
-                            type: array
-                          kind:
-                            description: |-
-                              Kind is a string value representing the REST resource this object represents.
-                              Servers may infer this from the endpoint the client submits requests to.
-                              Cannot be updated.
-                              In CamelCase.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          localAPIEndpoint:
-                            description: |-
-                              localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                              In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                              is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                              configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                              on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                              fails you may set the desired value here.
-                            properties:
-                              advertiseAddress:
-                                description: advertiseAddress sets the IP address
-                                  for the API server to advertise.
-                                type: string
-                              bindPort:
-                                description: |-
-                                  bindPort sets the secure port for the API Server to bind to.
-                                  Defaults to 6443.
-                                format: int32
-                                type: integer
-                            type: object
-                          nodeRegistration:
-                            description: |-
-                              nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                              When used in the context of control plane nodes, NodeRegistration should remain consistent
-                              across both InitConfiguration and JoinConfiguration
-                            properties:
-                              criSocket:
-                                description: criSocket is used to retrieve container
-                                  runtime info. This information will be annotated
-                                  to the Node API object, for later re-use
-                                type: string
-                              ignorePreflightErrors:
-                                description: ignorePreflightErrors provides a slice
-                                  of pre-flight errors to be ignored when the current
-                                  node is registered.
-                                items:
-                                  type: string
-                                type: array
-                              kubeletExtraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                  kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                  Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                type: object
-                              name:
-                                description: |-
-                                  name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                  This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                  Defaults to the hostname of the node if not provided.
-                                type: string
-                              taints:
-                                description: |-
-                                  taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                  it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                  empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                                items:
-                                  description: |-
-                                    The node this Taint is attached to has the "effect" on
-                                    any pod that does not tolerate the Taint.
-                                  properties:
-                                    effect:
-                                      description: |-
-                                        Required. The effect of the taint on pods
-                                        that do not tolerate the taint.
-                                        Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                      type: string
-                                    key:
-                                      description: Required. The taint key to be applied
-                                        to a node.
-                                      type: string
-                                    timeAdded:
-                                      description: |-
-                                        TimeAdded represents the time at which the taint was added.
-                                        It is only written for NoExecute taints.
-                                      format: date-time
-                                      type: string
-                                    value:
-                                      description: The taint value corresponding to
-                                        the taint key.
-                                      type: string
-                                  required:
-                                  - effect
-                                  - key
-                                  type: object
-                                type: array
-                            type: object
-                        type: object
-                      joinConfiguration:
-                        description: joinConfiguration is the kubeadm configuration
-                          for the join command
-                        properties:
-                          apiVersion:
-                            description: |-
-                              APIVersion defines the versioned schema of this representation of an object.
-                              Servers should convert recognized schemas to the latest internal value, and
-                              may reject unrecognized values.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                            type: string
-                          caCertPath:
-                            description: |-
-                              caCertPath is the path to the SSL certificate authority used to
-                              secure comunications between node and control-plane.
-                              Defaults to "/etc/kubernetes/pki/ca.crt".
-                            type: string
-                          controlPlane:
-                            description: |-
-                              controlPlane defines the additional control plane instance to be deployed on the joining node.
-                              If nil, no additional control plane instance will be deployed.
-                            properties:
-                              localAPIEndpoint:
-                                description: localAPIEndpoint represents the endpoint
-                                  of the API server instance to be deployed on this
-                                  node.
-                                properties:
-                                  advertiseAddress:
-                                    description: advertiseAddress sets the IP address
-                                      for the API server to advertise.
-                                    type: string
-                                  bindPort:
-                                    description: |-
-                                      bindPort sets the secure port for the API Server to bind to.
-                                      Defaults to 6443.
-                                    format: int32
-                                    type: integer
-                                type: object
-                            type: object
-                          discovery:
-                            description: discovery specifies the options for the kubelet
-                              to use during the TLS Bootstrap process
-                            properties:
-                              bootstrapToken:
-                                description: |-
-                                  bootstrapToken is used to set the options for bootstrap token based discovery
-                                  BootstrapToken and File are mutually exclusive
-                                properties:
-                                  apiServerEndpoint:
-                                    description: apiServerEndpoint is an IP or domain
-                                      name to the API server from which info will
-                                      be fetched.
-                                    type: string
-                                  caCertHashes:
-                                    description: |-
-                                      caCertHashes specifies a set of public key pins to verify
-                                      when token-based discovery is used. The root CA found during discovery
-                                      must match one of these values. Specifying an empty set disables root CA
-                                      pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                                      where the only currently supported type is "sha256". This is a hex-encoded
-                                      SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                                      ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                                      openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                                    items:
-                                      type: string
-                                    type: array
-                                  token:
-                                    description: |-
-                                      token is a token used to validate cluster information
-                                      fetched from the control-plane.
-                                    type: string
-                                  unsafeSkipCAVerification:
-                                    description: |-
-                                      unsafeSkipCAVerification allows token-based discovery
-                                      without CA verification via CACertHashes. This can weaken
-                                      the security of kubeadm since other nodes can impersonate the control-plane.
-                                    type: boolean
-                                required:
-                                - token
-                                type: object
-                              file:
-                                description: |-
-                                  file is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                                  BootstrapToken and File are mutually exclusive
-                                properties:
-                                  kubeConfigPath:
-                                    description: kubeConfigPath is used to specify
-                                      the actual file path or URL to the kubeconfig
-                                      file from which to load cluster information
-                                    type: string
-                                required:
-                                - kubeConfigPath
-                                type: object
-                              timeout:
-                                description: timeout modifies the discovery timeout
-                                type: string
-                              tlsBootstrapToken:
-                                description: |-
-                                  tlsBootstrapToken is a token used for TLS bootstrapping.
-                                  If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                                  If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                                type: string
-                            type: object
-                          kind:
-                            description: |-
-                              Kind is a string value representing the REST resource this object represents.
-                              Servers may infer this from the endpoint the client submits requests to.
-                              Cannot be updated.
-                              In CamelCase.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          nodeRegistration:
-                            description: |-
-                              nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                              When used in the context of control plane nodes, NodeRegistration should remain consistent
-                              across both InitConfiguration and JoinConfiguration
-                            properties:
-                              criSocket:
-                                description: criSocket is used to retrieve container
-                                  runtime info. This information will be annotated
-                                  to the Node API object, for later re-use
-                                type: string
-                              ignorePreflightErrors:
-                                description: ignorePreflightErrors provides a slice
-                                  of pre-flight errors to be ignored when the current
-                                  node is registered.
-                                items:
-                                  type: string
-                                type: array
-                              kubeletExtraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                  kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                  Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                type: object
-                              name:
-                                description: |-
-                                  name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                  This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                  Defaults to the hostname of the node if not provided.
-                                type: string
-                              taints:
-                                description: |-
-                                  taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                  it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                  empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                                items:
-                                  description: |-
-                                    The node this Taint is attached to has the "effect" on
-                                    any pod that does not tolerate the Taint.
-                                  properties:
-                                    effect:
-                                      description: |-
-                                        Required. The effect of the taint on pods
-                                        that do not tolerate the taint.
-                                        Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                      type: string
-                                    key:
-                                      description: Required. The taint key to be applied
-                                        to a node.
-                                      type: string
-                                    timeAdded:
-                                      description: |-
-                                        TimeAdded represents the time at which the taint was added.
-                                        It is only written for NoExecute taints.
-                                      format: date-time
-                                      type: string
-                                    value:
-                                      description: The taint value corresponding to
-                                        the taint key.
-                                      type: string
-                                  required:
-                                  - effect
-                                  - key
-                                  type: object
-                                type: array
-                            type: object
-                        type: object
-                      mounts:
-                        description: mounts specifies a list of mount points to be
-                          setup.
-                        items:
-                          description: MountPoints defines input for generated mounts
-                            in cloud-init.
-                          items:
-                            type: string
-                          type: array
-                        type: array
-                      ntp:
-                        description: ntp specifies NTP configuration
-                        properties:
-                          enabled:
-                            description: enabled specifies whether NTP should be enabled
-                            type: boolean
-                          servers:
-                            description: servers specifies which NTP servers to use
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      postKubeadmCommands:
-                        description: postKubeadmCommands specifies extra commands
-                          to run after kubeadm runs
-                        items:
-                          type: string
-                        type: array
-                      preKubeadmCommands:
-                        description: preKubeadmCommands specifies extra commands to
-                          run before kubeadm runs
-                        items:
-                          type: string
-                        type: array
-                      useExperimentalRetryJoin:
-                        description: |-
-                          useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                          script with retries for joins.
-
-                          This is meant to be an experimental temporary workaround on some environments
-                          where joins fail due to timing (and other issues). The long term goal is to add retries to
-                          kubeadm proper and use that functionality.
-
-                          This will add about 40KB to userdata
-
-                          For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-                        type: boolean
-                      users:
-                        description: users specifies extra users to add
-                        items:
-                          description: User defines the input for a generated user
-                            in cloud-init.
-                          properties:
-                            gecos:
-                              description: gecos specifies the gecos to use for the
-                                user
-                              type: string
-                            groups:
-                              description: groups specifies the additional groups
-                                for the user
-                              type: string
-                            homeDir:
-                              description: homeDir specifies the home directory to
-                                use for the user
-                              type: string
-                            inactive:
-                              description: inactive specifies whether to mark the
-                                user as inactive
-                              type: boolean
-                            lockPassword:
-                              description: lockPassword specifies if password login
-                                should be disabled
-                              type: boolean
-                            name:
-                              description: name specifies the user name
-                              type: string
-                            passwd:
-                              description: passwd specifies a hashed password for
-                                the user
-                              type: string
-                            primaryGroup:
-                              description: primaryGroup specifies the primary group
-                                for the user
-                              type: string
-                            shell:
-                              description: shell specifies the user's shell
-                              type: string
-                            sshAuthorizedKeys:
-                              description: sshAuthorizedKeys specifies a list of ssh
-                                authorized keys for the user
-                              items:
-                                type: string
-                              type: array
-                            sudo:
-                              description: sudo specifies a sudo role for the user
-                              type: string
-                          required:
-                          - name
-                          type: object
-                        type: array
-                      verbosity:
-                        description: |-
-                          verbosity is the number for the kubeadm log level verbosity.
-                          It overrides the `--v` flag in kubeadm commands.
-                        format: int32
-                        type: integer
-                    type: object
-                type: object
-            required:
-            - template
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of KubeadmConfigTemplate
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
-          API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
-            properties:
-              template:
-                description: KubeadmConfigTemplateResource defines the Template structure.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  spec:
-                    description: |-
-                      KubeadmConfigSpec defines the desired state of KubeadmConfig.
-                      Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
-                    properties:
-                      clusterConfiguration:
-                        description: clusterConfiguration along with InitConfiguration
-                          are the configurations necessary for the init command
-                        properties:
-                          apiServer:
-                            description: apiServer contains extra settings for the
-                              API server control plane component
-                            properties:
-                              certSANs:
-                                description: certSANs sets extra Subject Alternative
-                                  Names for the API Server signing cert.
-                                items:
-                                  type: string
-                                type: array
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: extraArgs is an extra set of flags to
-                                  pass to the control plane component.
-                                type: object
-                              extraEnvs:
-                                description: |-
-                                  extraEnvs is an extra set of environment variables to pass to the control plane component.
-                                  Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                                  This option takes effect only on Kubernetes >=1.31.0.
-                                items:
-                                  description: EnvVar represents an environment variable
-                                    present in a Container.
-                                  properties:
-                                    name:
-                                      description: Name of the environment variable.
-                                        Must be a C_IDENTIFIER.
-                                      type: string
-                                    value:
-                                      description: |-
-                                        Variable references $(VAR_NAME) are expanded
-                                        using the previously defined environment variables in the container and
-                                        any service environment variables. If a variable cannot be resolved,
-                                        the reference in the input string will be unchanged. Double $ are reduced
-                                        to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                        "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                        Escaped references will never be expanded, regardless of whether the variable
-                                        exists or not.
-                                        Defaults to "".
-                                      type: string
-                                    valueFrom:
-                                      description: Source for the environment variable's
-                                        value. Cannot be used if value is not empty.
-                                      properties:
-                                        configMapKeyRef:
-                                          description: Selects a key of a ConfigMap.
-                                          properties:
-                                            key:
-                                              description: The key to select.
-                                              type: string
-                                            name:
-                                              default: ""
-                                              description: |-
-                                                Name of the referent.
-                                                This field is effectively required, but due to backwards compatibility is
-                                                allowed to be empty. Instances of this type with an empty value here are
-                                                almost certainly wrong.
-                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                              type: string
-                                            optional:
-                                              description: Specify whether the ConfigMap
-                                                or its key must be defined
-                                              type: boolean
-                                          required:
-                                          - key
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        fieldRef:
-                                          description: |-
-                                            Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                            spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                          properties:
-                                            apiVersion:
-                                              description: Version of the schema the
-                                                FieldPath is written in terms of,
-                                                defaults to "v1".
-                                              type: string
-                                            fieldPath:
-                                              description: Path of the field to select
-                                                in the specified API version.
-                                              type: string
-                                          required:
-                                          - fieldPath
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        resourceFieldRef:
-                                          description: |-
-                                            Selects a resource of the container: only resources limits and requests
-                                            (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                          properties:
-                                            containerName:
-                                              description: 'Container name: required
-                                                for volumes, optional for env vars'
-                                              type: string
-                                            divisor:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Specifies the output format
-                                                of the exposed resources, defaults
-                                                to "1"
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            resource:
-                                              description: 'Required: resource to
-                                                select'
-                                              type: string
-                                          required:
-                                          - resource
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        secretKeyRef:
-                                          description: Selects a key of a secret in
-                                            the pod's namespace
-                                          properties:
-                                            key:
-                                              description: The key of the secret to
-                                                select from.  Must be a valid secret
-                                                key.
-                                              type: string
-                                            name:
-                                              default: ""
-                                              description: |-
-                                                Name of the referent.
-                                                This field is effectively required, but due to backwards compatibility is
-                                                allowed to be empty. Instances of this type with an empty value here are
-                                                almost certainly wrong.
-                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                              type: string
-                                            optional:
-                                              description: Specify whether the Secret
-                                                or its key must be defined
-                                              type: boolean
-                                          required:
-                                          - key
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                      type: object
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              extraVolumes:
-                                description: extraVolumes is an extra set of host
-                                  volumes, mounted to the control plane component.
-                                items:
-                                  description: |-
-                                    HostPathMount contains elements describing volumes that are mounted from the
-                                    host.
-                                  properties:
-                                    hostPath:
-                                      description: |-
-                                        hostPath is the path in the host that will be mounted inside
-                                        the pod.
-                                      type: string
-                                    mountPath:
-                                      description: mountPath is the path inside the
-                                        pod where hostPath will be mounted.
-                                      type: string
-                                    name:
-                                      description: name of the volume inside the pod
-                                        template.
-                                      type: string
-                                    pathType:
-                                      description: pathType is the type of the HostPath.
-                                      type: string
-                                    readOnly:
-                                      description: readOnly controls write access
-                                        to the volume
-                                      type: boolean
-                                  required:
-                                  - hostPath
-                                  - mountPath
-                                  - name
-                                  type: object
-                                type: array
-                              timeoutForControlPlane:
-                                description: timeoutForControlPlane controls the timeout
-                                  that we use for API server to appear
-                                type: string
-                            type: object
-                          apiVersion:
-                            description: |-
-                              APIVersion defines the versioned schema of this representation of an object.
-                              Servers should convert recognized schemas to the latest internal value, and
-                              may reject unrecognized values.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                            type: string
-                          certificatesDir:
-                            description: |-
-                              certificatesDir specifies where to store or look for all required certificates.
-                              NB: if not provided, this will default to `/etc/kubernetes/pki`
-                            type: string
-                          clusterName:
-                            description: The cluster name
-                            type: string
-                          controlPlaneEndpoint:
-                            description: |-
-                              controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                              can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                              In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                              are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                              the BindPort is used.
-                              Possible usages are:
-                              e.g. In a cluster with more than one control plane instances, this field should be
-                              assigned the address of the external load balancer in front of the
-                              control plane instances.
-                              e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                              could be used for assigning a stable DNS to the control plane.
-                              NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                            type: string
-                          controllerManager:
-                            description: controllerManager contains extra settings
-                              for the controller manager control plane component
-                            properties:
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: extraArgs is an extra set of flags to
-                                  pass to the control plane component.
-                                type: object
-                              extraEnvs:
-                                description: |-
-                                  extraEnvs is an extra set of environment variables to pass to the control plane component.
-                                  Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                                  This option takes effect only on Kubernetes >=1.31.0.
-                                items:
-                                  description: EnvVar represents an environment variable
-                                    present in a Container.
-                                  properties:
-                                    name:
-                                      description: Name of the environment variable.
-                                        Must be a C_IDENTIFIER.
-                                      type: string
-                                    value:
-                                      description: |-
-                                        Variable references $(VAR_NAME) are expanded
-                                        using the previously defined environment variables in the container and
-                                        any service environment variables. If a variable cannot be resolved,
-                                        the reference in the input string will be unchanged. Double $ are reduced
-                                        to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                        "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                        Escaped references will never be expanded, regardless of whether the variable
-                                        exists or not.
-                                        Defaults to "".
-                                      type: string
-                                    valueFrom:
-                                      description: Source for the environment variable's
-                                        value. Cannot be used if value is not empty.
-                                      properties:
-                                        configMapKeyRef:
-                                          description: Selects a key of a ConfigMap.
-                                          properties:
-                                            key:
-                                              description: The key to select.
-                                              type: string
-                                            name:
-                                              default: ""
-                                              description: |-
-                                                Name of the referent.
-                                                This field is effectively required, but due to backwards compatibility is
-                                                allowed to be empty. Instances of this type with an empty value here are
-                                                almost certainly wrong.
-                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                              type: string
-                                            optional:
-                                              description: Specify whether the ConfigMap
-                                                or its key must be defined
-                                              type: boolean
-                                          required:
-                                          - key
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        fieldRef:
-                                          description: |-
-                                            Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                            spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                          properties:
-                                            apiVersion:
-                                              description: Version of the schema the
-                                                FieldPath is written in terms of,
-                                                defaults to "v1".
-                                              type: string
-                                            fieldPath:
-                                              description: Path of the field to select
-                                                in the specified API version.
-                                              type: string
-                                          required:
-                                          - fieldPath
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        resourceFieldRef:
-                                          description: |-
-                                            Selects a resource of the container: only resources limits and requests
-                                            (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                          properties:
-                                            containerName:
-                                              description: 'Container name: required
-                                                for volumes, optional for env vars'
-                                              type: string
-                                            divisor:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Specifies the output format
-                                                of the exposed resources, defaults
-                                                to "1"
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            resource:
-                                              description: 'Required: resource to
-                                                select'
-                                              type: string
-                                          required:
-                                          - resource
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        secretKeyRef:
-                                          description: Selects a key of a secret in
-                                            the pod's namespace
-                                          properties:
-                                            key:
-                                              description: The key of the secret to
-                                                select from.  Must be a valid secret
-                                                key.
-                                              type: string
-                                            name:
-                                              default: ""
-                                              description: |-
-                                                Name of the referent.
-                                                This field is effectively required, but due to backwards compatibility is
-                                                allowed to be empty. Instances of this type with an empty value here are
-                                                almost certainly wrong.
-                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                              type: string
-                                            optional:
-                                              description: Specify whether the Secret
-                                                or its key must be defined
-                                              type: boolean
-                                          required:
-                                          - key
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                      type: object
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              extraVolumes:
-                                description: extraVolumes is an extra set of host
-                                  volumes, mounted to the control plane component.
-                                items:
-                                  description: |-
-                                    HostPathMount contains elements describing volumes that are mounted from the
-                                    host.
-                                  properties:
-                                    hostPath:
-                                      description: |-
-                                        hostPath is the path in the host that will be mounted inside
-                                        the pod.
-                                      type: string
-                                    mountPath:
-                                      description: mountPath is the path inside the
-                                        pod where hostPath will be mounted.
-                                      type: string
-                                    name:
-                                      description: name of the volume inside the pod
-                                        template.
-                                      type: string
-                                    pathType:
-                                      description: pathType is the type of the HostPath.
-                                      type: string
-                                    readOnly:
-                                      description: readOnly controls write access
-                                        to the volume
-                                      type: boolean
-                                  required:
-                                  - hostPath
-                                  - mountPath
-                                  - name
-                                  type: object
-                                type: array
-                            type: object
-                          dns:
-                            description: dns defines the options for the DNS add-on
-                              installed in the cluster.
-                            properties:
-                              imageRepository:
-                                description: |-
-                                  imageRepository sets the container registry to pull images from.
-                                  if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                type: string
-                              imageTag:
-                                description: |-
-                                  imageTag allows to specify a tag for the image.
-                                  In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                type: string
-                            type: object
-                          etcd:
-                            description: |-
-                              etcd holds configuration for etcd.
-                              NB: This value defaults to a Local (stacked) etcd
-                            properties:
-                              external:
-                                description: |-
-                                  external describes how to connect to an external etcd cluster
-                                  Local and External are mutually exclusive
-                                properties:
-                                  caFile:
-                                    description: |-
-                                      caFile is an SSL Certificate Authority file used to secure etcd communication.
-                                      Required if using a TLS connection.
-                                    type: string
-                                  certFile:
-                                    description: |-
-                                      certFile is an SSL certification file used to secure etcd communication.
-                                      Required if using a TLS connection.
-                                    type: string
-                                  endpoints:
-                                    description: endpoints of etcd members. Required
-                                      for ExternalEtcd.
-                                    items:
-                                      type: string
-                                    type: array
-                                  keyFile:
-                                    description: |-
-                                      keyFile is an SSL key file used to secure etcd communication.
-                                      Required if using a TLS connection.
-                                    type: string
-                                required:
-                                - caFile
-                                - certFile
-                                - endpoints
-                                - keyFile
-                                type: object
-                              local:
-                                description: |-
-                                  local provides configuration knobs for configuring the local etcd instance
-                                  Local and External are mutually exclusive
-                                properties:
-                                  dataDir:
-                                    description: |-
-                                      dataDir is the directory etcd will place its data.
-                                      Defaults to "/var/lib/etcd".
-                                    type: string
-                                  extraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: |-
-                                      extraArgs are extra arguments provided to the etcd binary
-                                      when run inside a static pod.
-                                    type: object
-                                  extraEnvs:
-                                    description: |-
-                                      extraEnvs is an extra set of environment variables to pass to the control plane component.
-                                      Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                                      This option takes effect only on Kubernetes >=1.31.0.
-                                    items:
-                                      description: EnvVar represents an environment
-                                        variable present in a Container.
-                                      properties:
-                                        name:
-                                          description: Name of the environment variable.
-                                            Must be a C_IDENTIFIER.
-                                          type: string
-                                        value:
-                                          description: |-
-                                            Variable references $(VAR_NAME) are expanded
-                                            using the previously defined environment variables in the container and
-                                            any service environment variables. If a variable cannot be resolved,
-                                            the reference in the input string will be unchanged. Double $ are reduced
-                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                            "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                            Escaped references will never be expanded, regardless of whether the variable
-                                            exists or not.
-                                            Defaults to "".
-                                          type: string
-                                        valueFrom:
-                                          description: Source for the environment
-                                            variable's value. Cannot be used if value
-                                            is not empty.
-                                          properties:
-                                            configMapKeyRef:
-                                              description: Selects a key of a ConfigMap.
-                                              properties:
-                                                key:
-                                                  description: The key to select.
-                                                  type: string
-                                                name:
-                                                  default: ""
-                                                  description: |-
-                                                    Name of the referent.
-                                                    This field is effectively required, but due to backwards compatibility is
-                                                    allowed to be empty. Instances of this type with an empty value here are
-                                                    almost certainly wrong.
-                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            fieldRef:
-                                              description: |-
-                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                              properties:
-                                                apiVersion:
-                                                  description: Version of the schema
-                                                    the FieldPath is written in terms
-                                                    of, defaults to "v1".
-                                                  type: string
-                                                fieldPath:
-                                                  description: Path of the field to
-                                                    select in the specified API version.
-                                                  type: string
-                                              required:
-                                              - fieldPath
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            resourceFieldRef:
-                                              description: |-
-                                                Selects a resource of the container: only resources limits and requests
-                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                              properties:
-                                                containerName:
-                                                  description: 'Container name: required
-                                                    for volumes, optional for env
-                                                    vars'
-                                                  type: string
-                                                divisor:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Specifies the output
-                                                    format of the exposed resources,
-                                                    defaults to "1"
-                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                  x-kubernetes-int-or-string: true
-                                                resource:
-                                                  description: 'Required: resource
-                                                    to select'
-                                                  type: string
-                                              required:
-                                              - resource
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            secretKeyRef:
-                                              description: Selects a key of a secret
-                                                in the pod's namespace
-                                              properties:
-                                                key:
-                                                  description: The key of the secret
-                                                    to select from.  Must be a valid
-                                                    secret key.
-                                                  type: string
-                                                name:
-                                                  default: ""
-                                                  description: |-
-                                                    Name of the referent.
-                                                    This field is effectively required, but due to backwards compatibility is
-                                                    allowed to be empty. Instances of this type with an empty value here are
-                                                    almost certainly wrong.
-                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                          type: object
-                                      required:
-                                      - name
-                                      type: object
-                                    type: array
-                                  imageRepository:
-                                    description: |-
-                                      imageRepository sets the container registry to pull images from.
-                                      if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                    type: string
-                                  imageTag:
-                                    description: |-
-                                      imageTag allows to specify a tag for the image.
-                                      In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                    type: string
-                                  peerCertSANs:
-                                    description: peerCertSANs sets extra Subject Alternative
-                                      Names for the etcd peer signing cert.
-                                    items:
-                                      type: string
-                                    type: array
-                                  serverCertSANs:
-                                    description: serverCertSANs sets extra Subject
-                                      Alternative Names for the etcd server signing
-                                      cert.
-                                    items:
-                                      type: string
-                                    type: array
-                                type: object
-                            type: object
-                          featureGates:
-                            additionalProperties:
-                              type: boolean
-                            description: featureGates enabled by the user.
-                            type: object
-                          imageRepository:
-                            description: |-
-                              imageRepository sets the container registry to pull images from.
-                              * If not set, the default registry of kubeadm will be used, i.e.
-                                * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
-                                * k8s.gcr.io (old registry): all older versions
-                                Please note that when imageRepository is not set we don't allow upgrades to
-                                versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
-                                a newer patch version with the new registry instead (i.e. >= v1.22.17,
-                                >= v1.23.15, >= v1.24.9, >= v1.25.0).
-                              * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                               `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
-                                and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
-                            type: string
-                          kind:
-                            description: |-
-                              Kind is a string value representing the REST resource this object represents.
-                              Servers may infer this from the endpoint the client submits requests to.
-                              Cannot be updated.
-                              In CamelCase.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          kubernetesVersion:
-                            description: |-
-                              kubernetesVersion is the target version of the control plane.
-                              NB: This value defaults to the Machine object spec.version
-                            type: string
-                          networking:
-                            description: |-
-                              networking holds configuration for the networking topology of the cluster.
-                              NB: This value defaults to the Cluster object spec.clusterNetwork.
-                            properties:
-                              dnsDomain:
-                                description: dnsDomain is the dns domain used by k8s
-                                  services. Defaults to "cluster.local".
-                                type: string
-                              podSubnet:
-                                description: |-
-                                  podSubnet is the subnet used by pods.
-                                  If unset, the API server will not allocate CIDR ranges for every node.
-                                  Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                                type: string
-                              serviceSubnet:
-                                description: |-
-                                  serviceSubnet is the subnet used by k8s services.
-                                  Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                                  to "10.96.0.0/12" if that's unset.
-                                type: string
-                            type: object
-                          scheduler:
-                            description: scheduler contains extra settings for the
-                              scheduler control plane component
-                            properties:
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: extraArgs is an extra set of flags to
-                                  pass to the control plane component.
-                                type: object
-                              extraEnvs:
-                                description: |-
-                                  extraEnvs is an extra set of environment variables to pass to the control plane component.
-                                  Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                                  This option takes effect only on Kubernetes >=1.31.0.
-                                items:
-                                  description: EnvVar represents an environment variable
-                                    present in a Container.
-                                  properties:
-                                    name:
-                                      description: Name of the environment variable.
-                                        Must be a C_IDENTIFIER.
-                                      type: string
-                                    value:
-                                      description: |-
-                                        Variable references $(VAR_NAME) are expanded
-                                        using the previously defined environment variables in the container and
-                                        any service environment variables. If a variable cannot be resolved,
-                                        the reference in the input string will be unchanged. Double $ are reduced
-                                        to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                        "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                        Escaped references will never be expanded, regardless of whether the variable
-                                        exists or not.
-                                        Defaults to "".
-                                      type: string
-                                    valueFrom:
-                                      description: Source for the environment variable's
-                                        value. Cannot be used if value is not empty.
-                                      properties:
-                                        configMapKeyRef:
-                                          description: Selects a key of a ConfigMap.
-                                          properties:
-                                            key:
-                                              description: The key to select.
-                                              type: string
-                                            name:
-                                              default: ""
-                                              description: |-
-                                                Name of the referent.
-                                                This field is effectively required, but due to backwards compatibility is
-                                                allowed to be empty. Instances of this type with an empty value here are
-                                                almost certainly wrong.
-                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                              type: string
-                                            optional:
-                                              description: Specify whether the ConfigMap
-                                                or its key must be defined
-                                              type: boolean
-                                          required:
-                                          - key
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        fieldRef:
-                                          description: |-
-                                            Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                            spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                          properties:
-                                            apiVersion:
-                                              description: Version of the schema the
-                                                FieldPath is written in terms of,
-                                                defaults to "v1".
-                                              type: string
-                                            fieldPath:
-                                              description: Path of the field to select
-                                                in the specified API version.
-                                              type: string
-                                          required:
-                                          - fieldPath
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        resourceFieldRef:
-                                          description: |-
-                                            Selects a resource of the container: only resources limits and requests
-                                            (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                          properties:
-                                            containerName:
-                                              description: 'Container name: required
-                                                for volumes, optional for env vars'
-                                              type: string
-                                            divisor:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Specifies the output format
-                                                of the exposed resources, defaults
-                                                to "1"
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            resource:
-                                              description: 'Required: resource to
-                                                select'
-                                              type: string
-                                          required:
-                                          - resource
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        secretKeyRef:
-                                          description: Selects a key of a secret in
-                                            the pod's namespace
-                                          properties:
-                                            key:
-                                              description: The key of the secret to
-                                                select from.  Must be a valid secret
-                                                key.
-                                              type: string
-                                            name:
-                                              default: ""
-                                              description: |-
-                                                Name of the referent.
-                                                This field is effectively required, but due to backwards compatibility is
-                                                allowed to be empty. Instances of this type with an empty value here are
-                                                almost certainly wrong.
-                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                              type: string
-                                            optional:
-                                              description: Specify whether the Secret
-                                                or its key must be defined
-                                              type: boolean
-                                          required:
-                                          - key
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                      type: object
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              extraVolumes:
-                                description: extraVolumes is an extra set of host
-                                  volumes, mounted to the control plane component.
-                                items:
-                                  description: |-
-                                    HostPathMount contains elements describing volumes that are mounted from the
-                                    host.
-                                  properties:
-                                    hostPath:
-                                      description: |-
-                                        hostPath is the path in the host that will be mounted inside
-                                        the pod.
-                                      type: string
-                                    mountPath:
-                                      description: mountPath is the path inside the
-                                        pod where hostPath will be mounted.
-                                      type: string
-                                    name:
-                                      description: name of the volume inside the pod
-                                        template.
-                                      type: string
-                                    pathType:
-                                      description: pathType is the type of the HostPath.
-                                      type: string
-                                    readOnly:
-                                      description: readOnly controls write access
-                                        to the volume
-                                      type: boolean
-                                  required:
-                                  - hostPath
-                                  - mountPath
-                                  - name
-                                  type: object
-                                type: array
-                            type: object
-                        type: object
-                      diskSetup:
-                        description: diskSetup specifies options for the creation
-                          of partition tables and file systems on devices.
-                        properties:
-                          filesystems:
-                            description: filesystems specifies the list of file systems
-                              to setup.
-                            items:
-                              description: Filesystem defines the file systems to
-                                be created.
-                              properties:
-                                device:
-                                  description: device specifies the device name
-                                  type: string
-                                extraOpts:
-                                  description: extraOpts defined extra options to
-                                    add to the command for creating the file system.
-                                  items:
-                                    type: string
-                                  type: array
-                                filesystem:
-                                  description: filesystem specifies the file system
-                                    type.
-                                  type: string
-                                label:
-                                  description: label specifies the file system label
-                                    to be used. If set to None, no label is used.
-                                  type: string
-                                overwrite:
-                                  description: |-
-                                    overwrite defines whether or not to overwrite any existing filesystem.
-                                    If true, any pre-existing file system will be destroyed. Use with Caution.
-                                  type: boolean
-                                partition:
-                                  description: 'partition specifies the partition
-                                    to use. The valid options are: "auto|any", "auto",
-                                    "any", "none", and <NUM>, where NUM is the actual
-                                    partition number.'
-                                  type: string
-                                replaceFS:
-                                  description: |-
-                                    replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                                    NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                                  type: string
-                              required:
-                              - device
-                              - filesystem
-                              - label
-                              type: object
-                            type: array
-                          partitions:
-                            description: partitions specifies the list of the partitions
-                              to setup.
-                            items:
-                              description: Partition defines how to create and layout
-                                a partition.
-                              properties:
-                                device:
-                                  description: device is the name of the device.
-                                  type: string
-                                layout:
-                                  description: |-
-                                    layout specifies the device layout.
-                                    If it is true, a single partition will be created for the entire device.
-                                    When layout is false, it means don't partition or ignore existing partitioning.
-                                  type: boolean
-                                overwrite:
-                                  description: |-
-                                    overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                                    Use with caution. Default is 'false'.
-                                  type: boolean
-                                tableType:
-                                  description: |-
-                                    tableType specifies the tupe of partition table. The following are supported:
-                                    'mbr': default and setups a MS-DOS partition table
-                                    'gpt': setups a GPT partition table
-                                  type: string
-                              required:
-                              - device
-                              - layout
-                              type: object
-                            type: array
-                        type: object
-                      files:
-                        description: files specifies extra files to be passed to user_data
-                          upon creation.
-                        items:
-                          description: File defines the input for generating write_files
-                            in cloud-init.
-                          properties:
-                            append:
-                              description: append specifies whether to append Content
-                                to existing file if Path exists.
-                              type: boolean
-                            content:
-                              description: content is the actual content of the file.
-                              type: string
-                            contentFrom:
-                              description: contentFrom is a referenced source of content
-                                to populate the file.
-                              properties:
-                                secret:
-                                  description: secret represents a secret that should
-                                    populate this file.
-                                  properties:
-                                    key:
-                                      description: key is the key in the secret's
-                                        data map for this value.
-                                      type: string
-                                    name:
-                                      description: name of the secret in the KubeadmBootstrapConfig's
-                                        namespace to use.
-                                      type: string
-                                  required:
-                                  - key
-                                  - name
-                                  type: object
-                              required:
-                              - secret
-                              type: object
-                            encoding:
-                              description: encoding specifies the encoding of the
-                                file contents.
-                              enum:
-                              - base64
-                              - gzip
-                              - gzip+base64
-                              type: string
-                            owner:
-                              description: owner specifies the ownership of the file,
-                                e.g. "root:root".
-                              type: string
-                            path:
-                              description: path specifies the full path on disk where
-                                to store the file.
-                              type: string
-                            permissions:
-                              description: permissions specifies the permissions to
-                                assign to the file, e.g. "0640".
-                              type: string
-                          required:
-                          - path
-                          type: object
-                        type: array
-                      format:
-                        description: format specifies the output format of the bootstrap
-                          data
-                        enum:
-                        - cloud-config
-                        - ignition
-                        type: string
-                      ignition:
-                        description: ignition contains Ignition specific configuration.
-                        properties:
-                          containerLinuxConfig:
-                            description: containerLinuxConfig contains CLC specific
-                              configuration.
-                            properties:
-                              additionalConfig:
-                                description: |-
-                                  additionalConfig contains additional configuration to be merged with the Ignition
-                                  configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
-
-                                  The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
-                                type: string
-                              strict:
-                                description: strict controls if AdditionalConfig should
-                                  be strictly parsed. If so, warnings are treated
-                                  as errors.
-                                type: boolean
-                            type: object
-                        type: object
-                      initConfiguration:
-                        description: initConfiguration along with ClusterConfiguration
-                          are the configurations necessary for the init command
-                        properties:
-                          apiVersion:
-                            description: |-
-                              APIVersion defines the versioned schema of this representation of an object.
-                              Servers should convert recognized schemas to the latest internal value, and
-                              may reject unrecognized values.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                            type: string
-                          bootstrapTokens:
-                            description: |-
-                              bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                              This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                            items:
-                              description: BootstrapToken describes one bootstrap
-                                token, stored as a Secret in the cluster.
-                              properties:
-                                description:
-                                  description: |-
-                                    description sets a human-friendly message why this token exists and what it's used
-                                    for, so other administrators can know its purpose.
-                                  type: string
-                                expires:
-                                  description: |-
-                                    expires specifies the timestamp when this token expires. Defaults to being set
-                                    dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                                  format: date-time
-                                  type: string
-                                groups:
-                                  description: |-
-                                    groups specifies the extra groups that this token will authenticate as when/if
-                                    used for authentication
-                                  items:
-                                    type: string
-                                  type: array
-                                token:
-                                  description: |-
-                                    token is used for establishing bidirectional trust between nodes and control-planes.
-                                    Used for joining nodes in the cluster.
-                                  type: string
-                                ttl:
-                                  description: |-
-                                    ttl defines the time to live for this token. Defaults to 24h.
-                                    Expires and TTL are mutually exclusive.
-                                  type: string
-                                usages:
-                                  description: |-
-                                    usages describes the ways in which this token can be used. Can by default be used
-                                    for establishing bidirectional trust, but that can be changed here.
-                                  items:
-                                    type: string
-                                  type: array
-                              required:
-                              - token
-                              type: object
-                            type: array
-                          kind:
-                            description: |-
-                              Kind is a string value representing the REST resource this object represents.
-                              Servers may infer this from the endpoint the client submits requests to.
-                              Cannot be updated.
-                              In CamelCase.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          localAPIEndpoint:
-                            description: |-
-                              localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                              In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                              is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                              configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                              on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                              fails you may set the desired value here.
-                            properties:
-                              advertiseAddress:
-                                description: advertiseAddress sets the IP address
-                                  for the API server to advertise.
-                                type: string
-                              bindPort:
-                                description: |-
-                                  bindPort sets the secure port for the API Server to bind to.
-                                  Defaults to 6443.
-                                format: int32
-                                type: integer
-                            type: object
-                          nodeRegistration:
-                            description: |-
-                              nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                              When used in the context of control plane nodes, NodeRegistration should remain consistent
-                              across both InitConfiguration and JoinConfiguration
-                            properties:
-                              criSocket:
-                                description: criSocket is used to retrieve container
-                                  runtime info. This information will be annotated
-                                  to the Node API object, for later re-use
-                                type: string
-                              ignorePreflightErrors:
-                                description: ignorePreflightErrors provides a slice
-                                  of pre-flight errors to be ignored when the current
-                                  node is registered.
-                                items:
-                                  type: string
-                                type: array
-                              imagePullPolicy:
-                                description: |-
-                                  imagePullPolicy specifies the policy for image pulling
-                                  during kubeadm "init" and "join" operations. The value of
-                                  this field must be one of "Always", "IfNotPresent" or
-                                  "Never". Defaults to "IfNotPresent". This can be used only
-                                  with Kubernetes version equal to 1.22 and later.
-                                enum:
-                                - Always
-                                - IfNotPresent
-                                - Never
-                                type: string
-                              imagePullSerial:
-                                description: |-
-                                  imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
-                                  This option takes effect only on Kubernetes >=1.31.0.
-                                  Default: true (defaulted in kubeadm)
-                                type: boolean
-                              kubeletExtraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                  kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                  Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                type: object
-                              name:
-                                description: |-
-                                  name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                  This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                  Defaults to the hostname of the node if not provided.
-                                type: string
-                              taints:
-                                description: |-
-                                  taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                  it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                  empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
-                                items:
-                                  description: |-
-                                    The node this Taint is attached to has the "effect" on
-                                    any pod that does not tolerate the Taint.
-                                  properties:
-                                    effect:
-                                      description: |-
-                                        Required. The effect of the taint on pods
-                                        that do not tolerate the taint.
-                                        Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                      type: string
-                                    key:
-                                      description: Required. The taint key to be applied
-                                        to a node.
-                                      type: string
-                                    timeAdded:
-                                      description: |-
-                                        TimeAdded represents the time at which the taint was added.
-                                        It is only written for NoExecute taints.
-                                      format: date-time
-                                      type: string
-                                    value:
-                                      description: The taint value corresponding to
-                                        the taint key.
-                                      type: string
-                                  required:
-                                  - effect
-                                  - key
-                                  type: object
-                                type: array
-                            type: object
-                          patches:
-                            description: |-
-                              patches contains options related to applying patches to components deployed by kubeadm during
-                              "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
-                            properties:
-                              directory:
-                                description: |-
-                                  directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
-                                  For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
-                                  "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
-                                  of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
-                                  The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
-                                  "suffix" is an optional string that can be used to determine which patches are applied
-                                  first alpha-numerically.
-                                  These files can be written into the target directory via KubeadmConfig.Files which
-                                  specifies additional files to be created on the machine, either with content inline or
-                                  by referencing a secret.
-                                type: string
-                            type: object
-                          skipPhases:
-                            description: |-
-                              skipPhases is a list of phases to skip during command execution.
-                              The list of phases can be obtained with the "kubeadm init --help" command.
-                              This option takes effect only on Kubernetes >=1.22.0.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      joinConfiguration:
-                        description: joinConfiguration is the kubeadm configuration
-                          for the join command
-                        properties:
-                          apiVersion:
-                            description: |-
-                              APIVersion defines the versioned schema of this representation of an object.
-                              Servers should convert recognized schemas to the latest internal value, and
-                              may reject unrecognized values.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                            type: string
-                          caCertPath:
-                            description: |-
-                              caCertPath is the path to the SSL certificate authority used to
-                              secure comunications between node and control-plane.
-                              Defaults to "/etc/kubernetes/pki/ca.crt".
-                            type: string
-                          controlPlane:
-                            description: |-
-                              controlPlane defines the additional control plane instance to be deployed on the joining node.
-                              If nil, no additional control plane instance will be deployed.
-                            properties:
-                              localAPIEndpoint:
-                                description: localAPIEndpoint represents the endpoint
-                                  of the API server instance to be deployed on this
-                                  node.
-                                properties:
-                                  advertiseAddress:
-                                    description: advertiseAddress sets the IP address
-                                      for the API server to advertise.
-                                    type: string
-                                  bindPort:
-                                    description: |-
-                                      bindPort sets the secure port for the API Server to bind to.
-                                      Defaults to 6443.
-                                    format: int32
-                                    type: integer
-                                type: object
-                            type: object
-                          discovery:
-                            description: discovery specifies the options for the kubelet
-                              to use during the TLS Bootstrap process
-                            properties:
-                              bootstrapToken:
-                                description: |-
-                                  bootstrapToken is used to set the options for bootstrap token based discovery
-                                  BootstrapToken and File are mutually exclusive
-                                properties:
-                                  apiServerEndpoint:
-                                    description: apiServerEndpoint is an IP or domain
-                                      name to the API server from which info will
-                                      be fetched.
-                                    type: string
-                                  caCertHashes:
-                                    description: |-
-                                      caCertHashes specifies a set of public key pins to verify
-                                      when token-based discovery is used. The root CA found during discovery
-                                      must match one of these values. Specifying an empty set disables root CA
-                                      pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                                      where the only currently supported type is "sha256". This is a hex-encoded
-                                      SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                                      ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                                      openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                                    items:
-                                      type: string
-                                    type: array
-                                  token:
-                                    description: |-
-                                      token is a token used to validate cluster information
-                                      fetched from the control-plane.
-                                    type: string
-                                  unsafeSkipCAVerification:
-                                    description: |-
-                                      unsafeSkipCAVerification allows token-based discovery
-                                      without CA verification via CACertHashes. This can weaken
-                                      the security of kubeadm since other nodes can impersonate the control-plane.
-                                    type: boolean
-                                required:
-                                - token
-                                type: object
-                              file:
-                                description: |-
-                                  file is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                                  BootstrapToken and File are mutually exclusive
-                                properties:
-                                  kubeConfig:
-                                    description: |-
-                                      kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
-                                      The file is generated at the path specified in KubeConfigPath.
-
-                                      Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
-                                      Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
-                                    properties:
-                                      cluster:
-                                        description: |-
-                                          cluster contains information about how to communicate with the kubernetes cluster.
-
-                                          By default the following fields are automatically populated:
-                                          - Server with the Cluster's ControlPlaneEndpoint.
-                                          - CertificateAuthorityData with the Cluster's CA certificate.
-                                        properties:
-                                          certificateAuthorityData:
-                                            description: |-
-                                              certificateAuthorityData contains PEM-encoded certificate authority certificates.
-
-                                              Defaults to the Cluster's CA certificate if empty.
-                                            format: byte
-                                            type: string
-                                          insecureSkipTLSVerify:
-                                            description: insecureSkipTLSVerify skips
-                                              the validity check for the server's
-                                              certificate. This will make your HTTPS
-                                              connections insecure.
-                                            type: boolean
-                                          proxyURL:
-                                            description: |-
-                                              proxyURL is the URL to the proxy to be used for all requests made by this
-                                              client. URLs with "http", "https", and "socks5" schemes are supported.  If
-                                              this configuration is not provided or the empty string, the client
-                                              attempts to construct a proxy configuration from http_proxy and
-                                              https_proxy environment variables. If these environment variables are not
-                                              set, the client does not attempt to proxy requests.
-
-                                              socks5 proxying does not currently support spdy streaming endpoints (exec,
-                                              attach, port forward).
-                                            type: string
-                                          server:
-                                            description: |-
-                                              server is the address of the kubernetes cluster (https://hostname:port).
-
-                                              Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
-                                            type: string
-                                          tlsServerName:
-                                            description: tlsServerName is used to
-                                              check server certificate. If TLSServerName
-                                              is empty, the hostname used to contact
-                                              the server is used.
-                                            type: string
-                                        type: object
-                                      user:
-                                        description: |-
-                                          user contains information that describes identity information.
-                                          This is used to tell the kubernetes cluster who you are.
-                                        properties:
-                                          authProvider:
-                                            description: authProvider specifies a
-                                              custom authentication plugin for the
-                                              kubernetes cluster.
-                                            properties:
-                                              config:
-                                                additionalProperties:
-                                                  type: string
-                                                description: config holds the parameters
-                                                  for the authentication plugin.
-                                                type: object
-                                              name:
-                                                description: name is the name of the
-                                                  authentication plugin.
-                                                type: string
-                                            required:
-                                            - name
-                                            type: object
-                                          exec:
-                                            description: exec specifies a custom exec-based
-                                              authentication plugin for the kubernetes
-                                              cluster.
-                                            properties:
-                                              apiVersion:
-                                                description: |-
-                                                  Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
-                                                  the same encoding version as the input.
-                                                  Defaults to client.authentication.k8s.io/v1 if not set.
-                                                type: string
-                                              args:
-                                                description: Arguments to pass to
-                                                  the command when executing it.
-                                                items:
-                                                  type: string
-                                                type: array
-                                              command:
-                                                description: command to execute.
-                                                type: string
-                                              env:
-                                                description: |-
-                                                  env defines additional environment variables to expose to the process. These
-                                                  are unioned with the host's environment, as well as variables client-go uses
-                                                  to pass argument to the plugin.
-                                                items:
-                                                  description: |-
-                                                    KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
-                                                    credential plugin.
-                                                  properties:
-                                                    name:
-                                                      type: string
-                                                    value:
-                                                      type: string
-                                                  required:
-                                                  - name
-                                                  - value
-                                                  type: object
-                                                type: array
-                                              provideClusterInfo:
-                                                description: |-
-                                                  provideClusterInfo determines whether or not to provide cluster information,
-                                                  which could potentially contain very large CA data, to this exec plugin as a
-                                                  part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
-                                                  to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
-                                                  reading this environment variable.
-                                                type: boolean
-                                            required:
-                                            - command
-                                            type: object
-                                        type: object
-                                    required:
-                                    - user
-                                    type: object
-                                  kubeConfigPath:
-                                    description: kubeConfigPath is used to specify
-                                      the actual file path or URL to the kubeconfig
-                                      file from which to load cluster information
-                                    type: string
-                                required:
-                                - kubeConfigPath
-                                type: object
-                              timeout:
-                                description: timeout modifies the discovery timeout
-                                type: string
-                              tlsBootstrapToken:
-                                description: |-
-                                  tlsBootstrapToken is a token used for TLS bootstrapping.
-                                  If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                                  If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                                type: string
-                            type: object
-                          kind:
-                            description: |-
-                              Kind is a string value representing the REST resource this object represents.
-                              Servers may infer this from the endpoint the client submits requests to.
-                              Cannot be updated.
-                              In CamelCase.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                            type: string
-                          nodeRegistration:
-                            description: |-
-                              nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                              When used in the context of control plane nodes, NodeRegistration should remain consistent
-                              across both InitConfiguration and JoinConfiguration
-                            properties:
-                              criSocket:
-                                description: criSocket is used to retrieve container
-                                  runtime info. This information will be annotated
-                                  to the Node API object, for later re-use
-                                type: string
-                              ignorePreflightErrors:
-                                description: ignorePreflightErrors provides a slice
-                                  of pre-flight errors to be ignored when the current
-                                  node is registered.
-                                items:
-                                  type: string
-                                type: array
-                              imagePullPolicy:
-                                description: |-
-                                  imagePullPolicy specifies the policy for image pulling
-                                  during kubeadm "init" and "join" operations. The value of
-                                  this field must be one of "Always", "IfNotPresent" or
-                                  "Never". Defaults to "IfNotPresent". This can be used only
-                                  with Kubernetes version equal to 1.22 and later.
-                                enum:
-                                - Always
-                                - IfNotPresent
-                                - Never
-                                type: string
-                              imagePullSerial:
-                                description: |-
-                                  imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
-                                  This option takes effect only on Kubernetes >=1.31.0.
-                                  Default: true (defaulted in kubeadm)
-                                type: boolean
-                              kubeletExtraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                  kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                  Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                type: object
-                              name:
-                                description: |-
-                                  name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                  This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                  Defaults to the hostname of the node if not provided.
-                                type: string
-                              taints:
-                                description: |-
-                                  taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                  it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                  empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
-                                items:
-                                  description: |-
-                                    The node this Taint is attached to has the "effect" on
-                                    any pod that does not tolerate the Taint.
-                                  properties:
-                                    effect:
-                                      description: |-
-                                        Required. The effect of the taint on pods
-                                        that do not tolerate the taint.
-                                        Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                      type: string
-                                    key:
-                                      description: Required. The taint key to be applied
-                                        to a node.
-                                      type: string
-                                    timeAdded:
-                                      description: |-
-                                        TimeAdded represents the time at which the taint was added.
-                                        It is only written for NoExecute taints.
-                                      format: date-time
-                                      type: string
-                                    value:
-                                      description: The taint value corresponding to
-                                        the taint key.
-                                      type: string
-                                  required:
-                                  - effect
-                                  - key
-                                  type: object
-                                type: array
-                            type: object
-                          patches:
-                            description: |-
-                              patches contains options related to applying patches to components deployed by kubeadm during
-                              "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
-                            properties:
-                              directory:
-                                description: |-
-                                  directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
-                                  For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
-                                  "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
-                                  of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
-                                  The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
-                                  "suffix" is an optional string that can be used to determine which patches are applied
-                                  first alpha-numerically.
-                                  These files can be written into the target directory via KubeadmConfig.Files which
-                                  specifies additional files to be created on the machine, either with content inline or
-                                  by referencing a secret.
-                                type: string
-                            type: object
-                          skipPhases:
-                            description: |-
-                              skipPhases is a list of phases to skip during command execution.
-                              The list of phases can be obtained with the "kubeadm init --help" command.
-                              This option takes effect only on Kubernetes >=1.22.0.
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      mounts:
-                        description: mounts specifies a list of mount points to be
-                          setup.
-                        items:
-                          description: MountPoints defines input for generated mounts
-                            in cloud-init.
-                          items:
-                            type: string
-                          type: array
-                        type: array
-                      ntp:
-                        description: ntp specifies NTP configuration
-                        properties:
-                          enabled:
-                            description: enabled specifies whether NTP should be enabled
-                            type: boolean
-                          servers:
-                            description: servers specifies which NTP servers to use
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      postKubeadmCommands:
-                        description: postKubeadmCommands specifies extra commands
-                          to run after kubeadm runs
-                        items:
-                          type: string
-                        type: array
-                      preKubeadmCommands:
-                        description: preKubeadmCommands specifies extra commands to
-                          run before kubeadm runs
-                        items:
-                          type: string
-                        type: array
-                      useExperimentalRetryJoin:
-                        description: |-
-                          useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                          script with retries for joins.
-
-                          This is meant to be an experimental temporary workaround on some environments
-                          where joins fail due to timing (and other issues). The long term goal is to add retries to
-                          kubeadm proper and use that functionality.
-
-                          This will add about 40KB to userdata
-
-                          For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-
-                          Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
-                          When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
-                        type: boolean
-                      users:
-                        description: users specifies extra users to add
-                        items:
-                          description: User defines the input for a generated user
-                            in cloud-init.
-                          properties:
-                            gecos:
-                              description: gecos specifies the gecos to use for the
-                                user
-                              type: string
-                            groups:
-                              description: groups specifies the additional groups
-                                for the user
-                              type: string
-                            homeDir:
-                              description: homeDir specifies the home directory to
-                                use for the user
-                              type: string
-                            inactive:
-                              description: inactive specifies whether to mark the
-                                user as inactive
-                              type: boolean
-                            lockPassword:
-                              description: lockPassword specifies if password login
-                                should be disabled
-                              type: boolean
-                            name:
-                              description: name specifies the user name
-                              type: string
-                            passwd:
-                              description: passwd specifies a hashed password for
-                                the user
-                              type: string
-                            passwdFrom:
-                              description: passwdFrom is a referenced source of passwd
-                                to populate the passwd.
-                              properties:
-                                secret:
-                                  description: secret represents a secret that should
-                                    populate this password.
-                                  properties:
-                                    key:
-                                      description: key is the key in the secret's
-                                        data map for this value.
-                                      type: string
-                                    name:
-                                      description: name of the secret in the KubeadmBootstrapConfig's
-                                        namespace to use.
-                                      type: string
-                                  required:
-                                  - key
-                                  - name
-                                  type: object
-                              required:
-                              - secret
-                              type: object
-                            primaryGroup:
-                              description: primaryGroup specifies the primary group
-                                for the user
-                              type: string
-                            shell:
-                              description: shell specifies the user's shell
-                              type: string
-                            sshAuthorizedKeys:
-                              description: sshAuthorizedKeys specifies a list of ssh
-                                authorized keys for the user
-                              items:
-                                type: string
-                              type: array
-                            sudo:
-                              description: sudo specifies a sudo role for the user
-                              type: string
-                          required:
-                          - name
-                          type: object
-                        type: array
-                      verbosity:
-                        description: |-
-                          verbosity is the number for the kubeadm log level verbosity.
-                          It overrides the `--v` flag in kubeadm commands.
-                        format: int32
-                        type: integer
-                    type: object
-                type: object
-            required:
-            - template
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-manager
-  namespace: capi-kubeadm-bootstrap-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-leader-election-role
-  namespace: capi-kubeadm-bootstrap-system
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-manager-role
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - secrets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
-- apiGroups:
-  - bootstrap.cluster.x-k8s.io
-  resources:
-  - kubeadmconfigs
-  - kubeadmconfigs/finalizers
-  - kubeadmconfigs/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
-  - clusters
-  - clusters/status
-  - machinepools
-  - machinepools/status
-  - machines
-  - machines/status
-  - machinesets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-leader-election-rolebinding
-  namespace: capi-kubeadm-bootstrap-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: capi-kubeadm-bootstrap-leader-election-role
-subjects:
-- kind: ServiceAccount
-  name: capi-kubeadm-bootstrap-manager
-  namespace: capi-kubeadm-bootstrap-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: capi-kubeadm-bootstrap-manager-role
-subjects:
-- kind: ServiceAccount
-  name: capi-kubeadm-bootstrap-manager
-  namespace: capi-kubeadm-bootstrap-system
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-webhook-service
-  namespace: capi-kubeadm-bootstrap-system
-spec:
-  ports:
-  - port: 443
-    targetPort: webhook-server
-  selector:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-    control-plane: controller-manager
-  name: capi-kubeadm-bootstrap-controller-manager
-  namespace: capi-kubeadm-bootstrap-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      cluster.x-k8s.io/provider: bootstrap-kubeadm
-      control-plane: controller-manager
-  strategy: {}
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        cluster.x-k8s.io/provider: bootstrap-kubeadm
-        control-plane: controller-manager
-    spec:
-      containers:
-      - args:
-        - --leader-elect
-        - --diagnostics-address=:8443
-        - --insecure-diagnostics=false
-        - --feature-gates=MachinePool=true,KubeadmBootstrapFormatIgnition=false
-        - --bootstrap-token-ttl=15m
-        command:
-        - /manager
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.9.5
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: healthz
-        name: manager
-        ports:
-        - containerPort: 9443
-          name: webhook-server
-          protocol: TCP
-        - containerPort: 9440
-          name: healthz
-          protocol: TCP
-        - containerPort: 8443
-          name: metrics
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: healthz
-        resources: {}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsUser: 65532
-        terminationMessagePolicy: FallbackToLogsOnError
-        volumeMounts:
-        - mountPath: /tmp/k8s-webhook-server/serving-certs
-          name: cert
-          readOnly: true
-      securityContext:
-        runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: capi-kubeadm-bootstrap-manager
-      terminationGracePeriodSeconds: 10
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-      volumes:
-      - name: cert
-        secret:
-          secretName: capi-kubeadm-bootstrap-webhook-service-cert
-status: {}
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-mutating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-kubeadm-bootstrap-webhook-service
-      namespace: capi-kubeadm-bootstrap-system
-      path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
-  failurePolicy: Fail
-  name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - bootstrap.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - kubeadmconfigs
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-kubeadm-bootstrap-webhook-service
-      namespace: capi-kubeadm-bootstrap-system
-      path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
-  failurePolicy: Fail
-  name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - bootstrap.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - kubeadmconfigtemplates
-  sideEffects: None
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: bootstrap-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-bootstrap-validating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-kubeadm-bootstrap-webhook-service
-      namespace: capi-kubeadm-bootstrap-system
-      path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - bootstrap.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - kubeadmconfigs
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-kubeadm-bootstrap-webhook-service
-      namespace: capi-kubeadm-bootstrap-system
-      path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - bootstrap.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - kubeadmconfigtemplates
-  sideEffects: None
diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/control-plane/kubeadm/control-plane.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/control-plane/kubeadm/control-plane.yaml
deleted file mode 100644
index a69dcb1..0000000
--- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/control-plane/kubeadm/control-plane.yaml
+++ /dev/null
@@ -1,8280 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-    control-plane: controller-manager
-  name: capi-kubeadm-control-plane-system
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-selfsigned-issuer
-  namespace: capi-kubeadm-control-plane-system
-spec:
-  selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-serving-cert
-  namespace: capi-kubeadm-control-plane-system
-spec:
-  dnsNames:
-  - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc
-  - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local
-  issuerRef:
-    kind: Issuer
-    name: capi-kubeadm-control-plane-selfsigned-issuer
-  secretName: capi-kubeadm-control-plane-webhook-service-cert
-  subject:
-    organizations:
-    - k8s-sig-cluster-lifecycle
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    cluster.x-k8s.io/v1beta1: v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-kubeadm-control-plane-webhook-service
-          namespace: capi-kubeadm-control-plane-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: controlplane.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: KubeadmControlPlane
-    listKind: KubeadmControlPlaneList
-    plural: kubeadmcontrolplanes
-    shortNames:
-    - kcp
-    singular: kubeadmcontrolplane
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: This denotes whether or not the control plane has the uploaded
-        kubeadm-config configmap
-      jsonPath: .status.initialized
-      name: Initialized
-      type: boolean
-    - description: KubeadmControlPlane API Server is ready to receive requests
-      jsonPath: .status.ready
-      name: API Server Available
-      type: boolean
-    - description: Kubernetes version associated with this control plane
-      jsonPath: .spec.version
-      name: Version
-      type: string
-    - description: Total number of non-terminated machines targeted by this control
-        plane
-      jsonPath: .status.replicas
-      name: Replicas
-      type: integer
-    - description: Total number of fully running and ready control plane machines
-      jsonPath: .status.readyReplicas
-      name: Ready
-      type: integer
-    - description: Total number of non-terminated machines targeted by this control
-        plane that have the desired template spec
-      jsonPath: .status.updatedReplicas
-      name: Updated
-      type: integer
-    - description: Total number of unavailable machines targeted by this control plane
-      jsonPath: .status.unavailableReplicas
-      name: Unavailable
-      type: integer
-    deprecated: true
-    name: v1alpha3
-    schema:
-      openAPIV3Schema:
-        description: |-
-          KubeadmControlPlane is the Schema for the KubeadmControlPlane API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
-            properties:
-              infrastructureTemplate:
-                description: |-
-                  infrastructureTemplate is a required reference to a custom resource
-                  offered by an infrastructure provider.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: |-
-                      If referring to a piece of an object instead of an entire object, this string
-                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within a pod, this would take on a value like:
-                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]" (container with
-                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                      referencing a part of an object.
-                    type: string
-                  kind:
-                    description: |-
-                      Kind of the referent.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                    type: string
-                  name:
-                    description: |-
-                      Name of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                  namespace:
-                    description: |-
-                      Namespace of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                    type: string
-                  resourceVersion:
-                    description: |-
-                      Specific resourceVersion to which this reference is made, if any.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                    type: string
-                  uid:
-                    description: |-
-                      UID of the referent.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              kubeadmConfigSpec:
-                description: |-
-                  kubeadmConfigSpec is a KubeadmConfigSpec
-                  to use for initializing and joining machines to the control plane.
-                properties:
-                  clusterConfiguration:
-                    description: clusterConfiguration along with InitConfiguration
-                      are the configurations necessary for the init command
-                    properties:
-                      apiServer:
-                        description: APIServer contains extra settings for the API
-                          server control plane component
-                        properties:
-                          certSANs:
-                            description: CertSANs sets extra Subject Alternative Names
-                              for the API Server signing cert.
-                            items:
-                              type: string
-                            type: array
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: ExtraArgs is an extra set of flags to pass
-                              to the control plane component.
-                            type: object
-                          extraVolumes:
-                            description: ExtraVolumes is an extra set of host volumes,
-                              mounted to the control plane component.
-                            items:
-                              description: |-
-                                HostPathMount contains elements describing volumes that are mounted from the
-                                host.
-                              properties:
-                                hostPath:
-                                  description: |-
-                                    HostPath is the path in the host that will be mounted inside
-                                    the pod.
-                                  type: string
-                                mountPath:
-                                  description: MountPath is the path inside the pod
-                                    where hostPath will be mounted.
-                                  type: string
-                                name:
-                                  description: Name of the volume inside the pod template.
-                                  type: string
-                                pathType:
-                                  description: PathType is the type of the HostPath.
-                                  type: string
-                                readOnly:
-                                  description: ReadOnly controls write access to the
-                                    volume
-                                  type: boolean
-                              required:
-                              - hostPath
-                              - mountPath
-                              - name
-                              type: object
-                            type: array
-                          timeoutForControlPlane:
-                            description: TimeoutForControlPlane controls the timeout
-                              that we use for API server to appear
-                            type: string
-                        type: object
-                      apiVersion:
-                        description: |-
-                          APIVersion defines the versioned schema of this representation of an object.
-                          Servers should convert recognized schemas to the latest internal value, and
-                          may reject unrecognized values.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                        type: string
-                      certificatesDir:
-                        description: |-
-                          CertificatesDir specifies where to store or look for all required certificates.
-                          NB: if not provided, this will default to `/etc/kubernetes/pki`
-                        type: string
-                      clusterName:
-                        description: The cluster name
-                        type: string
-                      controlPlaneEndpoint:
-                        description: |-
-                          ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                          can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                          In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                          are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                          the BindPort is used.
-                          Possible usages are:
-                          e.g. In a cluster with more than one control plane instances, this field should be
-                          assigned the address of the external load balancer in front of the
-                          control plane instances.
-                          e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                          could be used for assigning a stable DNS to the control plane.
-                          NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                        type: string
-                      controllerManager:
-                        description: ControllerManager contains extra settings for
-                          the controller manager control plane component
-                        properties:
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: ExtraArgs is an extra set of flags to pass
-                              to the control plane component.
-                            type: object
-                          extraVolumes:
-                            description: ExtraVolumes is an extra set of host volumes,
-                              mounted to the control plane component.
-                            items:
-                              description: |-
-                                HostPathMount contains elements describing volumes that are mounted from the
-                                host.
-                              properties:
-                                hostPath:
-                                  description: |-
-                                    HostPath is the path in the host that will be mounted inside
-                                    the pod.
-                                  type: string
-                                mountPath:
-                                  description: MountPath is the path inside the pod
-                                    where hostPath will be mounted.
-                                  type: string
-                                name:
-                                  description: Name of the volume inside the pod template.
-                                  type: string
-                                pathType:
-                                  description: PathType is the type of the HostPath.
-                                  type: string
-                                readOnly:
-                                  description: ReadOnly controls write access to the
-                                    volume
-                                  type: boolean
-                              required:
-                              - hostPath
-                              - mountPath
-                              - name
-                              type: object
-                            type: array
-                        type: object
-                      dns:
-                        description: DNS defines the options for the DNS add-on installed
-                          in the cluster.
-                        properties:
-                          imageRepository:
-                            description: |-
-                              ImageRepository sets the container registry to pull images from.
-                              if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                            type: string
-                          imageTag:
-                            description: |-
-                              ImageTag allows to specify a tag for the image.
-                              In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                            type: string
-                          type:
-                            description: Type defines the DNS add-on to be used
-                            type: string
-                        type: object
-                      etcd:
-                        description: |-
-                          Etcd holds configuration for etcd.
-                          NB: This value defaults to a Local (stacked) etcd
-                        properties:
-                          external:
-                            description: |-
-                              External describes how to connect to an external etcd cluster
-                              Local and External are mutually exclusive
-                            properties:
-                              caFile:
-                                description: |-
-                                  CAFile is an SSL Certificate Authority file used to secure etcd communication.
-                                  Required if using a TLS connection.
-                                type: string
-                              certFile:
-                                description: |-
-                                  CertFile is an SSL certification file used to secure etcd communication.
-                                  Required if using a TLS connection.
-                                type: string
-                              endpoints:
-                                description: Endpoints of etcd members. Required for
-                                  ExternalEtcd.
-                                items:
-                                  type: string
-                                type: array
-                              keyFile:
-                                description: |-
-                                  KeyFile is an SSL key file used to secure etcd communication.
-                                  Required if using a TLS connection.
-                                type: string
-                            required:
-                            - caFile
-                            - certFile
-                            - endpoints
-                            - keyFile
-                            type: object
-                          local:
-                            description: |-
-                              Local provides configuration knobs for configuring the local etcd instance
-                              Local and External are mutually exclusive
-                            properties:
-                              dataDir:
-                                description: |-
-                                  DataDir is the directory etcd will place its data.
-                                  Defaults to "/var/lib/etcd".
-                                type: string
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  ExtraArgs are extra arguments provided to the etcd binary
-                                  when run inside a static pod.
-                                type: object
-                              imageRepository:
-                                description: |-
-                                  ImageRepository sets the container registry to pull images from.
-                                  if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                type: string
-                              imageTag:
-                                description: |-
-                                  ImageTag allows to specify a tag for the image.
-                                  In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                type: string
-                              peerCertSANs:
-                                description: PeerCertSANs sets extra Subject Alternative
-                                  Names for the etcd peer signing cert.
-                                items:
-                                  type: string
-                                type: array
-                              serverCertSANs:
-                                description: ServerCertSANs sets extra Subject Alternative
-                                  Names for the etcd server signing cert.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      featureGates:
-                        additionalProperties:
-                          type: boolean
-                        description: FeatureGates enabled by the user.
-                        type: object
-                      imageRepository:
-                        description: |-
-                          ImageRepository sets the container registry to pull images from.
-                          If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                          `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io`
-                          will be used for all the other images.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind is a string value representing the REST resource this object represents.
-                          Servers may infer this from the endpoint the client submits requests to.
-                          Cannot be updated.
-                          In CamelCase.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      kubernetesVersion:
-                        description: |-
-                          KubernetesVersion is the target version of the control plane.
-                          NB: This value defaults to the Machine object spec.version
-                        type: string
-                      networking:
-                        description: |-
-                          Networking holds configuration for the networking topology of the cluster.
-                          NB: This value defaults to the Cluster object spec.clusterNetwork.
-                        properties:
-                          dnsDomain:
-                            description: DNSDomain is the dns domain used by k8s services.
-                              Defaults to "cluster.local".
-                            type: string
-                          podSubnet:
-                            description: |-
-                              PodSubnet is the subnet used by pods.
-                              If unset, the API server will not allocate CIDR ranges for every node.
-                              Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                            type: string
-                          serviceSubnet:
-                            description: |-
-                              ServiceSubnet is the subnet used by k8s services.
-                              Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                              to "10.96.0.0/12" if that's unset.
-                            type: string
-                        type: object
-                      scheduler:
-                        description: Scheduler contains extra settings for the scheduler
-                          control plane component
-                        properties:
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: ExtraArgs is an extra set of flags to pass
-                              to the control plane component.
-                            type: object
-                          extraVolumes:
-                            description: ExtraVolumes is an extra set of host volumes,
-                              mounted to the control plane component.
-                            items:
-                              description: |-
-                                HostPathMount contains elements describing volumes that are mounted from the
-                                host.
-                              properties:
-                                hostPath:
-                                  description: |-
-                                    HostPath is the path in the host that will be mounted inside
-                                    the pod.
-                                  type: string
-                                mountPath:
-                                  description: MountPath is the path inside the pod
-                                    where hostPath will be mounted.
-                                  type: string
-                                name:
-                                  description: Name of the volume inside the pod template.
-                                  type: string
-                                pathType:
-                                  description: PathType is the type of the HostPath.
-                                  type: string
-                                readOnly:
-                                  description: ReadOnly controls write access to the
-                                    volume
-                                  type: boolean
-                              required:
-                              - hostPath
-                              - mountPath
-                              - name
-                              type: object
-                            type: array
-                        type: object
-                      useHyperKubeImage:
-                        description: UseHyperKubeImage controls if hyperkube should
-                          be used for Kubernetes components instead of their respective
-                          separate images
-                        type: boolean
-                    type: object
-                  diskSetup:
-                    description: diskSetup specifies options for the creation of partition
-                      tables and file systems on devices.
-                    properties:
-                      filesystems:
-                        description: filesystems specifies the list of file systems
-                          to setup.
-                        items:
-                          description: Filesystem defines the file systems to be created.
-                          properties:
-                            device:
-                              description: device specifies the device name
-                              type: string
-                            extraOpts:
-                              description: extraOpts defined extra options to add
-                                to the command for creating the file system.
-                              items:
-                                type: string
-                              type: array
-                            filesystem:
-                              description: filesystem specifies the file system type.
-                              type: string
-                            label:
-                              description: label specifies the file system label to
-                                be used. If set to None, no label is used.
-                              type: string
-                            overwrite:
-                              description: |-
-                                overwrite defines whether or not to overwrite any existing filesystem.
-                                If true, any pre-existing file system will be destroyed. Use with Caution.
-                              type: boolean
-                            partition:
-                              description: 'partition specifies the partition to use.
-                                The valid options are: "auto|any", "auto", "any",
-                                "none", and <NUM>, where NUM is the actual partition
-                                number.'
-                              type: string
-                            replaceFS:
-                              description: |-
-                                replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                                NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                              type: string
-                          required:
-                          - device
-                          - filesystem
-                          - label
-                          type: object
-                        type: array
-                      partitions:
-                        description: partitions specifies the list of the partitions
-                          to setup.
-                        items:
-                          description: Partition defines how to create and layout
-                            a partition.
-                          properties:
-                            device:
-                              description: device is the name of the device.
-                              type: string
-                            layout:
-                              description: |-
-                                layout specifies the device layout.
-                                If it is true, a single partition will be created for the entire device.
-                                When layout is false, it means don't partition or ignore existing partitioning.
-                              type: boolean
-                            overwrite:
-                              description: |-
-                                overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                                Use with caution. Default is 'false'.
-                              type: boolean
-                            tableType:
-                              description: |-
-                                tableType specifies the tupe of partition table. The following are supported:
-                                'mbr': default and setups a MS-DOS partition table
-                                'gpt': setups a GPT partition table
-                              type: string
-                          required:
-                          - device
-                          - layout
-                          type: object
-                        type: array
-                    type: object
-                  files:
-                    description: files specifies extra files to be passed to user_data
-                      upon creation.
-                    items:
-                      description: File defines the input for generating write_files
-                        in cloud-init.
-                      properties:
-                        content:
-                          description: content is the actual content of the file.
-                          type: string
-                        contentFrom:
-                          description: contentFrom is a referenced source of content
-                            to populate the file.
-                          properties:
-                            secret:
-                              description: secret represents a secret that should
-                                populate this file.
-                              properties:
-                                key:
-                                  description: key is the key in the secret's data
-                                    map for this value.
-                                  type: string
-                                name:
-                                  description: name of the secret in the KubeadmBootstrapConfig's
-                                    namespace to use.
-                                  type: string
-                              required:
-                              - key
-                              - name
-                              type: object
-                          required:
-                          - secret
-                          type: object
-                        encoding:
-                          description: encoding specifies the encoding of the file
-                            contents.
-                          enum:
-                          - base64
-                          - gzip
-                          - gzip+base64
-                          type: string
-                        owner:
-                          description: owner specifies the ownership of the file,
-                            e.g. "root:root".
-                          type: string
-                        path:
-                          description: path specifies the full path on disk where
-                            to store the file.
-                          type: string
-                        permissions:
-                          description: permissions specifies the permissions to assign
-                            to the file, e.g. "0640".
-                          type: string
-                      required:
-                      - path
-                      type: object
-                    type: array
-                  format:
-                    description: format specifies the output format of the bootstrap
-                      data
-                    enum:
-                    - cloud-config
-                    type: string
-                  initConfiguration:
-                    description: initConfiguration along with ClusterConfiguration
-                      are the configurations necessary for the init command
-                    properties:
-                      apiVersion:
-                        description: |-
-                          APIVersion defines the versioned schema of this representation of an object.
-                          Servers should convert recognized schemas to the latest internal value, and
-                          may reject unrecognized values.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                        type: string
-                      bootstrapTokens:
-                        description: |-
-                          BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                          This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                        items:
-                          description: BootstrapToken describes one bootstrap token,
-                            stored as a Secret in the cluster.
-                          properties:
-                            description:
-                              description: |-
-                                Description sets a human-friendly message why this token exists and what it's used
-                                for, so other administrators can know its purpose.
-                              type: string
-                            expires:
-                              description: |-
-                                Expires specifies the timestamp when this token expires. Defaults to being set
-                                dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                              format: date-time
-                              type: string
-                            groups:
-                              description: |-
-                                Groups specifies the extra groups that this token will authenticate as when/if
-                                used for authentication
-                              items:
-                                type: string
-                              type: array
-                            token:
-                              description: |-
-                                Token is used for establishing bidirectional trust between nodes and control-planes.
-                                Used for joining nodes in the cluster.
-                              type: string
-                            ttl:
-                              description: |-
-                                TTL defines the time to live for this token. Defaults to 24h.
-                                Expires and TTL are mutually exclusive.
-                              type: string
-                            usages:
-                              description: |-
-                                Usages describes the ways in which this token can be used. Can by default be used
-                                for establishing bidirectional trust, but that can be changed here.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - token
-                          type: object
-                        type: array
-                      kind:
-                        description: |-
-                          Kind is a string value representing the REST resource this object represents.
-                          Servers may infer this from the endpoint the client submits requests to.
-                          Cannot be updated.
-                          In CamelCase.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      localAPIEndpoint:
-                        description: |-
-                          LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                          In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                          is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                          configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                          on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                          fails you may set the desired value here.
-                        properties:
-                          advertiseAddress:
-                            description: AdvertiseAddress sets the IP address for
-                              the API server to advertise.
-                            type: string
-                          bindPort:
-                            description: |-
-                              BindPort sets the secure port for the API Server to bind to.
-                              Defaults to 6443.
-                            format: int32
-                            type: integer
-                        required:
-                        - advertiseAddress
-                        - bindPort
-                        type: object
-                      nodeRegistration:
-                        description: |-
-                          NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                          When used in the context of control plane nodes, NodeRegistration should remain consistent
-                          across both InitConfiguration and JoinConfiguration
-                        properties:
-                          criSocket:
-                            description: CRISocket is used to retrieve container runtime
-                              info. This information will be annotated to the Node
-                              API object, for later re-use
-                            type: string
-                          kubeletExtraArgs:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                              kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                              Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                            type: object
-                          name:
-                            description: |-
-                              Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                              This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                              Defaults to the hostname of the node if not provided.
-                            type: string
-                          taints:
-                            description: |-
-                              Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                              it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                              empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                            items:
-                              description: |-
-                                The node this Taint is attached to has the "effect" on
-                                any pod that does not tolerate the Taint.
-                              properties:
-                                effect:
-                                  description: |-
-                                    Required. The effect of the taint on pods
-                                    that do not tolerate the taint.
-                                    Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                  type: string
-                                key:
-                                  description: Required. The taint key to be applied
-                                    to a node.
-                                  type: string
-                                timeAdded:
-                                  description: |-
-                                    TimeAdded represents the time at which the taint was added.
-                                    It is only written for NoExecute taints.
-                                  format: date-time
-                                  type: string
-                                value:
-                                  description: The taint value corresponding to the
-                                    taint key.
-                                  type: string
-                              required:
-                              - effect
-                              - key
-                              type: object
-                            type: array
-                        type: object
-                    type: object
-                  joinConfiguration:
-                    description: joinConfiguration is the kubeadm configuration for
-                      the join command
-                    properties:
-                      apiVersion:
-                        description: |-
-                          APIVersion defines the versioned schema of this representation of an object.
-                          Servers should convert recognized schemas to the latest internal value, and
-                          may reject unrecognized values.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                        type: string
-                      caCertPath:
-                        description: |-
-                          CACertPath is the path to the SSL certificate authority used to
-                          secure comunications between node and control-plane.
-                          Defaults to "/etc/kubernetes/pki/ca.crt".
-                        type: string
-                      controlPlane:
-                        description: |-
-                          ControlPlane defines the additional control plane instance to be deployed on the joining node.
-                          If nil, no additional control plane instance will be deployed.
-                        properties:
-                          localAPIEndpoint:
-                            description: LocalAPIEndpoint represents the endpoint
-                              of the API server instance to be deployed on this node.
-                            properties:
-                              advertiseAddress:
-                                description: AdvertiseAddress sets the IP address
-                                  for the API server to advertise.
-                                type: string
-                              bindPort:
-                                description: |-
-                                  BindPort sets the secure port for the API Server to bind to.
-                                  Defaults to 6443.
-                                format: int32
-                                type: integer
-                            required:
-                            - advertiseAddress
-                            - bindPort
-                            type: object
-                        type: object
-                      discovery:
-                        description: Discovery specifies the options for the kubelet
-                          to use during the TLS Bootstrap process
-                        properties:
-                          bootstrapToken:
-                            description: |-
-                              BootstrapToken is used to set the options for bootstrap token based discovery
-                              BootstrapToken and File are mutually exclusive
-                            properties:
-                              apiServerEndpoint:
-                                description: APIServerEndpoint is an IP or domain
-                                  name to the API server from which info will be fetched.
-                                type: string
-                              caCertHashes:
-                                description: |-
-                                  CACertHashes specifies a set of public key pins to verify
-                                  when token-based discovery is used. The root CA found during discovery
-                                  must match one of these values. Specifying an empty set disables root CA
-                                  pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                                  where the only currently supported type is "sha256". This is a hex-encoded
-                                  SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                                  ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                                  openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                                items:
-                                  type: string
-                                type: array
-                              token:
-                                description: |-
-                                  Token is a token used to validate cluster information
-                                  fetched from the control-plane.
-                                type: string
-                              unsafeSkipCAVerification:
-                                description: |-
-                                  UnsafeSkipCAVerification allows token-based discovery
-                                  without CA verification via CACertHashes. This can weaken
-                                  the security of kubeadm since other nodes can impersonate the control-plane.
-                                type: boolean
-                            required:
-                            - token
-                            - unsafeSkipCAVerification
-                            type: object
-                          file:
-                            description: |-
-                              File is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                              BootstrapToken and File are mutually exclusive
-                            properties:
-                              kubeConfigPath:
-                                description: KubeConfigPath is used to specify the
-                                  actual file path or URL to the kubeconfig file from
-                                  which to load cluster information
-                                type: string
-                            required:
-                            - kubeConfigPath
-                            type: object
-                          timeout:
-                            description: Timeout modifies the discovery timeout
-                            type: string
-                          tlsBootstrapToken:
-                            description: |-
-                              TLSBootstrapToken is a token used for TLS bootstrapping.
-                              If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                              If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                            type: string
-                        type: object
-                      kind:
-                        description: |-
-                          Kind is a string value representing the REST resource this object represents.
-                          Servers may infer this from the endpoint the client submits requests to.
-                          Cannot be updated.
-                          In CamelCase.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      nodeRegistration:
-                        description: |-
-                          NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                          When used in the context of control plane nodes, NodeRegistration should remain consistent
-                          across both InitConfiguration and JoinConfiguration
-                        properties:
-                          criSocket:
-                            description: CRISocket is used to retrieve container runtime
-                              info. This information will be annotated to the Node
-                              API object, for later re-use
-                            type: string
-                          kubeletExtraArgs:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                              kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                              Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                            type: object
-                          name:
-                            description: |-
-                              Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                              This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                              Defaults to the hostname of the node if not provided.
-                            type: string
-                          taints:
-                            description: |-
-                              Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                              it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                              empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                            items:
-                              description: |-
-                                The node this Taint is attached to has the "effect" on
-                                any pod that does not tolerate the Taint.
-                              properties:
-                                effect:
-                                  description: |-
-                                    Required. The effect of the taint on pods
-                                    that do not tolerate the taint.
-                                    Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                  type: string
-                                key:
-                                  description: Required. The taint key to be applied
-                                    to a node.
-                                  type: string
-                                timeAdded:
-                                  description: |-
-                                    TimeAdded represents the time at which the taint was added.
-                                    It is only written for NoExecute taints.
-                                  format: date-time
-                                  type: string
-                                value:
-                                  description: The taint value corresponding to the
-                                    taint key.
-                                  type: string
-                              required:
-                              - effect
-                              - key
-                              type: object
-                            type: array
-                        type: object
-                    type: object
-                  mounts:
-                    description: mounts specifies a list of mount points to be setup.
-                    items:
-                      description: MountPoints defines input for generated mounts
-                        in cloud-init.
-                      items:
-                        type: string
-                      type: array
-                    type: array
-                  ntp:
-                    description: ntp specifies NTP configuration
-                    properties:
-                      enabled:
-                        description: enabled specifies whether NTP should be enabled
-                        type: boolean
-                      servers:
-                        description: servers specifies which NTP servers to use
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                  postKubeadmCommands:
-                    description: postKubeadmCommands specifies extra commands to run
-                      after kubeadm runs
-                    items:
-                      type: string
-                    type: array
-                  preKubeadmCommands:
-                    description: preKubeadmCommands specifies extra commands to run
-                      before kubeadm runs
-                    items:
-                      type: string
-                    type: array
-                  useExperimentalRetryJoin:
-                    description: |-
-                      useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                      script with retries for joins.
-
-                      This is meant to be an experimental temporary workaround on some environments
-                      where joins fail due to timing (and other issues). The long term goal is to add retries to
-                      kubeadm proper and use that functionality.
-
-                      This will add about 40KB to userdata
-
-                      For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-                    type: boolean
-                  users:
-                    description: users specifies extra users to add
-                    items:
-                      description: User defines the input for a generated user in
-                        cloud-init.
-                      properties:
-                        gecos:
-                          description: gecos specifies the gecos to use for the user
-                          type: string
-                        groups:
-                          description: groups specifies the additional groups for
-                            the user
-                          type: string
-                        homeDir:
-                          description: homeDir specifies the home directory to use
-                            for the user
-                          type: string
-                        inactive:
-                          description: inactive specifies whether to mark the user
-                            as inactive
-                          type: boolean
-                        lockPassword:
-                          description: lockPassword specifies if password login should
-                            be disabled
-                          type: boolean
-                        name:
-                          description: name specifies the user name
-                          type: string
-                        passwd:
-                          description: passwd specifies a hashed password for the
-                            user
-                          type: string
-                        primaryGroup:
-                          description: primaryGroup specifies the primary group for
-                            the user
-                          type: string
-                        shell:
-                          description: shell specifies the user's shell
-                          type: string
-                        sshAuthorizedKeys:
-                          description: sshAuthorizedKeys specifies a list of ssh authorized
-                            keys for the user
-                          items:
-                            type: string
-                          type: array
-                        sudo:
-                          description: sudo specifies a sudo role for the user
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    type: array
-                  verbosity:
-                    description: |-
-                      verbosity is the number for the kubeadm log level verbosity.
-                      It overrides the `--v` flag in kubeadm commands.
-                    format: int32
-                    type: integer
-                type: object
-              nodeDrainTimeout:
-                description: |-
-                  nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
-                  The default value is 0, meaning that the node can be drained without any time limitations.
-                  NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                type: string
-              replicas:
-                description: |-
-                  Number of desired machines. Defaults to 1. When stacked etcd is used only
-                  odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
-                  This is a pointer to distinguish between explicit zero and not specified.
-                format: int32
-                type: integer
-              rolloutStrategy:
-                description: |-
-                  The RolloutStrategy to use to replace control plane machines with
-                  new ones.
-                properties:
-                  rollingUpdate:
-                    description: |-
-                      Rolling update config params. Present only if
-                      RolloutStrategyType = RollingUpdate.
-                    properties:
-                      maxSurge:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of control planes that can be scheduled above or under the
-                          desired number of control planes.
-                          Value can be an absolute number 1 or 0.
-                          Defaults to 1.
-                          Example: when this is set to 1, the control plane can be scaled
-                          up immediately when the rolling update starts.
-                        x-kubernetes-int-or-string: true
-                    type: object
-                  type:
-                    description: |-
-                      type of rollout. Currently the only supported strategy is
-                      "RollingUpdate".
-                      Default is RollingUpdate.
-                    type: string
-                type: object
-              upgradeAfter:
-                description: |-
-                  upgradeAfter is a field to indicate an upgrade should be performed
-                  after the specified time even if no changes have been made to the
-                  KubeadmControlPlane
-                format: date-time
-                type: string
-              version:
-                description: version defines the desired Kubernetes version.
-                type: string
-            required:
-            - infrastructureTemplate
-            - kubeadmConfigSpec
-            - version
-            type: object
-          status:
-            description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
-            properties:
-              conditions:
-                description: conditions defines current service state of the KubeadmControlPlane.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  ErrorMessage indicates that there is a terminal problem reconciling the
-                  state, and will be set to a descriptive error message.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason indicates that there is a terminal problem reconciling the
-                  state, and will be set to a token value suitable for
-                  programmatic interpretation.
-                type: string
-              initialized:
-                description: |-
-                  initialized denotes whether or not the control plane has the
-                  uploaded kubeadm-config configmap.
-                type: boolean
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              ready:
-                description: |-
-                  ready denotes that the KubeadmControlPlane API Server is ready to
-                  receive requests.
-                type: boolean
-              readyReplicas:
-                description: Total number of fully running and ready control plane
-                  machines.
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this control plane
-                  (their labels match the selector).
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is the label selector in string format to avoid introspection
-                  by clients, and is used to provide the CRD-based integration for the
-                  scale subresource and additional integrations for things like kubectl
-                  describe.. The string will be in the same format as the query-param syntax.
-                  More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
-                type: string
-              unavailableReplicas:
-                description: |-
-                  Total number of unavailable machines targeted by this control plane.
-                  This is the total number of machines that are still required for
-                  the deployment to have 100% available capacity. They may either
-                  be machines that are running but not yet ready or machines
-                  that still have not been created.
-                format: int32
-                type: integer
-              updatedReplicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this control plane
-                  that have the desired template spec.
-                format: int32
-                type: integer
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      scale:
-        labelSelectorPath: .status.selector
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of KubeadmControlPlane
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: This denotes whether or not the control plane has the uploaded
-        kubeadm-config configmap
-      jsonPath: .status.initialized
-      name: Initialized
-      type: boolean
-    - description: KubeadmControlPlane API Server is ready to receive requests
-      jsonPath: .status.ready
-      name: API Server Available
-      type: boolean
-    - description: Kubernetes version associated with this control plane
-      jsonPath: .spec.version
-      name: Version
-      type: string
-    - description: Total number of non-terminated machines targeted by this control
-        plane
-      jsonPath: .status.replicas
-      name: Replicas
-      type: integer
-    - description: Total number of fully running and ready control plane machines
-      jsonPath: .status.readyReplicas
-      name: Ready
-      type: integer
-    - description: Total number of non-terminated machines targeted by this control
-        plane that have the desired template spec
-      jsonPath: .status.updatedReplicas
-      name: Updated
-      type: integer
-    - description: Total number of unavailable machines targeted by this control plane
-      jsonPath: .status.unavailableReplicas
-      name: Unavailable
-      type: integer
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          KubeadmControlPlane is the Schema for the KubeadmControlPlane API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
-            properties:
-              kubeadmConfigSpec:
-                description: |-
-                  kubeadmConfigSpec is a KubeadmConfigSpec
-                  to use for initializing and joining machines to the control plane.
-                properties:
-                  clusterConfiguration:
-                    description: clusterConfiguration along with InitConfiguration
-                      are the configurations necessary for the init command
-                    properties:
-                      apiServer:
-                        description: apiServer contains extra settings for the API
-                          server control plane component
-                        properties:
-                          certSANs:
-                            description: certSANs sets extra Subject Alternative Names
-                              for the API Server signing cert.
-                            items:
-                              type: string
-                            type: array
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: extraArgs is an extra set of flags to pass
-                              to the control plane component.
-                            type: object
-                          extraVolumes:
-                            description: extraVolumes is an extra set of host volumes,
-                              mounted to the control plane component.
-                            items:
-                              description: |-
-                                HostPathMount contains elements describing volumes that are mounted from the
-                                host.
-                              properties:
-                                hostPath:
-                                  description: |-
-                                    hostPath is the path in the host that will be mounted inside
-                                    the pod.
-                                  type: string
-                                mountPath:
-                                  description: mountPath is the path inside the pod
-                                    where hostPath will be mounted.
-                                  type: string
-                                name:
-                                  description: name of the volume inside the pod template.
-                                  type: string
-                                pathType:
-                                  description: pathType is the type of the HostPath.
-                                  type: string
-                                readOnly:
-                                  description: readOnly controls write access to the
-                                    volume
-                                  type: boolean
-                              required:
-                              - hostPath
-                              - mountPath
-                              - name
-                              type: object
-                            type: array
-                          timeoutForControlPlane:
-                            description: timeoutForControlPlane controls the timeout
-                              that we use for API server to appear
-                            type: string
-                        type: object
-                      apiVersion:
-                        description: |-
-                          APIVersion defines the versioned schema of this representation of an object.
-                          Servers should convert recognized schemas to the latest internal value, and
-                          may reject unrecognized values.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                        type: string
-                      certificatesDir:
-                        description: |-
-                          certificatesDir specifies where to store or look for all required certificates.
-                          NB: if not provided, this will default to `/etc/kubernetes/pki`
-                        type: string
-                      clusterName:
-                        description: The cluster name
-                        type: string
-                      controlPlaneEndpoint:
-                        description: |-
-                          controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                          can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                          In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                          are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                          the BindPort is used.
-                          Possible usages are:
-                          e.g. In a cluster with more than one control plane instances, this field should be
-                          assigned the address of the external load balancer in front of the
-                          control plane instances.
-                          e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                          could be used for assigning a stable DNS to the control plane.
-                          NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                        type: string
-                      controllerManager:
-                        description: controllerManager contains extra settings for
-                          the controller manager control plane component
-                        properties:
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: extraArgs is an extra set of flags to pass
-                              to the control plane component.
-                            type: object
-                          extraVolumes:
-                            description: extraVolumes is an extra set of host volumes,
-                              mounted to the control plane component.
-                            items:
-                              description: |-
-                                HostPathMount contains elements describing volumes that are mounted from the
-                                host.
-                              properties:
-                                hostPath:
-                                  description: |-
-                                    hostPath is the path in the host that will be mounted inside
-                                    the pod.
-                                  type: string
-                                mountPath:
-                                  description: mountPath is the path inside the pod
-                                    where hostPath will be mounted.
-                                  type: string
-                                name:
-                                  description: name of the volume inside the pod template.
-                                  type: string
-                                pathType:
-                                  description: pathType is the type of the HostPath.
-                                  type: string
-                                readOnly:
-                                  description: readOnly controls write access to the
-                                    volume
-                                  type: boolean
-                              required:
-                              - hostPath
-                              - mountPath
-                              - name
-                              type: object
-                            type: array
-                        type: object
-                      dns:
-                        description: dns defines the options for the DNS add-on installed
-                          in the cluster.
-                        properties:
-                          imageRepository:
-                            description: |-
-                              imageRepository sets the container registry to pull images from.
-                              if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                            type: string
-                          imageTag:
-                            description: |-
-                              imageTag allows to specify a tag for the image.
-                              In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                            type: string
-                        type: object
-                      etcd:
-                        description: |-
-                          etcd holds configuration for etcd.
-                          NB: This value defaults to a Local (stacked) etcd
-                        properties:
-                          external:
-                            description: |-
-                              external describes how to connect to an external etcd cluster
-                              Local and External are mutually exclusive
-                            properties:
-                              caFile:
-                                description: |-
-                                  caFile is an SSL Certificate Authority file used to secure etcd communication.
-                                  Required if using a TLS connection.
-                                type: string
-                              certFile:
-                                description: |-
-                                  certFile is an SSL certification file used to secure etcd communication.
-                                  Required if using a TLS connection.
-                                type: string
-                              endpoints:
-                                description: endpoints of etcd members. Required for
-                                  ExternalEtcd.
-                                items:
-                                  type: string
-                                type: array
-                              keyFile:
-                                description: |-
-                                  keyFile is an SSL key file used to secure etcd communication.
-                                  Required if using a TLS connection.
-                                type: string
-                            required:
-                            - caFile
-                            - certFile
-                            - endpoints
-                            - keyFile
-                            type: object
-                          local:
-                            description: |-
-                              local provides configuration knobs for configuring the local etcd instance
-                              Local and External are mutually exclusive
-                            properties:
-                              dataDir:
-                                description: |-
-                                  dataDir is the directory etcd will place its data.
-                                  Defaults to "/var/lib/etcd".
-                                type: string
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  extraArgs are extra arguments provided to the etcd binary
-                                  when run inside a static pod.
-                                type: object
-                              imageRepository:
-                                description: |-
-                                  imageRepository sets the container registry to pull images from.
-                                  if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                type: string
-                              imageTag:
-                                description: |-
-                                  imageTag allows to specify a tag for the image.
-                                  In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                type: string
-                              peerCertSANs:
-                                description: peerCertSANs sets extra Subject Alternative
-                                  Names for the etcd peer signing cert.
-                                items:
-                                  type: string
-                                type: array
-                              serverCertSANs:
-                                description: serverCertSANs sets extra Subject Alternative
-                                  Names for the etcd server signing cert.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      featureGates:
-                        additionalProperties:
-                          type: boolean
-                        description: featureGates enabled by the user.
-                        type: object
-                      imageRepository:
-                        description: |-
-                          imageRepository sets the container registry to pull images from.
-                          If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                          `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
-                          will be used for all the other images.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind is a string value representing the REST resource this object represents.
-                          Servers may infer this from the endpoint the client submits requests to.
-                          Cannot be updated.
-                          In CamelCase.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      kubernetesVersion:
-                        description: |-
-                          kubernetesVersion is the target version of the control plane.
-                          NB: This value defaults to the Machine object spec.version
-                        type: string
-                      networking:
-                        description: |-
-                          networking holds configuration for the networking topology of the cluster.
-                          NB: This value defaults to the Cluster object spec.clusterNetwork.
-                        properties:
-                          dnsDomain:
-                            description: dnsDomain is the dns domain used by k8s services.
-                              Defaults to "cluster.local".
-                            type: string
-                          podSubnet:
-                            description: |-
-                              podSubnet is the subnet used by pods.
-                              If unset, the API server will not allocate CIDR ranges for every node.
-                              Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                            type: string
-                          serviceSubnet:
-                            description: |-
-                              serviceSubnet is the subnet used by k8s services.
-                              Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                              to "10.96.0.0/12" if that's unset.
-                            type: string
-                        type: object
-                      scheduler:
-                        description: scheduler contains extra settings for the scheduler
-                          control plane component
-                        properties:
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: extraArgs is an extra set of flags to pass
-                              to the control plane component.
-                            type: object
-                          extraVolumes:
-                            description: extraVolumes is an extra set of host volumes,
-                              mounted to the control plane component.
-                            items:
-                              description: |-
-                                HostPathMount contains elements describing volumes that are mounted from the
-                                host.
-                              properties:
-                                hostPath:
-                                  description: |-
-                                    hostPath is the path in the host that will be mounted inside
-                                    the pod.
-                                  type: string
-                                mountPath:
-                                  description: mountPath is the path inside the pod
-                                    where hostPath will be mounted.
-                                  type: string
-                                name:
-                                  description: name of the volume inside the pod template.
-                                  type: string
-                                pathType:
-                                  description: pathType is the type of the HostPath.
-                                  type: string
-                                readOnly:
-                                  description: readOnly controls write access to the
-                                    volume
-                                  type: boolean
-                              required:
-                              - hostPath
-                              - mountPath
-                              - name
-                              type: object
-                            type: array
-                        type: object
-                    type: object
-                  diskSetup:
-                    description: diskSetup specifies options for the creation of partition
-                      tables and file systems on devices.
-                    properties:
-                      filesystems:
-                        description: filesystems specifies the list of file systems
-                          to setup.
-                        items:
-                          description: Filesystem defines the file systems to be created.
-                          properties:
-                            device:
-                              description: device specifies the device name
-                              type: string
-                            extraOpts:
-                              description: extraOpts defined extra options to add
-                                to the command for creating the file system.
-                              items:
-                                type: string
-                              type: array
-                            filesystem:
-                              description: filesystem specifies the file system type.
-                              type: string
-                            label:
-                              description: label specifies the file system label to
-                                be used. If set to None, no label is used.
-                              type: string
-                            overwrite:
-                              description: |-
-                                overwrite defines whether or not to overwrite any existing filesystem.
-                                If true, any pre-existing file system will be destroyed. Use with Caution.
-                              type: boolean
-                            partition:
-                              description: 'partition specifies the partition to use.
-                                The valid options are: "auto|any", "auto", "any",
-                                "none", and <NUM>, where NUM is the actual partition
-                                number.'
-                              type: string
-                            replaceFS:
-                              description: |-
-                                replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                                NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                              type: string
-                          required:
-                          - device
-                          - filesystem
-                          - label
-                          type: object
-                        type: array
-                      partitions:
-                        description: partitions specifies the list of the partitions
-                          to setup.
-                        items:
-                          description: Partition defines how to create and layout
-                            a partition.
-                          properties:
-                            device:
-                              description: device is the name of the device.
-                              type: string
-                            layout:
-                              description: |-
-                                layout specifies the device layout.
-                                If it is true, a single partition will be created for the entire device.
-                                When layout is false, it means don't partition or ignore existing partitioning.
-                              type: boolean
-                            overwrite:
-                              description: |-
-                                overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                                Use with caution. Default is 'false'.
-                              type: boolean
-                            tableType:
-                              description: |-
-                                tableType specifies the tupe of partition table. The following are supported:
-                                'mbr': default and setups a MS-DOS partition table
-                                'gpt': setups a GPT partition table
-                              type: string
-                          required:
-                          - device
-                          - layout
-                          type: object
-                        type: array
-                    type: object
-                  files:
-                    description: files specifies extra files to be passed to user_data
-                      upon creation.
-                    items:
-                      description: File defines the input for generating write_files
-                        in cloud-init.
-                      properties:
-                        content:
-                          description: content is the actual content of the file.
-                          type: string
-                        contentFrom:
-                          description: contentFrom is a referenced source of content
-                            to populate the file.
-                          properties:
-                            secret:
-                              description: secret represents a secret that should
-                                populate this file.
-                              properties:
-                                key:
-                                  description: key is the key in the secret's data
-                                    map for this value.
-                                  type: string
-                                name:
-                                  description: name of the secret in the KubeadmBootstrapConfig's
-                                    namespace to use.
-                                  type: string
-                              required:
-                              - key
-                              - name
-                              type: object
-                          required:
-                          - secret
-                          type: object
-                        encoding:
-                          description: encoding specifies the encoding of the file
-                            contents.
-                          enum:
-                          - base64
-                          - gzip
-                          - gzip+base64
-                          type: string
-                        owner:
-                          description: owner specifies the ownership of the file,
-                            e.g. "root:root".
-                          type: string
-                        path:
-                          description: path specifies the full path on disk where
-                            to store the file.
-                          type: string
-                        permissions:
-                          description: permissions specifies the permissions to assign
-                            to the file, e.g. "0640".
-                          type: string
-                      required:
-                      - path
-                      type: object
-                    type: array
-                  format:
-                    description: format specifies the output format of the bootstrap
-                      data
-                    enum:
-                    - cloud-config
-                    type: string
-                  initConfiguration:
-                    description: initConfiguration along with ClusterConfiguration
-                      are the configurations necessary for the init command
-                    properties:
-                      apiVersion:
-                        description: |-
-                          APIVersion defines the versioned schema of this representation of an object.
-                          Servers should convert recognized schemas to the latest internal value, and
-                          may reject unrecognized values.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                        type: string
-                      bootstrapTokens:
-                        description: |-
-                          bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                          This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                        items:
-                          description: BootstrapToken describes one bootstrap token,
-                            stored as a Secret in the cluster.
-                          properties:
-                            description:
-                              description: |-
-                                description sets a human-friendly message why this token exists and what it's used
-                                for, so other administrators can know its purpose.
-                              type: string
-                            expires:
-                              description: |-
-                                expires specifies the timestamp when this token expires. Defaults to being set
-                                dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                              format: date-time
-                              type: string
-                            groups:
-                              description: |-
-                                groups specifies the extra groups that this token will authenticate as when/if
-                                used for authentication
-                              items:
-                                type: string
-                              type: array
-                            token:
-                              description: |-
-                                token is used for establishing bidirectional trust between nodes and control-planes.
-                                Used for joining nodes in the cluster.
-                              type: string
-                            ttl:
-                              description: |-
-                                ttl defines the time to live for this token. Defaults to 24h.
-                                Expires and TTL are mutually exclusive.
-                              type: string
-                            usages:
-                              description: |-
-                                usages describes the ways in which this token can be used. Can by default be used
-                                for establishing bidirectional trust, but that can be changed here.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - token
-                          type: object
-                        type: array
-                      kind:
-                        description: |-
-                          Kind is a string value representing the REST resource this object represents.
-                          Servers may infer this from the endpoint the client submits requests to.
-                          Cannot be updated.
-                          In CamelCase.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      localAPIEndpoint:
-                        description: |-
-                          localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                          In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                          is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                          configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                          on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                          fails you may set the desired value here.
-                        properties:
-                          advertiseAddress:
-                            description: advertiseAddress sets the IP address for
-                              the API server to advertise.
-                            type: string
-                          bindPort:
-                            description: |-
-                              bindPort sets the secure port for the API Server to bind to.
-                              Defaults to 6443.
-                            format: int32
-                            type: integer
-                        type: object
-                      nodeRegistration:
-                        description: |-
-                          nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                          When used in the context of control plane nodes, NodeRegistration should remain consistent
-                          across both InitConfiguration and JoinConfiguration
-                        properties:
-                          criSocket:
-                            description: criSocket is used to retrieve container runtime
-                              info. This information will be annotated to the Node
-                              API object, for later re-use
-                            type: string
-                          ignorePreflightErrors:
-                            description: ignorePreflightErrors provides a slice of
-                              pre-flight errors to be ignored when the current node
-                              is registered.
-                            items:
-                              type: string
-                            type: array
-                          kubeletExtraArgs:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                              kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                              Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                            type: object
-                          name:
-                            description: |-
-                              name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                              This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                              Defaults to the hostname of the node if not provided.
-                            type: string
-                          taints:
-                            description: |-
-                              taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                              it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                              empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                            items:
-                              description: |-
-                                The node this Taint is attached to has the "effect" on
-                                any pod that does not tolerate the Taint.
-                              properties:
-                                effect:
-                                  description: |-
-                                    Required. The effect of the taint on pods
-                                    that do not tolerate the taint.
-                                    Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                  type: string
-                                key:
-                                  description: Required. The taint key to be applied
-                                    to a node.
-                                  type: string
-                                timeAdded:
-                                  description: |-
-                                    TimeAdded represents the time at which the taint was added.
-                                    It is only written for NoExecute taints.
-                                  format: date-time
-                                  type: string
-                                value:
-                                  description: The taint value corresponding to the
-                                    taint key.
-                                  type: string
-                              required:
-                              - effect
-                              - key
-                              type: object
-                            type: array
-                        type: object
-                    type: object
-                  joinConfiguration:
-                    description: joinConfiguration is the kubeadm configuration for
-                      the join command
-                    properties:
-                      apiVersion:
-                        description: |-
-                          APIVersion defines the versioned schema of this representation of an object.
-                          Servers should convert recognized schemas to the latest internal value, and
-                          may reject unrecognized values.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                        type: string
-                      caCertPath:
-                        description: |-
-                          caCertPath is the path to the SSL certificate authority used to
-                          secure comunications between node and control-plane.
-                          Defaults to "/etc/kubernetes/pki/ca.crt".
-                        type: string
-                      controlPlane:
-                        description: |-
-                          controlPlane defines the additional control plane instance to be deployed on the joining node.
-                          If nil, no additional control plane instance will be deployed.
-                        properties:
-                          localAPIEndpoint:
-                            description: localAPIEndpoint represents the endpoint
-                              of the API server instance to be deployed on this node.
-                            properties:
-                              advertiseAddress:
-                                description: advertiseAddress sets the IP address
-                                  for the API server to advertise.
-                                type: string
-                              bindPort:
-                                description: |-
-                                  bindPort sets the secure port for the API Server to bind to.
-                                  Defaults to 6443.
-                                format: int32
-                                type: integer
-                            type: object
-                        type: object
-                      discovery:
-                        description: discovery specifies the options for the kubelet
-                          to use during the TLS Bootstrap process
-                        properties:
-                          bootstrapToken:
-                            description: |-
-                              bootstrapToken is used to set the options for bootstrap token based discovery
-                              BootstrapToken and File are mutually exclusive
-                            properties:
-                              apiServerEndpoint:
-                                description: apiServerEndpoint is an IP or domain
-                                  name to the API server from which info will be fetched.
-                                type: string
-                              caCertHashes:
-                                description: |-
-                                  caCertHashes specifies a set of public key pins to verify
-                                  when token-based discovery is used. The root CA found during discovery
-                                  must match one of these values. Specifying an empty set disables root CA
-                                  pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                                  where the only currently supported type is "sha256". This is a hex-encoded
-                                  SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                                  ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                                  openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                                items:
-                                  type: string
-                                type: array
-                              token:
-                                description: |-
-                                  token is a token used to validate cluster information
-                                  fetched from the control-plane.
-                                type: string
-                              unsafeSkipCAVerification:
-                                description: |-
-                                  unsafeSkipCAVerification allows token-based discovery
-                                  without CA verification via CACertHashes. This can weaken
-                                  the security of kubeadm since other nodes can impersonate the control-plane.
-                                type: boolean
-                            required:
-                            - token
-                            type: object
-                          file:
-                            description: |-
-                              file is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                              BootstrapToken and File are mutually exclusive
-                            properties:
-                              kubeConfigPath:
-                                description: kubeConfigPath is used to specify the
-                                  actual file path or URL to the kubeconfig file from
-                                  which to load cluster information
-                                type: string
-                            required:
-                            - kubeConfigPath
-                            type: object
-                          timeout:
-                            description: timeout modifies the discovery timeout
-                            type: string
-                          tlsBootstrapToken:
-                            description: |-
-                              tlsBootstrapToken is a token used for TLS bootstrapping.
-                              If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                              If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                            type: string
-                        type: object
-                      kind:
-                        description: |-
-                          Kind is a string value representing the REST resource this object represents.
-                          Servers may infer this from the endpoint the client submits requests to.
-                          Cannot be updated.
-                          In CamelCase.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      nodeRegistration:
-                        description: |-
-                          nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                          When used in the context of control plane nodes, NodeRegistration should remain consistent
-                          across both InitConfiguration and JoinConfiguration
-                        properties:
-                          criSocket:
-                            description: criSocket is used to retrieve container runtime
-                              info. This information will be annotated to the Node
-                              API object, for later re-use
-                            type: string
-                          ignorePreflightErrors:
-                            description: ignorePreflightErrors provides a slice of
-                              pre-flight errors to be ignored when the current node
-                              is registered.
-                            items:
-                              type: string
-                            type: array
-                          kubeletExtraArgs:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                              kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                              Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                            type: object
-                          name:
-                            description: |-
-                              name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                              This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                              Defaults to the hostname of the node if not provided.
-                            type: string
-                          taints:
-                            description: |-
-                              taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                              it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                              empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                            items:
-                              description: |-
-                                The node this Taint is attached to has the "effect" on
-                                any pod that does not tolerate the Taint.
-                              properties:
-                                effect:
-                                  description: |-
-                                    Required. The effect of the taint on pods
-                                    that do not tolerate the taint.
-                                    Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                  type: string
-                                key:
-                                  description: Required. The taint key to be applied
-                                    to a node.
-                                  type: string
-                                timeAdded:
-                                  description: |-
-                                    TimeAdded represents the time at which the taint was added.
-                                    It is only written for NoExecute taints.
-                                  format: date-time
-                                  type: string
-                                value:
-                                  description: The taint value corresponding to the
-                                    taint key.
-                                  type: string
-                              required:
-                              - effect
-                              - key
-                              type: object
-                            type: array
-                        type: object
-                    type: object
-                  mounts:
-                    description: mounts specifies a list of mount points to be setup.
-                    items:
-                      description: MountPoints defines input for generated mounts
-                        in cloud-init.
-                      items:
-                        type: string
-                      type: array
-                    type: array
-                  ntp:
-                    description: ntp specifies NTP configuration
-                    properties:
-                      enabled:
-                        description: enabled specifies whether NTP should be enabled
-                        type: boolean
-                      servers:
-                        description: servers specifies which NTP servers to use
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                  postKubeadmCommands:
-                    description: postKubeadmCommands specifies extra commands to run
-                      after kubeadm runs
-                    items:
-                      type: string
-                    type: array
-                  preKubeadmCommands:
-                    description: preKubeadmCommands specifies extra commands to run
-                      before kubeadm runs
-                    items:
-                      type: string
-                    type: array
-                  useExperimentalRetryJoin:
-                    description: |-
-                      useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                      script with retries for joins.
-
-                      This is meant to be an experimental temporary workaround on some environments
-                      where joins fail due to timing (and other issues). The long term goal is to add retries to
-                      kubeadm proper and use that functionality.
-
-                      This will add about 40KB to userdata
-
-                      For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-                    type: boolean
-                  users:
-                    description: users specifies extra users to add
-                    items:
-                      description: User defines the input for a generated user in
-                        cloud-init.
-                      properties:
-                        gecos:
-                          description: gecos specifies the gecos to use for the user
-                          type: string
-                        groups:
-                          description: groups specifies the additional groups for
-                            the user
-                          type: string
-                        homeDir:
-                          description: homeDir specifies the home directory to use
-                            for the user
-                          type: string
-                        inactive:
-                          description: inactive specifies whether to mark the user
-                            as inactive
-                          type: boolean
-                        lockPassword:
-                          description: lockPassword specifies if password login should
-                            be disabled
-                          type: boolean
-                        name:
-                          description: name specifies the user name
-                          type: string
-                        passwd:
-                          description: passwd specifies a hashed password for the
-                            user
-                          type: string
-                        primaryGroup:
-                          description: primaryGroup specifies the primary group for
-                            the user
-                          type: string
-                        shell:
-                          description: shell specifies the user's shell
-                          type: string
-                        sshAuthorizedKeys:
-                          description: sshAuthorizedKeys specifies a list of ssh authorized
-                            keys for the user
-                          items:
-                            type: string
-                          type: array
-                        sudo:
-                          description: sudo specifies a sudo role for the user
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    type: array
-                  verbosity:
-                    description: |-
-                      verbosity is the number for the kubeadm log level verbosity.
-                      It overrides the `--v` flag in kubeadm commands.
-                    format: int32
-                    type: integer
-                type: object
-              machineTemplate:
-                description: |-
-                  machineTemplate contains information about how machines
-                  should be shaped when creating or updating a control plane.
-                properties:
-                  infrastructureRef:
-                    description: |-
-                      infrastructureRef is a required reference to a custom resource
-                      offered by an infrastructure provider.
-                    properties:
-                      apiVersion:
-                        description: API version of the referent.
-                        type: string
-                      fieldPath:
-                        description: |-
-                          If referring to a piece of an object instead of an entire object, this string
-                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                          For example, if the object reference is to a container within a pod, this would take on a value like:
-                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                          the event) or if no container name is specified "spec.containers[2]" (container with
-                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                          referencing a part of an object.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind of the referent.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      name:
-                        description: |-
-                          Name of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        type: string
-                      namespace:
-                        description: |-
-                          Namespace of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                        type: string
-                      resourceVersion:
-                        description: |-
-                          Specific resourceVersion to which this reference is made, if any.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                        type: string
-                      uid:
-                        description: |-
-                          UID of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  nodeDrainTimeout:
-                    description: |-
-                      nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
-                      The default value is 0, meaning that the node can be drained without any time limitations.
-                      NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                    type: string
-                required:
-                - infrastructureRef
-                type: object
-              replicas:
-                description: |-
-                  Number of desired machines. Defaults to 1. When stacked etcd is used only
-                  odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
-                  This is a pointer to distinguish between explicit zero and not specified.
-                format: int32
-                type: integer
-              rolloutAfter:
-                description: |-
-                  rolloutAfter is a field to indicate a rollout should be performed
-                  after the specified time even if no changes have been made to the
-                  KubeadmControlPlane.
-                format: date-time
-                type: string
-              rolloutStrategy:
-                default:
-                  rollingUpdate:
-                    maxSurge: 1
-                  type: RollingUpdate
-                description: |-
-                  The RolloutStrategy to use to replace control plane machines with
-                  new ones.
-                properties:
-                  rollingUpdate:
-                    description: |-
-                      Rolling update config params. Present only if
-                      RolloutStrategyType = RollingUpdate.
-                    properties:
-                      maxSurge:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of control planes that can be scheduled above or under the
-                          desired number of control planes.
-                          Value can be an absolute number 1 or 0.
-                          Defaults to 1.
-                          Example: when this is set to 1, the control plane can be scaled
-                          up immediately when the rolling update starts.
-                        x-kubernetes-int-or-string: true
-                    type: object
-                  type:
-                    description: |-
-                      type of rollout. Currently the only supported strategy is
-                      "RollingUpdate".
-                      Default is RollingUpdate.
-                    type: string
-                type: object
-              version:
-                description: version defines the desired Kubernetes version.
-                type: string
-            required:
-            - kubeadmConfigSpec
-            - machineTemplate
-            - version
-            type: object
-          status:
-            description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
-            properties:
-              conditions:
-                description: conditions defines current service state of the KubeadmControlPlane.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  ErrorMessage indicates that there is a terminal problem reconciling the
-                  state, and will be set to a descriptive error message.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason indicates that there is a terminal problem reconciling the
-                  state, and will be set to a token value suitable for
-                  programmatic interpretation.
-                type: string
-              initialized:
-                description: |-
-                  initialized denotes whether or not the control plane has the
-                  uploaded kubeadm-config configmap.
-                type: boolean
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              ready:
-                description: |-
-                  ready denotes that the KubeadmControlPlane API Server is ready to
-                  receive requests.
-                type: boolean
-              readyReplicas:
-                description: Total number of fully running and ready control plane
-                  machines.
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this control plane
-                  (their labels match the selector).
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is the label selector in string format to avoid introspection
-                  by clients, and is used to provide the CRD-based integration for the
-                  scale subresource and additional integrations for things like kubectl
-                  describe.. The string will be in the same format as the query-param syntax.
-                  More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
-                type: string
-              unavailableReplicas:
-                description: |-
-                  Total number of unavailable machines targeted by this control plane.
-                  This is the total number of machines that are still required for
-                  the deployment to have 100% available capacity. They may either
-                  be machines that are running but not yet ready or machines
-                  that still have not been created.
-                format: int32
-                type: integer
-              updatedReplicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this control plane
-                  that have the desired template spec.
-                format: int32
-                type: integer
-              version:
-                description: |-
-                  version represents the minimum Kubernetes version for the control plane machines
-                  in the cluster.
-                type: string
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      scale:
-        labelSelectorPath: .status.selector
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster
-      jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
-      name: Cluster
-      type: string
-    - description: This denotes whether or not the control plane has the uploaded
-        kubeadm-config configmap
-      jsonPath: .status.initialized
-      name: Initialized
-      type: boolean
-    - description: KubeadmControlPlane API Server is ready to receive requests
-      jsonPath: .status.ready
-      name: API Server Available
-      type: boolean
-    - description: Total number of machines desired by this control plane
-      jsonPath: .spec.replicas
-      name: Desired
-      priority: 10
-      type: integer
-    - description: Total number of non-terminated machines targeted by this control
-        plane
-      jsonPath: .status.replicas
-      name: Replicas
-      type: integer
-    - description: Total number of fully running and ready control plane machines
-      jsonPath: .status.readyReplicas
-      name: Ready
-      type: integer
-    - description: Total number of non-terminated machines targeted by this control
-        plane that have the desired template spec
-      jsonPath: .status.updatedReplicas
-      name: Updated
-      type: integer
-    - description: Total number of unavailable machines targeted by this control plane
-      jsonPath: .status.unavailableReplicas
-      name: Unavailable
-      type: integer
-    - description: Time duration since creation of KubeadmControlPlane
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - description: Kubernetes version associated with this control plane
-      jsonPath: .spec.version
-      name: Version
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: KubeadmControlPlane is the Schema for the KubeadmControlPlane
-          API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
-            properties:
-              kubeadmConfigSpec:
-                description: |-
-                  kubeadmConfigSpec is a KubeadmConfigSpec
-                  to use for initializing and joining machines to the control plane.
-                properties:
-                  clusterConfiguration:
-                    description: clusterConfiguration along with InitConfiguration
-                      are the configurations necessary for the init command
-                    properties:
-                      apiServer:
-                        description: apiServer contains extra settings for the API
-                          server control plane component
-                        properties:
-                          certSANs:
-                            description: certSANs sets extra Subject Alternative Names
-                              for the API Server signing cert.
-                            items:
-                              type: string
-                            type: array
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: extraArgs is an extra set of flags to pass
-                              to the control plane component.
-                            type: object
-                          extraEnvs:
-                            description: |-
-                              extraEnvs is an extra set of environment variables to pass to the control plane component.
-                              Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                              This option takes effect only on Kubernetes >=1.31.0.
-                            items:
-                              description: EnvVar represents an environment variable
-                                present in a Container.
-                              properties:
-                                name:
-                                  description: Name of the environment variable. Must
-                                    be a C_IDENTIFIER.
-                                  type: string
-                                value:
-                                  description: |-
-                                    Variable references $(VAR_NAME) are expanded
-                                    using the previously defined environment variables in the container and
-                                    any service environment variables. If a variable cannot be resolved,
-                                    the reference in the input string will be unchanged. Double $ are reduced
-                                    to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                    "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                    Escaped references will never be expanded, regardless of whether the variable
-                                    exists or not.
-                                    Defaults to "".
-                                  type: string
-                                valueFrom:
-                                  description: Source for the environment variable's
-                                    value. Cannot be used if value is not empty.
-                                  properties:
-                                    configMapKeyRef:
-                                      description: Selects a key of a ConfigMap.
-                                      properties:
-                                        key:
-                                          description: The key to select.
-                                          type: string
-                                        name:
-                                          default: ""
-                                          description: |-
-                                            Name of the referent.
-                                            This field is effectively required, but due to backwards compatibility is
-                                            allowed to be empty. Instances of this type with an empty value here are
-                                            almost certainly wrong.
-                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                          type: string
-                                        optional:
-                                          description: Specify whether the ConfigMap
-                                            or its key must be defined
-                                          type: boolean
-                                      required:
-                                      - key
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    fieldRef:
-                                      description: |-
-                                        Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                        spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                      properties:
-                                        apiVersion:
-                                          description: Version of the schema the FieldPath
-                                            is written in terms of, defaults to "v1".
-                                          type: string
-                                        fieldPath:
-                                          description: Path of the field to select
-                                            in the specified API version.
-                                          type: string
-                                      required:
-                                      - fieldPath
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    resourceFieldRef:
-                                      description: |-
-                                        Selects a resource of the container: only resources limits and requests
-                                        (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                      properties:
-                                        containerName:
-                                          description: 'Container name: required for
-                                            volumes, optional for env vars'
-                                          type: string
-                                        divisor:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Specifies the output format
-                                            of the exposed resources, defaults to
-                                            "1"
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        resource:
-                                          description: 'Required: resource to select'
-                                          type: string
-                                      required:
-                                      - resource
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    secretKeyRef:
-                                      description: Selects a key of a secret in the
-                                        pod's namespace
-                                      properties:
-                                        key:
-                                          description: The key of the secret to select
-                                            from.  Must be a valid secret key.
-                                          type: string
-                                        name:
-                                          default: ""
-                                          description: |-
-                                            Name of the referent.
-                                            This field is effectively required, but due to backwards compatibility is
-                                            allowed to be empty. Instances of this type with an empty value here are
-                                            almost certainly wrong.
-                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                          type: string
-                                        optional:
-                                          description: Specify whether the Secret
-                                            or its key must be defined
-                                          type: boolean
-                                      required:
-                                      - key
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                  type: object
-                              required:
-                              - name
-                              type: object
-                            type: array
-                          extraVolumes:
-                            description: extraVolumes is an extra set of host volumes,
-                              mounted to the control plane component.
-                            items:
-                              description: |-
-                                HostPathMount contains elements describing volumes that are mounted from the
-                                host.
-                              properties:
-                                hostPath:
-                                  description: |-
-                                    hostPath is the path in the host that will be mounted inside
-                                    the pod.
-                                  type: string
-                                mountPath:
-                                  description: mountPath is the path inside the pod
-                                    where hostPath will be mounted.
-                                  type: string
-                                name:
-                                  description: name of the volume inside the pod template.
-                                  type: string
-                                pathType:
-                                  description: pathType is the type of the HostPath.
-                                  type: string
-                                readOnly:
-                                  description: readOnly controls write access to the
-                                    volume
-                                  type: boolean
-                              required:
-                              - hostPath
-                              - mountPath
-                              - name
-                              type: object
-                            type: array
-                          timeoutForControlPlane:
-                            description: timeoutForControlPlane controls the timeout
-                              that we use for API server to appear
-                            type: string
-                        type: object
-                      apiVersion:
-                        description: |-
-                          APIVersion defines the versioned schema of this representation of an object.
-                          Servers should convert recognized schemas to the latest internal value, and
-                          may reject unrecognized values.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                        type: string
-                      certificatesDir:
-                        description: |-
-                          certificatesDir specifies where to store or look for all required certificates.
-                          NB: if not provided, this will default to `/etc/kubernetes/pki`
-                        type: string
-                      clusterName:
-                        description: The cluster name
-                        type: string
-                      controlPlaneEndpoint:
-                        description: |-
-                          controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                          can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                          In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                          are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                          the BindPort is used.
-                          Possible usages are:
-                          e.g. In a cluster with more than one control plane instances, this field should be
-                          assigned the address of the external load balancer in front of the
-                          control plane instances.
-                          e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                          could be used for assigning a stable DNS to the control plane.
-                          NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                        type: string
-                      controllerManager:
-                        description: controllerManager contains extra settings for
-                          the controller manager control plane component
-                        properties:
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: extraArgs is an extra set of flags to pass
-                              to the control plane component.
-                            type: object
-                          extraEnvs:
-                            description: |-
-                              extraEnvs is an extra set of environment variables to pass to the control plane component.
-                              Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                              This option takes effect only on Kubernetes >=1.31.0.
-                            items:
-                              description: EnvVar represents an environment variable
-                                present in a Container.
-                              properties:
-                                name:
-                                  description: Name of the environment variable. Must
-                                    be a C_IDENTIFIER.
-                                  type: string
-                                value:
-                                  description: |-
-                                    Variable references $(VAR_NAME) are expanded
-                                    using the previously defined environment variables in the container and
-                                    any service environment variables. If a variable cannot be resolved,
-                                    the reference in the input string will be unchanged. Double $ are reduced
-                                    to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                    "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                    Escaped references will never be expanded, regardless of whether the variable
-                                    exists or not.
-                                    Defaults to "".
-                                  type: string
-                                valueFrom:
-                                  description: Source for the environment variable's
-                                    value. Cannot be used if value is not empty.
-                                  properties:
-                                    configMapKeyRef:
-                                      description: Selects a key of a ConfigMap.
-                                      properties:
-                                        key:
-                                          description: The key to select.
-                                          type: string
-                                        name:
-                                          default: ""
-                                          description: |-
-                                            Name of the referent.
-                                            This field is effectively required, but due to backwards compatibility is
-                                            allowed to be empty. Instances of this type with an empty value here are
-                                            almost certainly wrong.
-                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                          type: string
-                                        optional:
-                                          description: Specify whether the ConfigMap
-                                            or its key must be defined
-                                          type: boolean
-                                      required:
-                                      - key
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    fieldRef:
-                                      description: |-
-                                        Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                        spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                      properties:
-                                        apiVersion:
-                                          description: Version of the schema the FieldPath
-                                            is written in terms of, defaults to "v1".
-                                          type: string
-                                        fieldPath:
-                                          description: Path of the field to select
-                                            in the specified API version.
-                                          type: string
-                                      required:
-                                      - fieldPath
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    resourceFieldRef:
-                                      description: |-
-                                        Selects a resource of the container: only resources limits and requests
-                                        (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                      properties:
-                                        containerName:
-                                          description: 'Container name: required for
-                                            volumes, optional for env vars'
-                                          type: string
-                                        divisor:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Specifies the output format
-                                            of the exposed resources, defaults to
-                                            "1"
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        resource:
-                                          description: 'Required: resource to select'
-                                          type: string
-                                      required:
-                                      - resource
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    secretKeyRef:
-                                      description: Selects a key of a secret in the
-                                        pod's namespace
-                                      properties:
-                                        key:
-                                          description: The key of the secret to select
-                                            from.  Must be a valid secret key.
-                                          type: string
-                                        name:
-                                          default: ""
-                                          description: |-
-                                            Name of the referent.
-                                            This field is effectively required, but due to backwards compatibility is
-                                            allowed to be empty. Instances of this type with an empty value here are
-                                            almost certainly wrong.
-                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                          type: string
-                                        optional:
-                                          description: Specify whether the Secret
-                                            or its key must be defined
-                                          type: boolean
-                                      required:
-                                      - key
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                  type: object
-                              required:
-                              - name
-                              type: object
-                            type: array
-                          extraVolumes:
-                            description: extraVolumes is an extra set of host volumes,
-                              mounted to the control plane component.
-                            items:
-                              description: |-
-                                HostPathMount contains elements describing volumes that are mounted from the
-                                host.
-                              properties:
-                                hostPath:
-                                  description: |-
-                                    hostPath is the path in the host that will be mounted inside
-                                    the pod.
-                                  type: string
-                                mountPath:
-                                  description: mountPath is the path inside the pod
-                                    where hostPath will be mounted.
-                                  type: string
-                                name:
-                                  description: name of the volume inside the pod template.
-                                  type: string
-                                pathType:
-                                  description: pathType is the type of the HostPath.
-                                  type: string
-                                readOnly:
-                                  description: readOnly controls write access to the
-                                    volume
-                                  type: boolean
-                              required:
-                              - hostPath
-                              - mountPath
-                              - name
-                              type: object
-                            type: array
-                        type: object
-                      dns:
-                        description: dns defines the options for the DNS add-on installed
-                          in the cluster.
-                        properties:
-                          imageRepository:
-                            description: |-
-                              imageRepository sets the container registry to pull images from.
-                              if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                            type: string
-                          imageTag:
-                            description: |-
-                              imageTag allows to specify a tag for the image.
-                              In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                            type: string
-                        type: object
-                      etcd:
-                        description: |-
-                          etcd holds configuration for etcd.
-                          NB: This value defaults to a Local (stacked) etcd
-                        properties:
-                          external:
-                            description: |-
-                              external describes how to connect to an external etcd cluster
-                              Local and External are mutually exclusive
-                            properties:
-                              caFile:
-                                description: |-
-                                  caFile is an SSL Certificate Authority file used to secure etcd communication.
-                                  Required if using a TLS connection.
-                                type: string
-                              certFile:
-                                description: |-
-                                  certFile is an SSL certification file used to secure etcd communication.
-                                  Required if using a TLS connection.
-                                type: string
-                              endpoints:
-                                description: endpoints of etcd members. Required for
-                                  ExternalEtcd.
-                                items:
-                                  type: string
-                                type: array
-                              keyFile:
-                                description: |-
-                                  keyFile is an SSL key file used to secure etcd communication.
-                                  Required if using a TLS connection.
-                                type: string
-                            required:
-                            - caFile
-                            - certFile
-                            - endpoints
-                            - keyFile
-                            type: object
-                          local:
-                            description: |-
-                              local provides configuration knobs for configuring the local etcd instance
-                              Local and External are mutually exclusive
-                            properties:
-                              dataDir:
-                                description: |-
-                                  dataDir is the directory etcd will place its data.
-                                  Defaults to "/var/lib/etcd".
-                                type: string
-                              extraArgs:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  extraArgs are extra arguments provided to the etcd binary
-                                  when run inside a static pod.
-                                type: object
-                              extraEnvs:
-                                description: |-
-                                  extraEnvs is an extra set of environment variables to pass to the control plane component.
-                                  Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                                  This option takes effect only on Kubernetes >=1.31.0.
-                                items:
-                                  description: EnvVar represents an environment variable
-                                    present in a Container.
-                                  properties:
-                                    name:
-                                      description: Name of the environment variable.
-                                        Must be a C_IDENTIFIER.
-                                      type: string
-                                    value:
-                                      description: |-
-                                        Variable references $(VAR_NAME) are expanded
-                                        using the previously defined environment variables in the container and
-                                        any service environment variables. If a variable cannot be resolved,
-                                        the reference in the input string will be unchanged. Double $ are reduced
-                                        to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                        "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                        Escaped references will never be expanded, regardless of whether the variable
-                                        exists or not.
-                                        Defaults to "".
-                                      type: string
-                                    valueFrom:
-                                      description: Source for the environment variable's
-                                        value. Cannot be used if value is not empty.
-                                      properties:
-                                        configMapKeyRef:
-                                          description: Selects a key of a ConfigMap.
-                                          properties:
-                                            key:
-                                              description: The key to select.
-                                              type: string
-                                            name:
-                                              default: ""
-                                              description: |-
-                                                Name of the referent.
-                                                This field is effectively required, but due to backwards compatibility is
-                                                allowed to be empty. Instances of this type with an empty value here are
-                                                almost certainly wrong.
-                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                              type: string
-                                            optional:
-                                              description: Specify whether the ConfigMap
-                                                or its key must be defined
-                                              type: boolean
-                                          required:
-                                          - key
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        fieldRef:
-                                          description: |-
-                                            Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                            spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                          properties:
-                                            apiVersion:
-                                              description: Version of the schema the
-                                                FieldPath is written in terms of,
-                                                defaults to "v1".
-                                              type: string
-                                            fieldPath:
-                                              description: Path of the field to select
-                                                in the specified API version.
-                                              type: string
-                                          required:
-                                          - fieldPath
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        resourceFieldRef:
-                                          description: |-
-                                            Selects a resource of the container: only resources limits and requests
-                                            (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                          properties:
-                                            containerName:
-                                              description: 'Container name: required
-                                                for volumes, optional for env vars'
-                                              type: string
-                                            divisor:
-                                              anyOf:
-                                              - type: integer
-                                              - type: string
-                                              description: Specifies the output format
-                                                of the exposed resources, defaults
-                                                to "1"
-                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                              x-kubernetes-int-or-string: true
-                                            resource:
-                                              description: 'Required: resource to
-                                                select'
-                                              type: string
-                                          required:
-                                          - resource
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                        secretKeyRef:
-                                          description: Selects a key of a secret in
-                                            the pod's namespace
-                                          properties:
-                                            key:
-                                              description: The key of the secret to
-                                                select from.  Must be a valid secret
-                                                key.
-                                              type: string
-                                            name:
-                                              default: ""
-                                              description: |-
-                                                Name of the referent.
-                                                This field is effectively required, but due to backwards compatibility is
-                                                allowed to be empty. Instances of this type with an empty value here are
-                                                almost certainly wrong.
-                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                              type: string
-                                            optional:
-                                              description: Specify whether the Secret
-                                                or its key must be defined
-                                              type: boolean
-                                          required:
-                                          - key
-                                          type: object
-                                          x-kubernetes-map-type: atomic
-                                      type: object
-                                  required:
-                                  - name
-                                  type: object
-                                type: array
-                              imageRepository:
-                                description: |-
-                                  imageRepository sets the container registry to pull images from.
-                                  if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                type: string
-                              imageTag:
-                                description: |-
-                                  imageTag allows to specify a tag for the image.
-                                  In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                type: string
-                              peerCertSANs:
-                                description: peerCertSANs sets extra Subject Alternative
-                                  Names for the etcd peer signing cert.
-                                items:
-                                  type: string
-                                type: array
-                              serverCertSANs:
-                                description: serverCertSANs sets extra Subject Alternative
-                                  Names for the etcd server signing cert.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                        type: object
-                      featureGates:
-                        additionalProperties:
-                          type: boolean
-                        description: featureGates enabled by the user.
-                        type: object
-                      imageRepository:
-                        description: |-
-                          imageRepository sets the container registry to pull images from.
-                          * If not set, the default registry of kubeadm will be used, i.e.
-                            * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
-                            * k8s.gcr.io (old registry): all older versions
-                            Please note that when imageRepository is not set we don't allow upgrades to
-                            versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
-                            a newer patch version with the new registry instead (i.e. >= v1.22.17,
-                            >= v1.23.15, >= v1.24.9, >= v1.25.0).
-                          * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                           `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
-                            and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind is a string value representing the REST resource this object represents.
-                          Servers may infer this from the endpoint the client submits requests to.
-                          Cannot be updated.
-                          In CamelCase.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      kubernetesVersion:
-                        description: |-
-                          kubernetesVersion is the target version of the control plane.
-                          NB: This value defaults to the Machine object spec.version
-                        type: string
-                      networking:
-                        description: |-
-                          networking holds configuration for the networking topology of the cluster.
-                          NB: This value defaults to the Cluster object spec.clusterNetwork.
-                        properties:
-                          dnsDomain:
-                            description: dnsDomain is the dns domain used by k8s services.
-                              Defaults to "cluster.local".
-                            type: string
-                          podSubnet:
-                            description: |-
-                              podSubnet is the subnet used by pods.
-                              If unset, the API server will not allocate CIDR ranges for every node.
-                              Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                            type: string
-                          serviceSubnet:
-                            description: |-
-                              serviceSubnet is the subnet used by k8s services.
-                              Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                              to "10.96.0.0/12" if that's unset.
-                            type: string
-                        type: object
-                      scheduler:
-                        description: scheduler contains extra settings for the scheduler
-                          control plane component
-                        properties:
-                          extraArgs:
-                            additionalProperties:
-                              type: string
-                            description: extraArgs is an extra set of flags to pass
-                              to the control plane component.
-                            type: object
-                          extraEnvs:
-                            description: |-
-                              extraEnvs is an extra set of environment variables to pass to the control plane component.
-                              Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                              This option takes effect only on Kubernetes >=1.31.0.
-                            items:
-                              description: EnvVar represents an environment variable
-                                present in a Container.
-                              properties:
-                                name:
-                                  description: Name of the environment variable. Must
-                                    be a C_IDENTIFIER.
-                                  type: string
-                                value:
-                                  description: |-
-                                    Variable references $(VAR_NAME) are expanded
-                                    using the previously defined environment variables in the container and
-                                    any service environment variables. If a variable cannot be resolved,
-                                    the reference in the input string will be unchanged. Double $ are reduced
-                                    to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                    "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                    Escaped references will never be expanded, regardless of whether the variable
-                                    exists or not.
-                                    Defaults to "".
-                                  type: string
-                                valueFrom:
-                                  description: Source for the environment variable's
-                                    value. Cannot be used if value is not empty.
-                                  properties:
-                                    configMapKeyRef:
-                                      description: Selects a key of a ConfigMap.
-                                      properties:
-                                        key:
-                                          description: The key to select.
-                                          type: string
-                                        name:
-                                          default: ""
-                                          description: |-
-                                            Name of the referent.
-                                            This field is effectively required, but due to backwards compatibility is
-                                            allowed to be empty. Instances of this type with an empty value here are
-                                            almost certainly wrong.
-                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                          type: string
-                                        optional:
-                                          description: Specify whether the ConfigMap
-                                            or its key must be defined
-                                          type: boolean
-                                      required:
-                                      - key
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    fieldRef:
-                                      description: |-
-                                        Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                        spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                      properties:
-                                        apiVersion:
-                                          description: Version of the schema the FieldPath
-                                            is written in terms of, defaults to "v1".
-                                          type: string
-                                        fieldPath:
-                                          description: Path of the field to select
-                                            in the specified API version.
-                                          type: string
-                                      required:
-                                      - fieldPath
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    resourceFieldRef:
-                                      description: |-
-                                        Selects a resource of the container: only resources limits and requests
-                                        (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                      properties:
-                                        containerName:
-                                          description: 'Container name: required for
-                                            volumes, optional for env vars'
-                                          type: string
-                                        divisor:
-                                          anyOf:
-                                          - type: integer
-                                          - type: string
-                                          description: Specifies the output format
-                                            of the exposed resources, defaults to
-                                            "1"
-                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                          x-kubernetes-int-or-string: true
-                                        resource:
-                                          description: 'Required: resource to select'
-                                          type: string
-                                      required:
-                                      - resource
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                    secretKeyRef:
-                                      description: Selects a key of a secret in the
-                                        pod's namespace
-                                      properties:
-                                        key:
-                                          description: The key of the secret to select
-                                            from.  Must be a valid secret key.
-                                          type: string
-                                        name:
-                                          default: ""
-                                          description: |-
-                                            Name of the referent.
-                                            This field is effectively required, but due to backwards compatibility is
-                                            allowed to be empty. Instances of this type with an empty value here are
-                                            almost certainly wrong.
-                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                          type: string
-                                        optional:
-                                          description: Specify whether the Secret
-                                            or its key must be defined
-                                          type: boolean
-                                      required:
-                                      - key
-                                      type: object
-                                      x-kubernetes-map-type: atomic
-                                  type: object
-                              required:
-                              - name
-                              type: object
-                            type: array
-                          extraVolumes:
-                            description: extraVolumes is an extra set of host volumes,
-                              mounted to the control plane component.
-                            items:
-                              description: |-
-                                HostPathMount contains elements describing volumes that are mounted from the
-                                host.
-                              properties:
-                                hostPath:
-                                  description: |-
-                                    hostPath is the path in the host that will be mounted inside
-                                    the pod.
-                                  type: string
-                                mountPath:
-                                  description: mountPath is the path inside the pod
-                                    where hostPath will be mounted.
-                                  type: string
-                                name:
-                                  description: name of the volume inside the pod template.
-                                  type: string
-                                pathType:
-                                  description: pathType is the type of the HostPath.
-                                  type: string
-                                readOnly:
-                                  description: readOnly controls write access to the
-                                    volume
-                                  type: boolean
-                              required:
-                              - hostPath
-                              - mountPath
-                              - name
-                              type: object
-                            type: array
-                        type: object
-                    type: object
-                  diskSetup:
-                    description: diskSetup specifies options for the creation of partition
-                      tables and file systems on devices.
-                    properties:
-                      filesystems:
-                        description: filesystems specifies the list of file systems
-                          to setup.
-                        items:
-                          description: Filesystem defines the file systems to be created.
-                          properties:
-                            device:
-                              description: device specifies the device name
-                              type: string
-                            extraOpts:
-                              description: extraOpts defined extra options to add
-                                to the command for creating the file system.
-                              items:
-                                type: string
-                              type: array
-                            filesystem:
-                              description: filesystem specifies the file system type.
-                              type: string
-                            label:
-                              description: label specifies the file system label to
-                                be used. If set to None, no label is used.
-                              type: string
-                            overwrite:
-                              description: |-
-                                overwrite defines whether or not to overwrite any existing filesystem.
-                                If true, any pre-existing file system will be destroyed. Use with Caution.
-                              type: boolean
-                            partition:
-                              description: 'partition specifies the partition to use.
-                                The valid options are: "auto|any", "auto", "any",
-                                "none", and <NUM>, where NUM is the actual partition
-                                number.'
-                              type: string
-                            replaceFS:
-                              description: |-
-                                replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                                NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                              type: string
-                          required:
-                          - device
-                          - filesystem
-                          - label
-                          type: object
-                        type: array
-                      partitions:
-                        description: partitions specifies the list of the partitions
-                          to setup.
-                        items:
-                          description: Partition defines how to create and layout
-                            a partition.
-                          properties:
-                            device:
-                              description: device is the name of the device.
-                              type: string
-                            layout:
-                              description: |-
-                                layout specifies the device layout.
-                                If it is true, a single partition will be created for the entire device.
-                                When layout is false, it means don't partition or ignore existing partitioning.
-                              type: boolean
-                            overwrite:
-                              description: |-
-                                overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                                Use with caution. Default is 'false'.
-                              type: boolean
-                            tableType:
-                              description: |-
-                                tableType specifies the tupe of partition table. The following are supported:
-                                'mbr': default and setups a MS-DOS partition table
-                                'gpt': setups a GPT partition table
-                              type: string
-                          required:
-                          - device
-                          - layout
-                          type: object
-                        type: array
-                    type: object
-                  files:
-                    description: files specifies extra files to be passed to user_data
-                      upon creation.
-                    items:
-                      description: File defines the input for generating write_files
-                        in cloud-init.
-                      properties:
-                        append:
-                          description: append specifies whether to append Content
-                            to existing file if Path exists.
-                          type: boolean
-                        content:
-                          description: content is the actual content of the file.
-                          type: string
-                        contentFrom:
-                          description: contentFrom is a referenced source of content
-                            to populate the file.
-                          properties:
-                            secret:
-                              description: secret represents a secret that should
-                                populate this file.
-                              properties:
-                                key:
-                                  description: key is the key in the secret's data
-                                    map for this value.
-                                  type: string
-                                name:
-                                  description: name of the secret in the KubeadmBootstrapConfig's
-                                    namespace to use.
-                                  type: string
-                              required:
-                              - key
-                              - name
-                              type: object
-                          required:
-                          - secret
-                          type: object
-                        encoding:
-                          description: encoding specifies the encoding of the file
-                            contents.
-                          enum:
-                          - base64
-                          - gzip
-                          - gzip+base64
-                          type: string
-                        owner:
-                          description: owner specifies the ownership of the file,
-                            e.g. "root:root".
-                          type: string
-                        path:
-                          description: path specifies the full path on disk where
-                            to store the file.
-                          type: string
-                        permissions:
-                          description: permissions specifies the permissions to assign
-                            to the file, e.g. "0640".
-                          type: string
-                      required:
-                      - path
-                      type: object
-                    type: array
-                  format:
-                    description: format specifies the output format of the bootstrap
-                      data
-                    enum:
-                    - cloud-config
-                    - ignition
-                    type: string
-                  ignition:
-                    description: ignition contains Ignition specific configuration.
-                    properties:
-                      containerLinuxConfig:
-                        description: containerLinuxConfig contains CLC specific configuration.
-                        properties:
-                          additionalConfig:
-                            description: |-
-                              additionalConfig contains additional configuration to be merged with the Ignition
-                              configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
-
-                              The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
-                            type: string
-                          strict:
-                            description: strict controls if AdditionalConfig should
-                              be strictly parsed. If so, warnings are treated as errors.
-                            type: boolean
-                        type: object
-                    type: object
-                  initConfiguration:
-                    description: initConfiguration along with ClusterConfiguration
-                      are the configurations necessary for the init command
-                    properties:
-                      apiVersion:
-                        description: |-
-                          APIVersion defines the versioned schema of this representation of an object.
-                          Servers should convert recognized schemas to the latest internal value, and
-                          may reject unrecognized values.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                        type: string
-                      bootstrapTokens:
-                        description: |-
-                          bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                          This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                        items:
-                          description: BootstrapToken describes one bootstrap token,
-                            stored as a Secret in the cluster.
-                          properties:
-                            description:
-                              description: |-
-                                description sets a human-friendly message why this token exists and what it's used
-                                for, so other administrators can know its purpose.
-                              type: string
-                            expires:
-                              description: |-
-                                expires specifies the timestamp when this token expires. Defaults to being set
-                                dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                              format: date-time
-                              type: string
-                            groups:
-                              description: |-
-                                groups specifies the extra groups that this token will authenticate as when/if
-                                used for authentication
-                              items:
-                                type: string
-                              type: array
-                            token:
-                              description: |-
-                                token is used for establishing bidirectional trust between nodes and control-planes.
-                                Used for joining nodes in the cluster.
-                              type: string
-                            ttl:
-                              description: |-
-                                ttl defines the time to live for this token. Defaults to 24h.
-                                Expires and TTL are mutually exclusive.
-                              type: string
-                            usages:
-                              description: |-
-                                usages describes the ways in which this token can be used. Can by default be used
-                                for establishing bidirectional trust, but that can be changed here.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - token
-                          type: object
-                        type: array
-                      kind:
-                        description: |-
-                          Kind is a string value representing the REST resource this object represents.
-                          Servers may infer this from the endpoint the client submits requests to.
-                          Cannot be updated.
-                          In CamelCase.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      localAPIEndpoint:
-                        description: |-
-                          localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                          In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                          is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                          configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                          on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                          fails you may set the desired value here.
-                        properties:
-                          advertiseAddress:
-                            description: advertiseAddress sets the IP address for
-                              the API server to advertise.
-                            type: string
-                          bindPort:
-                            description: |-
-                              bindPort sets the secure port for the API Server to bind to.
-                              Defaults to 6443.
-                            format: int32
-                            type: integer
-                        type: object
-                      nodeRegistration:
-                        description: |-
-                          nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                          When used in the context of control plane nodes, NodeRegistration should remain consistent
-                          across both InitConfiguration and JoinConfiguration
-                        properties:
-                          criSocket:
-                            description: criSocket is used to retrieve container runtime
-                              info. This information will be annotated to the Node
-                              API object, for later re-use
-                            type: string
-                          ignorePreflightErrors:
-                            description: ignorePreflightErrors provides a slice of
-                              pre-flight errors to be ignored when the current node
-                              is registered.
-                            items:
-                              type: string
-                            type: array
-                          imagePullPolicy:
-                            description: |-
-                              imagePullPolicy specifies the policy for image pulling
-                              during kubeadm "init" and "join" operations. The value of
-                              this field must be one of "Always", "IfNotPresent" or
-                              "Never". Defaults to "IfNotPresent". This can be used only
-                              with Kubernetes version equal to 1.22 and later.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            - Never
-                            type: string
-                          imagePullSerial:
-                            description: |-
-                              imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
-                              This option takes effect only on Kubernetes >=1.31.0.
-                              Default: true (defaulted in kubeadm)
-                            type: boolean
-                          kubeletExtraArgs:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                              kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                              Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                            type: object
-                          name:
-                            description: |-
-                              name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                              This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                              Defaults to the hostname of the node if not provided.
-                            type: string
-                          taints:
-                            description: |-
-                              taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                              it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                              empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
-                            items:
-                              description: |-
-                                The node this Taint is attached to has the "effect" on
-                                any pod that does not tolerate the Taint.
-                              properties:
-                                effect:
-                                  description: |-
-                                    Required. The effect of the taint on pods
-                                    that do not tolerate the taint.
-                                    Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                  type: string
-                                key:
-                                  description: Required. The taint key to be applied
-                                    to a node.
-                                  type: string
-                                timeAdded:
-                                  description: |-
-                                    TimeAdded represents the time at which the taint was added.
-                                    It is only written for NoExecute taints.
-                                  format: date-time
-                                  type: string
-                                value:
-                                  description: The taint value corresponding to the
-                                    taint key.
-                                  type: string
-                              required:
-                              - effect
-                              - key
-                              type: object
-                            type: array
-                        type: object
-                      patches:
-                        description: |-
-                          patches contains options related to applying patches to components deployed by kubeadm during
-                          "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
-                        properties:
-                          directory:
-                            description: |-
-                              directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
-                              For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
-                              "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
-                              of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
-                              The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
-                              "suffix" is an optional string that can be used to determine which patches are applied
-                              first alpha-numerically.
-                              These files can be written into the target directory via KubeadmConfig.Files which
-                              specifies additional files to be created on the machine, either with content inline or
-                              by referencing a secret.
-                            type: string
-                        type: object
-                      skipPhases:
-                        description: |-
-                          skipPhases is a list of phases to skip during command execution.
-                          The list of phases can be obtained with the "kubeadm init --help" command.
-                          This option takes effect only on Kubernetes >=1.22.0.
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                  joinConfiguration:
-                    description: joinConfiguration is the kubeadm configuration for
-                      the join command
-                    properties:
-                      apiVersion:
-                        description: |-
-                          APIVersion defines the versioned schema of this representation of an object.
-                          Servers should convert recognized schemas to the latest internal value, and
-                          may reject unrecognized values.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                        type: string
-                      caCertPath:
-                        description: |-
-                          caCertPath is the path to the SSL certificate authority used to
-                          secure comunications between node and control-plane.
-                          Defaults to "/etc/kubernetes/pki/ca.crt".
-                        type: string
-                      controlPlane:
-                        description: |-
-                          controlPlane defines the additional control plane instance to be deployed on the joining node.
-                          If nil, no additional control plane instance will be deployed.
-                        properties:
-                          localAPIEndpoint:
-                            description: localAPIEndpoint represents the endpoint
-                              of the API server instance to be deployed on this node.
-                            properties:
-                              advertiseAddress:
-                                description: advertiseAddress sets the IP address
-                                  for the API server to advertise.
-                                type: string
-                              bindPort:
-                                description: |-
-                                  bindPort sets the secure port for the API Server to bind to.
-                                  Defaults to 6443.
-                                format: int32
-                                type: integer
-                            type: object
-                        type: object
-                      discovery:
-                        description: discovery specifies the options for the kubelet
-                          to use during the TLS Bootstrap process
-                        properties:
-                          bootstrapToken:
-                            description: |-
-                              bootstrapToken is used to set the options for bootstrap token based discovery
-                              BootstrapToken and File are mutually exclusive
-                            properties:
-                              apiServerEndpoint:
-                                description: apiServerEndpoint is an IP or domain
-                                  name to the API server from which info will be fetched.
-                                type: string
-                              caCertHashes:
-                                description: |-
-                                  caCertHashes specifies a set of public key pins to verify
-                                  when token-based discovery is used. The root CA found during discovery
-                                  must match one of these values. Specifying an empty set disables root CA
-                                  pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                                  where the only currently supported type is "sha256". This is a hex-encoded
-                                  SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                                  ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                                  openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                                items:
-                                  type: string
-                                type: array
-                              token:
-                                description: |-
-                                  token is a token used to validate cluster information
-                                  fetched from the control-plane.
-                                type: string
-                              unsafeSkipCAVerification:
-                                description: |-
-                                  unsafeSkipCAVerification allows token-based discovery
-                                  without CA verification via CACertHashes. This can weaken
-                                  the security of kubeadm since other nodes can impersonate the control-plane.
-                                type: boolean
-                            required:
-                            - token
-                            type: object
-                          file:
-                            description: |-
-                              file is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                              BootstrapToken and File are mutually exclusive
-                            properties:
-                              kubeConfig:
-                                description: |-
-                                  kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
-                                  The file is generated at the path specified in KubeConfigPath.
-
-                                  Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
-                                  Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
-                                properties:
-                                  cluster:
-                                    description: |-
-                                      cluster contains information about how to communicate with the kubernetes cluster.
-
-                                      By default the following fields are automatically populated:
-                                      - Server with the Cluster's ControlPlaneEndpoint.
-                                      - CertificateAuthorityData with the Cluster's CA certificate.
-                                    properties:
-                                      certificateAuthorityData:
-                                        description: |-
-                                          certificateAuthorityData contains PEM-encoded certificate authority certificates.
-
-                                          Defaults to the Cluster's CA certificate if empty.
-                                        format: byte
-                                        type: string
-                                      insecureSkipTLSVerify:
-                                        description: insecureSkipTLSVerify skips the
-                                          validity check for the server's certificate.
-                                          This will make your HTTPS connections insecure.
-                                        type: boolean
-                                      proxyURL:
-                                        description: |-
-                                          proxyURL is the URL to the proxy to be used for all requests made by this
-                                          client. URLs with "http", "https", and "socks5" schemes are supported.  If
-                                          this configuration is not provided or the empty string, the client
-                                          attempts to construct a proxy configuration from http_proxy and
-                                          https_proxy environment variables. If these environment variables are not
-                                          set, the client does not attempt to proxy requests.
-
-                                          socks5 proxying does not currently support spdy streaming endpoints (exec,
-                                          attach, port forward).
-                                        type: string
-                                      server:
-                                        description: |-
-                                          server is the address of the kubernetes cluster (https://hostname:port).
-
-                                          Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
-                                        type: string
-                                      tlsServerName:
-                                        description: tlsServerName is used to check
-                                          server certificate. If TLSServerName is
-                                          empty, the hostname used to contact the
-                                          server is used.
-                                        type: string
-                                    type: object
-                                  user:
-                                    description: |-
-                                      user contains information that describes identity information.
-                                      This is used to tell the kubernetes cluster who you are.
-                                    properties:
-                                      authProvider:
-                                        description: authProvider specifies a custom
-                                          authentication plugin for the kubernetes
-                                          cluster.
-                                        properties:
-                                          config:
-                                            additionalProperties:
-                                              type: string
-                                            description: config holds the parameters
-                                              for the authentication plugin.
-                                            type: object
-                                          name:
-                                            description: name is the name of the authentication
-                                              plugin.
-                                            type: string
-                                        required:
-                                        - name
-                                        type: object
-                                      exec:
-                                        description: exec specifies a custom exec-based
-                                          authentication plugin for the kubernetes
-                                          cluster.
-                                        properties:
-                                          apiVersion:
-                                            description: |-
-                                              Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
-                                              the same encoding version as the input.
-                                              Defaults to client.authentication.k8s.io/v1 if not set.
-                                            type: string
-                                          args:
-                                            description: Arguments to pass to the
-                                              command when executing it.
-                                            items:
-                                              type: string
-                                            type: array
-                                          command:
-                                            description: command to execute.
-                                            type: string
-                                          env:
-                                            description: |-
-                                              env defines additional environment variables to expose to the process. These
-                                              are unioned with the host's environment, as well as variables client-go uses
-                                              to pass argument to the plugin.
-                                            items:
-                                              description: |-
-                                                KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
-                                                credential plugin.
-                                              properties:
-                                                name:
-                                                  type: string
-                                                value:
-                                                  type: string
-                                              required:
-                                              - name
-                                              - value
-                                              type: object
-                                            type: array
-                                          provideClusterInfo:
-                                            description: |-
-                                              provideClusterInfo determines whether or not to provide cluster information,
-                                              which could potentially contain very large CA data, to this exec plugin as a
-                                              part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
-                                              to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
-                                              reading this environment variable.
-                                            type: boolean
-                                        required:
-                                        - command
-                                        type: object
-                                    type: object
-                                required:
-                                - user
-                                type: object
-                              kubeConfigPath:
-                                description: kubeConfigPath is used to specify the
-                                  actual file path or URL to the kubeconfig file from
-                                  which to load cluster information
-                                type: string
-                            required:
-                            - kubeConfigPath
-                            type: object
-                          timeout:
-                            description: timeout modifies the discovery timeout
-                            type: string
-                          tlsBootstrapToken:
-                            description: |-
-                              tlsBootstrapToken is a token used for TLS bootstrapping.
-                              If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                              If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                            type: string
-                        type: object
-                      kind:
-                        description: |-
-                          Kind is a string value representing the REST resource this object represents.
-                          Servers may infer this from the endpoint the client submits requests to.
-                          Cannot be updated.
-                          In CamelCase.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      nodeRegistration:
-                        description: |-
-                          nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                          When used in the context of control plane nodes, NodeRegistration should remain consistent
-                          across both InitConfiguration and JoinConfiguration
-                        properties:
-                          criSocket:
-                            description: criSocket is used to retrieve container runtime
-                              info. This information will be annotated to the Node
-                              API object, for later re-use
-                            type: string
-                          ignorePreflightErrors:
-                            description: ignorePreflightErrors provides a slice of
-                              pre-flight errors to be ignored when the current node
-                              is registered.
-                            items:
-                              type: string
-                            type: array
-                          imagePullPolicy:
-                            description: |-
-                              imagePullPolicy specifies the policy for image pulling
-                              during kubeadm "init" and "join" operations. The value of
-                              this field must be one of "Always", "IfNotPresent" or
-                              "Never". Defaults to "IfNotPresent". This can be used only
-                              with Kubernetes version equal to 1.22 and later.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            - Never
-                            type: string
-                          imagePullSerial:
-                            description: |-
-                              imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
-                              This option takes effect only on Kubernetes >=1.31.0.
-                              Default: true (defaulted in kubeadm)
-                            type: boolean
-                          kubeletExtraArgs:
-                            additionalProperties:
-                              type: string
-                            description: |-
-                              kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                              kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                              Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                            type: object
-                          name:
-                            description: |-
-                              name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                              This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                              Defaults to the hostname of the node if not provided.
-                            type: string
-                          taints:
-                            description: |-
-                              taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                              it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                              empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
-                            items:
-                              description: |-
-                                The node this Taint is attached to has the "effect" on
-                                any pod that does not tolerate the Taint.
-                              properties:
-                                effect:
-                                  description: |-
-                                    Required. The effect of the taint on pods
-                                    that do not tolerate the taint.
-                                    Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                  type: string
-                                key:
-                                  description: Required. The taint key to be applied
-                                    to a node.
-                                  type: string
-                                timeAdded:
-                                  description: |-
-                                    TimeAdded represents the time at which the taint was added.
-                                    It is only written for NoExecute taints.
-                                  format: date-time
-                                  type: string
-                                value:
-                                  description: The taint value corresponding to the
-                                    taint key.
-                                  type: string
-                              required:
-                              - effect
-                              - key
-                              type: object
-                            type: array
-                        type: object
-                      patches:
-                        description: |-
-                          patches contains options related to applying patches to components deployed by kubeadm during
-                          "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
-                        properties:
-                          directory:
-                            description: |-
-                              directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
-                              For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
-                              "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
-                              of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
-                              The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
-                              "suffix" is an optional string that can be used to determine which patches are applied
-                              first alpha-numerically.
-                              These files can be written into the target directory via KubeadmConfig.Files which
-                              specifies additional files to be created on the machine, either with content inline or
-                              by referencing a secret.
-                            type: string
-                        type: object
-                      skipPhases:
-                        description: |-
-                          skipPhases is a list of phases to skip during command execution.
-                          The list of phases can be obtained with the "kubeadm init --help" command.
-                          This option takes effect only on Kubernetes >=1.22.0.
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                  mounts:
-                    description: mounts specifies a list of mount points to be setup.
-                    items:
-                      description: MountPoints defines input for generated mounts
-                        in cloud-init.
-                      items:
-                        type: string
-                      type: array
-                    type: array
-                  ntp:
-                    description: ntp specifies NTP configuration
-                    properties:
-                      enabled:
-                        description: enabled specifies whether NTP should be enabled
-                        type: boolean
-                      servers:
-                        description: servers specifies which NTP servers to use
-                        items:
-                          type: string
-                        type: array
-                    type: object
-                  postKubeadmCommands:
-                    description: postKubeadmCommands specifies extra commands to run
-                      after kubeadm runs
-                    items:
-                      type: string
-                    type: array
-                  preKubeadmCommands:
-                    description: preKubeadmCommands specifies extra commands to run
-                      before kubeadm runs
-                    items:
-                      type: string
-                    type: array
-                  useExperimentalRetryJoin:
-                    description: |-
-                      useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                      script with retries for joins.
-
-                      This is meant to be an experimental temporary workaround on some environments
-                      where joins fail due to timing (and other issues). The long term goal is to add retries to
-                      kubeadm proper and use that functionality.
-
-                      This will add about 40KB to userdata
-
-                      For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-
-                      Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
-                      When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
-                    type: boolean
-                  users:
-                    description: users specifies extra users to add
-                    items:
-                      description: User defines the input for a generated user in
-                        cloud-init.
-                      properties:
-                        gecos:
-                          description: gecos specifies the gecos to use for the user
-                          type: string
-                        groups:
-                          description: groups specifies the additional groups for
-                            the user
-                          type: string
-                        homeDir:
-                          description: homeDir specifies the home directory to use
-                            for the user
-                          type: string
-                        inactive:
-                          description: inactive specifies whether to mark the user
-                            as inactive
-                          type: boolean
-                        lockPassword:
-                          description: lockPassword specifies if password login should
-                            be disabled
-                          type: boolean
-                        name:
-                          description: name specifies the user name
-                          type: string
-                        passwd:
-                          description: passwd specifies a hashed password for the
-                            user
-                          type: string
-                        passwdFrom:
-                          description: passwdFrom is a referenced source of passwd
-                            to populate the passwd.
-                          properties:
-                            secret:
-                              description: secret represents a secret that should
-                                populate this password.
-                              properties:
-                                key:
-                                  description: key is the key in the secret's data
-                                    map for this value.
-                                  type: string
-                                name:
-                                  description: name of the secret in the KubeadmBootstrapConfig's
-                                    namespace to use.
-                                  type: string
-                              required:
-                              - key
-                              - name
-                              type: object
-                          required:
-                          - secret
-                          type: object
-                        primaryGroup:
-                          description: primaryGroup specifies the primary group for
-                            the user
-                          type: string
-                        shell:
-                          description: shell specifies the user's shell
-                          type: string
-                        sshAuthorizedKeys:
-                          description: sshAuthorizedKeys specifies a list of ssh authorized
-                            keys for the user
-                          items:
-                            type: string
-                          type: array
-                        sudo:
-                          description: sudo specifies a sudo role for the user
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    type: array
-                  verbosity:
-                    description: |-
-                      verbosity is the number for the kubeadm log level verbosity.
-                      It overrides the `--v` flag in kubeadm commands.
-                    format: int32
-                    type: integer
-                type: object
-              machineNamingStrategy:
-                description: |-
-                  MachineNamingStrategy allows changing the naming pattern used when creating Machines.
-                  InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.
-                properties:
-                  template:
-                    description: |-
-                      Template defines the template to use for generating the names of the Machine objects.
-                      If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`.
-                      If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will
-                      get concatenated with a random suffix of length 5.
-                      Length of the template string must not exceed 256 characters.
-                      The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`.
-                      The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created.
-                      The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created.
-                      The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5.
-                    maxLength: 256
-                    type: string
-                type: object
-              machineTemplate:
-                description: |-
-                  machineTemplate contains information about how machines
-                  should be shaped when creating or updating a control plane.
-                properties:
-                  infrastructureRef:
-                    description: |-
-                      infrastructureRef is a required reference to a custom resource
-                      offered by an infrastructure provider.
-                    properties:
-                      apiVersion:
-                        description: API version of the referent.
-                        type: string
-                      fieldPath:
-                        description: |-
-                          If referring to a piece of an object instead of an entire object, this string
-                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                          For example, if the object reference is to a container within a pod, this would take on a value like:
-                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                          the event) or if no container name is specified "spec.containers[2]" (container with
-                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                          referencing a part of an object.
-                        type: string
-                      kind:
-                        description: |-
-                          Kind of the referent.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                        type: string
-                      name:
-                        description: |-
-                          Name of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        type: string
-                      namespace:
-                        description: |-
-                          Namespace of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                        type: string
-                      resourceVersion:
-                        description: |-
-                          Specific resourceVersion to which this reference is made, if any.
-                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                        type: string
-                      uid:
-                        description: |-
-                          UID of the referent.
-                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  nodeDeletionTimeout:
-                    description: |-
-                      nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
-                      hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                      If no value is provided, the default value for this property of the Machine resource will be used.
-                    type: string
-                  nodeDrainTimeout:
-                    description: |-
-                      nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
-                      The default value is 0, meaning that the node can be drained without any time limitations.
-                      NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                    type: string
-                  nodeVolumeDetachTimeout:
-                    description: |-
-                      nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                      to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                    type: string
-                required:
-                - infrastructureRef
-                type: object
-              remediationStrategy:
-                description: The RemediationStrategy that controls how control plane
-                  machine remediation happens.
-                properties:
-                  maxRetry:
-                    description: "maxRetry is the Max number of retries while attempting
-                      to remediate an unhealthy machine.\nA retry happens when a machine
-                      that was created as a replacement for an unhealthy machine also
-                      fails.\nFor example, given a control plane with three machines
-                      M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
-                      M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
-                      M1) has problems while bootstrapping it will become unhealthy,
-                      and then be\n\tremediated; such operation is considered a retry,
-                      remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
-                      unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
-                      could happen only after RetryPeriod from the previous retry.\nIf
-                      a machine is marked as unhealthy after MinHealthyPeriod from
-                      the previous remediation expired,\nthis is not considered a
-                      retry anymore because the new issue is assumed unrelated from
-                      the previous one.\n\nIf not set, the remedation will be retried
-                      infinitely."
-                    format: int32
-                    type: integer
-                  minHealthyPeriod:
-                    description: "minHealthyPeriod defines the duration after which
-                      KCP will consider any failure to a machine unrelated\nfrom the
-                      previous one. In this case the remediation is not considered
-                      a retry anymore, and thus the retry\ncounter restarts from 0.
-                      For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
-                      become unhealthy; remediation happens, and M1-1 is created as
-                      a replacement.\n\tIf M1-1 (replacement of M1) has problems within
-                      the 1hr after the creation, also\n\tthis machine will be remediated
-                      and this operation is considered a retry - a problem related\n\tto
-                      the original issue happened to M1 -.\n\n\tIf instead the problem
-                      on M1-1 is happening after MinHealthyPeriod expired, e.g. four
-                      days after\n\tm1-1 has been created as a remediation of M1,
-                      the problem on M1-1 is considered unrelated to\n\tthe original
-                      issue happened to M1.\n\nIf not set, this value is defaulted
-                      to 1h."
-                    type: string
-                  retryPeriod:
-                    description: |-
-                      retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement
-                      for an unhealthy machine (a retry).
-
-                      If not set, a retry will happen immediately.
-                    type: string
-                type: object
-              replicas:
-                description: |-
-                  Number of desired machines. Defaults to 1. When stacked etcd is used only
-                  odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
-                  This is a pointer to distinguish between explicit zero and not specified.
-                format: int32
-                type: integer
-              rolloutAfter:
-                description: |-
-                  rolloutAfter is a field to indicate a rollout should be performed
-                  after the specified time even if no changes have been made to the
-                  KubeadmControlPlane.
-                  Example: In the YAML the time can be specified in the RFC3339 format.
-                  To specify the rolloutAfter target as March 9, 2023, at 9 am UTC
-                  use "2023-03-09T09:00:00Z".
-                format: date-time
-                type: string
-              rolloutBefore:
-                description: |-
-                  rolloutBefore is a field to indicate a rollout should be performed
-                  if the specified criteria is met.
-                properties:
-                  certificatesExpiryDays:
-                    description: |-
-                      certificatesExpiryDays indicates a rollout needs to be performed if the
-                      certificates of the machine will expire within the specified days.
-                    format: int32
-                    type: integer
-                type: object
-              rolloutStrategy:
-                default:
-                  rollingUpdate:
-                    maxSurge: 1
-                  type: RollingUpdate
-                description: |-
-                  The RolloutStrategy to use to replace control plane machines with
-                  new ones.
-                properties:
-                  rollingUpdate:
-                    description: |-
-                      Rolling update config params. Present only if
-                      RolloutStrategyType = RollingUpdate.
-                    properties:
-                      maxSurge:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: |-
-                          The maximum number of control planes that can be scheduled above or under the
-                          desired number of control planes.
-                          Value can be an absolute number 1 or 0.
-                          Defaults to 1.
-                          Example: when this is set to 1, the control plane can be scaled
-                          up immediately when the rolling update starts.
-                        x-kubernetes-int-or-string: true
-                    type: object
-                  type:
-                    description: |-
-                      type of rollout. Currently the only supported strategy is
-                      "RollingUpdate".
-                      Default is RollingUpdate.
-                    type: string
-                type: object
-              version:
-                description: |-
-                  version defines the desired Kubernetes version.
-                  Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set
-                  we don't allow upgrades to versions >= v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io).
-                  Please use a newer patch version with the new registry instead. The default registries of kubeadm are:
-                    * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
-                    * k8s.gcr.io (old registry): all older versions
-                type: string
-            required:
-            - kubeadmConfigSpec
-            - machineTemplate
-            - version
-            type: object
-          status:
-            description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
-            properties:
-              conditions:
-                description: conditions defines current service state of the KubeadmControlPlane.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  ErrorMessage indicates that there is a terminal problem reconciling the
-                  state, and will be set to a descriptive error message.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              failureReason:
-                description: |-
-                  failureReason indicates that there is a terminal problem reconciling the
-                  state, and will be set to a token value suitable for
-                  programmatic interpretation.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                type: string
-              initialized:
-                description: |-
-                  initialized denotes that the KubeadmControlPlane API Server is initialized and thus
-                  it can accept requests.
-                  NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
-                  The value of this field is never updated after provisioning is completed. Please use conditions
-                  to check the operational state of the control plane.
-                type: boolean
-              lastRemediation:
-                description: lastRemediation stores info about last remediation performed.
-                properties:
-                  machine:
-                    description: machine is the machine name of the latest machine
-                      being remediated.
-                    type: string
-                  retryCount:
-                    description: |-
-                      retryCount used to keep track of remediation retry for the last remediated machine.
-                      A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
-                    format: int32
-                    type: integer
-                  timestamp:
-                    description: timestamp is when last remediation happened. It is
-                      represented in RFC3339 form and is in UTC.
-                    format: date-time
-                    type: string
-                required:
-                - machine
-                - retryCount
-                - timestamp
-                type: object
-              observedGeneration:
-                description: observedGeneration is the latest generation observed
-                  by the controller.
-                format: int64
-                type: integer
-              ready:
-                description: |-
-                  ready denotes that the KubeadmControlPlane API Server became ready during initial provisioning
-                  to receive requests.
-                  NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
-                  The value of this field is never updated after provisioning is completed. Please use conditions
-                  to check the operational state of the control plane.
-                type: boolean
-              readyReplicas:
-                description: Total number of fully running and ready control plane
-                  machines.
-                format: int32
-                type: integer
-              replicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this control plane
-                  (their labels match the selector).
-                format: int32
-                type: integer
-              selector:
-                description: |-
-                  selector is the label selector in string format to avoid introspection
-                  by clients, and is used to provide the CRD-based integration for the
-                  scale subresource and additional integrations for things like kubectl
-                  describe.. The string will be in the same format as the query-param syntax.
-                  More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
-                type: string
-              unavailableReplicas:
-                description: |-
-                  Total number of unavailable machines targeted by this control plane.
-                  This is the total number of machines that are still required for
-                  the deployment to have 100% available capacity. They may either
-                  be machines that are running but not yet ready or machines
-                  that still have not been created.
-
-                  Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
-                format: int32
-                type: integer
-              updatedReplicas:
-                description: |-
-                  Total number of non-terminated machines targeted by this control plane
-                  that have the desired template spec.
-                format: int32
-                type: integer
-              v1beta2:
-                description: v1beta2 groups all the fields that will be added or modified
-                  in KubeadmControlPlane's status with the V1Beta2 version.
-                properties:
-                  availableReplicas:
-                    description: availableReplicas is the number of available replicas
-                      targeted by this KubeadmControlPlane. A machine is considered
-                      available when Machine's Available condition is true.
-                    format: int32
-                    type: integer
-                  conditions:
-                    description: |-
-                      conditions represents the observations of a KubeadmControlPlane's current state.
-                      Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate,
-                      ScalingUp, ScalingDown, Remediating, Deleting, Paused.
-                    items:
-                      description: Condition contains details for one aspect of the
-                        current state of this API Resource.
-                      properties:
-                        lastTransitionTime:
-                          description: |-
-                            lastTransitionTime is the last time the condition transitioned from one status to another.
-                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                          format: date-time
-                          type: string
-                        message:
-                          description: |-
-                            message is a human readable message indicating details about the transition.
-                            This may be an empty string.
-                          maxLength: 32768
-                          type: string
-                        observedGeneration:
-                          description: |-
-                            observedGeneration represents the .metadata.generation that the condition was set based upon.
-                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                            with respect to the current state of the instance.
-                          format: int64
-                          minimum: 0
-                          type: integer
-                        reason:
-                          description: |-
-                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                            Producers of specific condition types may define expected values and meanings for this field,
-                            and whether the values are considered a guaranteed API.
-                            The value should be a CamelCase string.
-                            This field may not be empty.
-                          maxLength: 1024
-                          minLength: 1
-                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                          type: string
-                        status:
-                          description: status of the condition, one of True, False,
-                            Unknown.
-                          enum:
-                          - "True"
-                          - "False"
-                          - Unknown
-                          type: string
-                        type:
-                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                          maxLength: 316
-                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                          type: string
-                      required:
-                      - lastTransitionTime
-                      - message
-                      - reason
-                      - status
-                      - type
-                      type: object
-                    maxItems: 32
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - type
-                    x-kubernetes-list-type: map
-                  readyReplicas:
-                    description: readyReplicas is the number of ready replicas for
-                      this KubeadmControlPlane. A machine is considered ready when
-                      Machine's Ready condition is true.
-                    format: int32
-                    type: integer
-                  upToDateReplicas:
-                    description: upToDateReplicas is the number of up-to-date replicas
-                      targeted by this KubeadmControlPlane. A machine is considered
-                      up-to-date when Machine's UpToDate condition is true.
-                    format: int32
-                    type: integer
-                type: object
-              version:
-                description: |-
-                  version represents the minimum Kubernetes version for the control plane machines
-                  in the cluster.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      scale:
-        labelSelectorPath: .status.selector
-        specReplicasPath: .spec.replicas
-        statusReplicasPath: .status.replicas
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.1
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    cluster.x-k8s.io/v1beta1: v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capi-kubeadm-control-plane-webhook-service
-          namespace: capi-kubeadm-control-plane-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: controlplane.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: KubeadmControlPlaneTemplate
-    listKind: KubeadmControlPlaneTemplateList
-    plural: kubeadmcontrolplanetemplates
-    singular: kubeadmcontrolplanetemplate
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Time duration since creation of KubeadmControlPlaneTemplate
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    deprecated: true
-    name: v1alpha4
-    schema:
-      openAPIV3Schema:
-        description: |-
-          KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API.
-
-          Deprecated: This type will be removed in one of the next releases.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubeadmControlPlaneTemplateSpec defines the desired state
-              of KubeadmControlPlaneTemplate.
-            properties:
-              template:
-                description: KubeadmControlPlaneTemplateResource describes the data
-                  needed to create a KubeadmControlPlane from a template.
-                properties:
-                  spec:
-                    description: KubeadmControlPlaneSpec defines the desired state
-                      of KubeadmControlPlane.
-                    properties:
-                      kubeadmConfigSpec:
-                        description: |-
-                          kubeadmConfigSpec is a KubeadmConfigSpec
-                          to use for initializing and joining machines to the control plane.
-                        properties:
-                          clusterConfiguration:
-                            description: clusterConfiguration along with InitConfiguration
-                              are the configurations necessary for the init command
-                            properties:
-                              apiServer:
-                                description: apiServer contains extra settings for
-                                  the API server control plane component
-                                properties:
-                                  certSANs:
-                                    description: certSANs sets extra Subject Alternative
-                                      Names for the API Server signing cert.
-                                    items:
-                                      type: string
-                                    type: array
-                                  extraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: extraArgs is an extra set of flags
-                                      to pass to the control plane component.
-                                    type: object
-                                  extraVolumes:
-                                    description: extraVolumes is an extra set of host
-                                      volumes, mounted to the control plane component.
-                                    items:
-                                      description: |-
-                                        HostPathMount contains elements describing volumes that are mounted from the
-                                        host.
-                                      properties:
-                                        hostPath:
-                                          description: |-
-                                            hostPath is the path in the host that will be mounted inside
-                                            the pod.
-                                          type: string
-                                        mountPath:
-                                          description: mountPath is the path inside
-                                            the pod where hostPath will be mounted.
-                                          type: string
-                                        name:
-                                          description: name of the volume inside the
-                                            pod template.
-                                          type: string
-                                        pathType:
-                                          description: pathType is the type of the
-                                            HostPath.
-                                          type: string
-                                        readOnly:
-                                          description: readOnly controls write access
-                                            to the volume
-                                          type: boolean
-                                      required:
-                                      - hostPath
-                                      - mountPath
-                                      - name
-                                      type: object
-                                    type: array
-                                  timeoutForControlPlane:
-                                    description: timeoutForControlPlane controls the
-                                      timeout that we use for API server to appear
-                                    type: string
-                                type: object
-                              apiVersion:
-                                description: |-
-                                  APIVersion defines the versioned schema of this representation of an object.
-                                  Servers should convert recognized schemas to the latest internal value, and
-                                  may reject unrecognized values.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                                type: string
-                              certificatesDir:
-                                description: |-
-                                  certificatesDir specifies where to store or look for all required certificates.
-                                  NB: if not provided, this will default to `/etc/kubernetes/pki`
-                                type: string
-                              clusterName:
-                                description: The cluster name
-                                type: string
-                              controlPlaneEndpoint:
-                                description: |-
-                                  controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                                  can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                                  In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                                  are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                                  the BindPort is used.
-                                  Possible usages are:
-                                  e.g. In a cluster with more than one control plane instances, this field should be
-                                  assigned the address of the external load balancer in front of the
-                                  control plane instances.
-                                  e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                                  could be used for assigning a stable DNS to the control plane.
-                                  NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                                type: string
-                              controllerManager:
-                                description: controllerManager contains extra settings
-                                  for the controller manager control plane component
-                                properties:
-                                  extraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: extraArgs is an extra set of flags
-                                      to pass to the control plane component.
-                                    type: object
-                                  extraVolumes:
-                                    description: extraVolumes is an extra set of host
-                                      volumes, mounted to the control plane component.
-                                    items:
-                                      description: |-
-                                        HostPathMount contains elements describing volumes that are mounted from the
-                                        host.
-                                      properties:
-                                        hostPath:
-                                          description: |-
-                                            hostPath is the path in the host that will be mounted inside
-                                            the pod.
-                                          type: string
-                                        mountPath:
-                                          description: mountPath is the path inside
-                                            the pod where hostPath will be mounted.
-                                          type: string
-                                        name:
-                                          description: name of the volume inside the
-                                            pod template.
-                                          type: string
-                                        pathType:
-                                          description: pathType is the type of the
-                                            HostPath.
-                                          type: string
-                                        readOnly:
-                                          description: readOnly controls write access
-                                            to the volume
-                                          type: boolean
-                                      required:
-                                      - hostPath
-                                      - mountPath
-                                      - name
-                                      type: object
-                                    type: array
-                                type: object
-                              dns:
-                                description: dns defines the options for the DNS add-on
-                                  installed in the cluster.
-                                properties:
-                                  imageRepository:
-                                    description: |-
-                                      imageRepository sets the container registry to pull images from.
-                                      if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                    type: string
-                                  imageTag:
-                                    description: |-
-                                      imageTag allows to specify a tag for the image.
-                                      In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                    type: string
-                                type: object
-                              etcd:
-                                description: |-
-                                  etcd holds configuration for etcd.
-                                  NB: This value defaults to a Local (stacked) etcd
-                                properties:
-                                  external:
-                                    description: |-
-                                      external describes how to connect to an external etcd cluster
-                                      Local and External are mutually exclusive
-                                    properties:
-                                      caFile:
-                                        description: |-
-                                          caFile is an SSL Certificate Authority file used to secure etcd communication.
-                                          Required if using a TLS connection.
-                                        type: string
-                                      certFile:
-                                        description: |-
-                                          certFile is an SSL certification file used to secure etcd communication.
-                                          Required if using a TLS connection.
-                                        type: string
-                                      endpoints:
-                                        description: endpoints of etcd members. Required
-                                          for ExternalEtcd.
-                                        items:
-                                          type: string
-                                        type: array
-                                      keyFile:
-                                        description: |-
-                                          keyFile is an SSL key file used to secure etcd communication.
-                                          Required if using a TLS connection.
-                                        type: string
-                                    required:
-                                    - caFile
-                                    - certFile
-                                    - endpoints
-                                    - keyFile
-                                    type: object
-                                  local:
-                                    description: |-
-                                      local provides configuration knobs for configuring the local etcd instance
-                                      Local and External are mutually exclusive
-                                    properties:
-                                      dataDir:
-                                        description: |-
-                                          dataDir is the directory etcd will place its data.
-                                          Defaults to "/var/lib/etcd".
-                                        type: string
-                                      extraArgs:
-                                        additionalProperties:
-                                          type: string
-                                        description: |-
-                                          extraArgs are extra arguments provided to the etcd binary
-                                          when run inside a static pod.
-                                        type: object
-                                      imageRepository:
-                                        description: |-
-                                          imageRepository sets the container registry to pull images from.
-                                          if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                        type: string
-                                      imageTag:
-                                        description: |-
-                                          imageTag allows to specify a tag for the image.
-                                          In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                        type: string
-                                      peerCertSANs:
-                                        description: peerCertSANs sets extra Subject
-                                          Alternative Names for the etcd peer signing
-                                          cert.
-                                        items:
-                                          type: string
-                                        type: array
-                                      serverCertSANs:
-                                        description: serverCertSANs sets extra Subject
-                                          Alternative Names for the etcd server signing
-                                          cert.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                type: object
-                              featureGates:
-                                additionalProperties:
-                                  type: boolean
-                                description: featureGates enabled by the user.
-                                type: object
-                              imageRepository:
-                                description: |-
-                                  imageRepository sets the container registry to pull images from.
-                                  If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                                  `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
-                                  will be used for all the other images.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind is a string value representing the REST resource this object represents.
-                                  Servers may infer this from the endpoint the client submits requests to.
-                                  Cannot be updated.
-                                  In CamelCase.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              kubernetesVersion:
-                                description: |-
-                                  kubernetesVersion is the target version of the control plane.
-                                  NB: This value defaults to the Machine object spec.version
-                                type: string
-                              networking:
-                                description: |-
-                                  networking holds configuration for the networking topology of the cluster.
-                                  NB: This value defaults to the Cluster object spec.clusterNetwork.
-                                properties:
-                                  dnsDomain:
-                                    description: dnsDomain is the dns domain used
-                                      by k8s services. Defaults to "cluster.local".
-                                    type: string
-                                  podSubnet:
-                                    description: |-
-                                      podSubnet is the subnet used by pods.
-                                      If unset, the API server will not allocate CIDR ranges for every node.
-                                      Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                                    type: string
-                                  serviceSubnet:
-                                    description: |-
-                                      serviceSubnet is the subnet used by k8s services.
-                                      Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                                      to "10.96.0.0/12" if that's unset.
-                                    type: string
-                                type: object
-                              scheduler:
-                                description: scheduler contains extra settings for
-                                  the scheduler control plane component
-                                properties:
-                                  extraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: extraArgs is an extra set of flags
-                                      to pass to the control plane component.
-                                    type: object
-                                  extraVolumes:
-                                    description: extraVolumes is an extra set of host
-                                      volumes, mounted to the control plane component.
-                                    items:
-                                      description: |-
-                                        HostPathMount contains elements describing volumes that are mounted from the
-                                        host.
-                                      properties:
-                                        hostPath:
-                                          description: |-
-                                            hostPath is the path in the host that will be mounted inside
-                                            the pod.
-                                          type: string
-                                        mountPath:
-                                          description: mountPath is the path inside
-                                            the pod where hostPath will be mounted.
-                                          type: string
-                                        name:
-                                          description: name of the volume inside the
-                                            pod template.
-                                          type: string
-                                        pathType:
-                                          description: pathType is the type of the
-                                            HostPath.
-                                          type: string
-                                        readOnly:
-                                          description: readOnly controls write access
-                                            to the volume
-                                          type: boolean
-                                      required:
-                                      - hostPath
-                                      - mountPath
-                                      - name
-                                      type: object
-                                    type: array
-                                type: object
-                            type: object
-                          diskSetup:
-                            description: diskSetup specifies options for the creation
-                              of partition tables and file systems on devices.
-                            properties:
-                              filesystems:
-                                description: filesystems specifies the list of file
-                                  systems to setup.
-                                items:
-                                  description: Filesystem defines the file systems
-                                    to be created.
-                                  properties:
-                                    device:
-                                      description: device specifies the device name
-                                      type: string
-                                    extraOpts:
-                                      description: extraOpts defined extra options
-                                        to add to the command for creating the file
-                                        system.
-                                      items:
-                                        type: string
-                                      type: array
-                                    filesystem:
-                                      description: filesystem specifies the file system
-                                        type.
-                                      type: string
-                                    label:
-                                      description: label specifies the file system
-                                        label to be used. If set to None, no label
-                                        is used.
-                                      type: string
-                                    overwrite:
-                                      description: |-
-                                        overwrite defines whether or not to overwrite any existing filesystem.
-                                        If true, any pre-existing file system will be destroyed. Use with Caution.
-                                      type: boolean
-                                    partition:
-                                      description: 'partition specifies the partition
-                                        to use. The valid options are: "auto|any",
-                                        "auto", "any", "none", and <NUM>, where NUM
-                                        is the actual partition number.'
-                                      type: string
-                                    replaceFS:
-                                      description: |-
-                                        replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                                        NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                                      type: string
-                                  required:
-                                  - device
-                                  - filesystem
-                                  - label
-                                  type: object
-                                type: array
-                              partitions:
-                                description: partitions specifies the list of the
-                                  partitions to setup.
-                                items:
-                                  description: Partition defines how to create and
-                                    layout a partition.
-                                  properties:
-                                    device:
-                                      description: device is the name of the device.
-                                      type: string
-                                    layout:
-                                      description: |-
-                                        layout specifies the device layout.
-                                        If it is true, a single partition will be created for the entire device.
-                                        When layout is false, it means don't partition or ignore existing partitioning.
-                                      type: boolean
-                                    overwrite:
-                                      description: |-
-                                        overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                                        Use with caution. Default is 'false'.
-                                      type: boolean
-                                    tableType:
-                                      description: |-
-                                        tableType specifies the tupe of partition table. The following are supported:
-                                        'mbr': default and setups a MS-DOS partition table
-                                        'gpt': setups a GPT partition table
-                                      type: string
-                                  required:
-                                  - device
-                                  - layout
-                                  type: object
-                                type: array
-                            type: object
-                          files:
-                            description: files specifies extra files to be passed
-                              to user_data upon creation.
-                            items:
-                              description: File defines the input for generating write_files
-                                in cloud-init.
-                              properties:
-                                content:
-                                  description: content is the actual content of the
-                                    file.
-                                  type: string
-                                contentFrom:
-                                  description: contentFrom is a referenced source
-                                    of content to populate the file.
-                                  properties:
-                                    secret:
-                                      description: secret represents a secret that
-                                        should populate this file.
-                                      properties:
-                                        key:
-                                          description: key is the key in the secret's
-                                            data map for this value.
-                                          type: string
-                                        name:
-                                          description: name of the secret in the KubeadmBootstrapConfig's
-                                            namespace to use.
-                                          type: string
-                                      required:
-                                      - key
-                                      - name
-                                      type: object
-                                  required:
-                                  - secret
-                                  type: object
-                                encoding:
-                                  description: encoding specifies the encoding of
-                                    the file contents.
-                                  enum:
-                                  - base64
-                                  - gzip
-                                  - gzip+base64
-                                  type: string
-                                owner:
-                                  description: owner specifies the ownership of the
-                                    file, e.g. "root:root".
-                                  type: string
-                                path:
-                                  description: path specifies the full path on disk
-                                    where to store the file.
-                                  type: string
-                                permissions:
-                                  description: permissions specifies the permissions
-                                    to assign to the file, e.g. "0640".
-                                  type: string
-                              required:
-                              - path
-                              type: object
-                            type: array
-                          format:
-                            description: format specifies the output format of the
-                              bootstrap data
-                            enum:
-                            - cloud-config
-                            type: string
-                          initConfiguration:
-                            description: initConfiguration along with ClusterConfiguration
-                              are the configurations necessary for the init command
-                            properties:
-                              apiVersion:
-                                description: |-
-                                  APIVersion defines the versioned schema of this representation of an object.
-                                  Servers should convert recognized schemas to the latest internal value, and
-                                  may reject unrecognized values.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                                type: string
-                              bootstrapTokens:
-                                description: |-
-                                  bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                                  This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                                items:
-                                  description: BootstrapToken describes one bootstrap
-                                    token, stored as a Secret in the cluster.
-                                  properties:
-                                    description:
-                                      description: |-
-                                        description sets a human-friendly message why this token exists and what it's used
-                                        for, so other administrators can know its purpose.
-                                      type: string
-                                    expires:
-                                      description: |-
-                                        expires specifies the timestamp when this token expires. Defaults to being set
-                                        dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                                      format: date-time
-                                      type: string
-                                    groups:
-                                      description: |-
-                                        groups specifies the extra groups that this token will authenticate as when/if
-                                        used for authentication
-                                      items:
-                                        type: string
-                                      type: array
-                                    token:
-                                      description: |-
-                                        token is used for establishing bidirectional trust between nodes and control-planes.
-                                        Used for joining nodes in the cluster.
-                                      type: string
-                                    ttl:
-                                      description: |-
-                                        ttl defines the time to live for this token. Defaults to 24h.
-                                        Expires and TTL are mutually exclusive.
-                                      type: string
-                                    usages:
-                                      description: |-
-                                        usages describes the ways in which this token can be used. Can by default be used
-                                        for establishing bidirectional trust, but that can be changed here.
-                                      items:
-                                        type: string
-                                      type: array
-                                  required:
-                                  - token
-                                  type: object
-                                type: array
-                              kind:
-                                description: |-
-                                  Kind is a string value representing the REST resource this object represents.
-                                  Servers may infer this from the endpoint the client submits requests to.
-                                  Cannot be updated.
-                                  In CamelCase.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              localAPIEndpoint:
-                                description: |-
-                                  localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                                  In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                                  is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                                  configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                                  on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                                  fails you may set the desired value here.
-                                properties:
-                                  advertiseAddress:
-                                    description: advertiseAddress sets the IP address
-                                      for the API server to advertise.
-                                    type: string
-                                  bindPort:
-                                    description: |-
-                                      bindPort sets the secure port for the API Server to bind to.
-                                      Defaults to 6443.
-                                    format: int32
-                                    type: integer
-                                type: object
-                              nodeRegistration:
-                                description: |-
-                                  nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                                  When used in the context of control plane nodes, NodeRegistration should remain consistent
-                                  across both InitConfiguration and JoinConfiguration
-                                properties:
-                                  criSocket:
-                                    description: criSocket is used to retrieve container
-                                      runtime info. This information will be annotated
-                                      to the Node API object, for later re-use
-                                    type: string
-                                  ignorePreflightErrors:
-                                    description: ignorePreflightErrors provides a
-                                      slice of pre-flight errors to be ignored when
-                                      the current node is registered.
-                                    items:
-                                      type: string
-                                    type: array
-                                  kubeletExtraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: |-
-                                      kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                      kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                      Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                    type: object
-                                  name:
-                                    description: |-
-                                      name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                      This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                      Defaults to the hostname of the node if not provided.
-                                    type: string
-                                  taints:
-                                    description: |-
-                                      taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                      it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                      empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                                    items:
-                                      description: |-
-                                        The node this Taint is attached to has the "effect" on
-                                        any pod that does not tolerate the Taint.
-                                      properties:
-                                        effect:
-                                          description: |-
-                                            Required. The effect of the taint on pods
-                                            that do not tolerate the taint.
-                                            Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                          type: string
-                                        key:
-                                          description: Required. The taint key to
-                                            be applied to a node.
-                                          type: string
-                                        timeAdded:
-                                          description: |-
-                                            TimeAdded represents the time at which the taint was added.
-                                            It is only written for NoExecute taints.
-                                          format: date-time
-                                          type: string
-                                        value:
-                                          description: The taint value corresponding
-                                            to the taint key.
-                                          type: string
-                                      required:
-                                      - effect
-                                      - key
-                                      type: object
-                                    type: array
-                                type: object
-                            type: object
-                          joinConfiguration:
-                            description: joinConfiguration is the kubeadm configuration
-                              for the join command
-                            properties:
-                              apiVersion:
-                                description: |-
-                                  APIVersion defines the versioned schema of this representation of an object.
-                                  Servers should convert recognized schemas to the latest internal value, and
-                                  may reject unrecognized values.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                                type: string
-                              caCertPath:
-                                description: |-
-                                  caCertPath is the path to the SSL certificate authority used to
-                                  secure comunications between node and control-plane.
-                                  Defaults to "/etc/kubernetes/pki/ca.crt".
-                                type: string
-                              controlPlane:
-                                description: |-
-                                  controlPlane defines the additional control plane instance to be deployed on the joining node.
-                                  If nil, no additional control plane instance will be deployed.
-                                properties:
-                                  localAPIEndpoint:
-                                    description: localAPIEndpoint represents the endpoint
-                                      of the API server instance to be deployed on
-                                      this node.
-                                    properties:
-                                      advertiseAddress:
-                                        description: advertiseAddress sets the IP
-                                          address for the API server to advertise.
-                                        type: string
-                                      bindPort:
-                                        description: |-
-                                          bindPort sets the secure port for the API Server to bind to.
-                                          Defaults to 6443.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                type: object
-                              discovery:
-                                description: discovery specifies the options for the
-                                  kubelet to use during the TLS Bootstrap process
-                                properties:
-                                  bootstrapToken:
-                                    description: |-
-                                      bootstrapToken is used to set the options for bootstrap token based discovery
-                                      BootstrapToken and File are mutually exclusive
-                                    properties:
-                                      apiServerEndpoint:
-                                        description: apiServerEndpoint is an IP or
-                                          domain name to the API server from which
-                                          info will be fetched.
-                                        type: string
-                                      caCertHashes:
-                                        description: |-
-                                          caCertHashes specifies a set of public key pins to verify
-                                          when token-based discovery is used. The root CA found during discovery
-                                          must match one of these values. Specifying an empty set disables root CA
-                                          pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                                          where the only currently supported type is "sha256". This is a hex-encoded
-                                          SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                                          ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                                          openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                                        items:
-                                          type: string
-                                        type: array
-                                      token:
-                                        description: |-
-                                          token is a token used to validate cluster information
-                                          fetched from the control-plane.
-                                        type: string
-                                      unsafeSkipCAVerification:
-                                        description: |-
-                                          unsafeSkipCAVerification allows token-based discovery
-                                          without CA verification via CACertHashes. This can weaken
-                                          the security of kubeadm since other nodes can impersonate the control-plane.
-                                        type: boolean
-                                    required:
-                                    - token
-                                    type: object
-                                  file:
-                                    description: |-
-                                      file is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                                      BootstrapToken and File are mutually exclusive
-                                    properties:
-                                      kubeConfigPath:
-                                        description: kubeConfigPath is used to specify
-                                          the actual file path or URL to the kubeconfig
-                                          file from which to load cluster information
-                                        type: string
-                                    required:
-                                    - kubeConfigPath
-                                    type: object
-                                  timeout:
-                                    description: timeout modifies the discovery timeout
-                                    type: string
-                                  tlsBootstrapToken:
-                                    description: |-
-                                      tlsBootstrapToken is a token used for TLS bootstrapping.
-                                      If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                                      If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                                    type: string
-                                type: object
-                              kind:
-                                description: |-
-                                  Kind is a string value representing the REST resource this object represents.
-                                  Servers may infer this from the endpoint the client submits requests to.
-                                  Cannot be updated.
-                                  In CamelCase.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              nodeRegistration:
-                                description: |-
-                                  nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                                  When used in the context of control plane nodes, NodeRegistration should remain consistent
-                                  across both InitConfiguration and JoinConfiguration
-                                properties:
-                                  criSocket:
-                                    description: criSocket is used to retrieve container
-                                      runtime info. This information will be annotated
-                                      to the Node API object, for later re-use
-                                    type: string
-                                  ignorePreflightErrors:
-                                    description: ignorePreflightErrors provides a
-                                      slice of pre-flight errors to be ignored when
-                                      the current node is registered.
-                                    items:
-                                      type: string
-                                    type: array
-                                  kubeletExtraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: |-
-                                      kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                      kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                      Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                    type: object
-                                  name:
-                                    description: |-
-                                      name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                      This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                      Defaults to the hostname of the node if not provided.
-                                    type: string
-                                  taints:
-                                    description: |-
-                                      taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                      it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                      empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
-                                    items:
-                                      description: |-
-                                        The node this Taint is attached to has the "effect" on
-                                        any pod that does not tolerate the Taint.
-                                      properties:
-                                        effect:
-                                          description: |-
-                                            Required. The effect of the taint on pods
-                                            that do not tolerate the taint.
-                                            Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                          type: string
-                                        key:
-                                          description: Required. The taint key to
-                                            be applied to a node.
-                                          type: string
-                                        timeAdded:
-                                          description: |-
-                                            TimeAdded represents the time at which the taint was added.
-                                            It is only written for NoExecute taints.
-                                          format: date-time
-                                          type: string
-                                        value:
-                                          description: The taint value corresponding
-                                            to the taint key.
-                                          type: string
-                                      required:
-                                      - effect
-                                      - key
-                                      type: object
-                                    type: array
-                                type: object
-                            type: object
-                          mounts:
-                            description: mounts specifies a list of mount points to
-                              be setup.
-                            items:
-                              description: MountPoints defines input for generated
-                                mounts in cloud-init.
-                              items:
-                                type: string
-                              type: array
-                            type: array
-                          ntp:
-                            description: ntp specifies NTP configuration
-                            properties:
-                              enabled:
-                                description: enabled specifies whether NTP should
-                                  be enabled
-                                type: boolean
-                              servers:
-                                description: servers specifies which NTP servers to
-                                  use
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                          postKubeadmCommands:
-                            description: postKubeadmCommands specifies extra commands
-                              to run after kubeadm runs
-                            items:
-                              type: string
-                            type: array
-                          preKubeadmCommands:
-                            description: preKubeadmCommands specifies extra commands
-                              to run before kubeadm runs
-                            items:
-                              type: string
-                            type: array
-                          useExperimentalRetryJoin:
-                            description: |-
-                              useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                              script with retries for joins.
-
-                              This is meant to be an experimental temporary workaround on some environments
-                              where joins fail due to timing (and other issues). The long term goal is to add retries to
-                              kubeadm proper and use that functionality.
-
-                              This will add about 40KB to userdata
-
-                              For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-                            type: boolean
-                          users:
-                            description: users specifies extra users to add
-                            items:
-                              description: User defines the input for a generated
-                                user in cloud-init.
-                              properties:
-                                gecos:
-                                  description: gecos specifies the gecos to use for
-                                    the user
-                                  type: string
-                                groups:
-                                  description: groups specifies the additional groups
-                                    for the user
-                                  type: string
-                                homeDir:
-                                  description: homeDir specifies the home directory
-                                    to use for the user
-                                  type: string
-                                inactive:
-                                  description: inactive specifies whether to mark
-                                    the user as inactive
-                                  type: boolean
-                                lockPassword:
-                                  description: lockPassword specifies if password
-                                    login should be disabled
-                                  type: boolean
-                                name:
-                                  description: name specifies the user name
-                                  type: string
-                                passwd:
-                                  description: passwd specifies a hashed password
-                                    for the user
-                                  type: string
-                                primaryGroup:
-                                  description: primaryGroup specifies the primary
-                                    group for the user
-                                  type: string
-                                shell:
-                                  description: shell specifies the user's shell
-                                  type: string
-                                sshAuthorizedKeys:
-                                  description: sshAuthorizedKeys specifies a list
-                                    of ssh authorized keys for the user
-                                  items:
-                                    type: string
-                                  type: array
-                                sudo:
-                                  description: sudo specifies a sudo role for the
-                                    user
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                            type: array
-                          verbosity:
-                            description: |-
-                              verbosity is the number for the kubeadm log level verbosity.
-                              It overrides the `--v` flag in kubeadm commands.
-                            format: int32
-                            type: integer
-                        type: object
-                      machineTemplate:
-                        description: |-
-                          machineTemplate contains information about how machines
-                          should be shaped when creating or updating a control plane.
-                        properties:
-                          infrastructureRef:
-                            description: |-
-                              infrastructureRef is a required reference to a custom resource
-                              offered by an infrastructure provider.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: |-
-                                  If referring to a piece of an object instead of an entire object, this string
-                                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                  For example, if the object reference is to a container within a pod, this would take on a value like:
-                                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
-                                  the event) or if no container name is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
-                                  referencing a part of an object.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind of the referent.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              name:
-                                description: |-
-                                  Name of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                type: string
-                              namespace:
-                                description: |-
-                                  Namespace of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
-                                type: string
-                              resourceVersion:
-                                description: |-
-                                  Specific resourceVersion to which this reference is made, if any.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-                                type: string
-                              uid:
-                                description: |-
-                                  UID of the referent.
-                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
-                                type: string
-                            type: object
-                            x-kubernetes-map-type: atomic
-                          metadata:
-                            description: |-
-                              Standard object's metadata.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                            properties:
-                              annotations:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  annotations is an unstructured key value map stored with a resource that may be
-                                  set by external tools to store and retrieve arbitrary metadata. They are not
-                                  queryable and should be preserved when modifying objects.
-                                  More info: http://kubernetes.io/docs/user-guide/annotations
-                                type: object
-                              labels:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  Map of string keys and values that can be used to organize and categorize
-                                  (scope and select) objects. May match selectors of replication controllers
-                                  and services.
-                                  More info: http://kubernetes.io/docs/user-guide/labels
-                                type: object
-                            type: object
-                          nodeDrainTimeout:
-                            description: |-
-                              nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
-                              The default value is 0, meaning that the node can be drained without any time limitations.
-                              NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                            type: string
-                        required:
-                        - infrastructureRef
-                        type: object
-                      replicas:
-                        description: |-
-                          Number of desired machines. Defaults to 1. When stacked etcd is used only
-                          odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
-                          This is a pointer to distinguish between explicit zero and not specified.
-                        format: int32
-                        type: integer
-                      rolloutAfter:
-                        description: |-
-                          rolloutAfter is a field to indicate a rollout should be performed
-                          after the specified time even if no changes have been made to the
-                          KubeadmControlPlane.
-                        format: date-time
-                        type: string
-                      rolloutStrategy:
-                        default:
-                          rollingUpdate:
-                            maxSurge: 1
-                          type: RollingUpdate
-                        description: |-
-                          The RolloutStrategy to use to replace control plane machines with
-                          new ones.
-                        properties:
-                          rollingUpdate:
-                            description: |-
-                              Rolling update config params. Present only if
-                              RolloutStrategyType = RollingUpdate.
-                            properties:
-                              maxSurge:
-                                anyOf:
-                                - type: integer
-                                - type: string
-                                description: |-
-                                  The maximum number of control planes that can be scheduled above or under the
-                                  desired number of control planes.
-                                  Value can be an absolute number 1 or 0.
-                                  Defaults to 1.
-                                  Example: when this is set to 1, the control plane can be scaled
-                                  up immediately when the rolling update starts.
-                                x-kubernetes-int-or-string: true
-                            type: object
-                          type:
-                            description: |-
-                              type of rollout. Currently the only supported strategy is
-                              "RollingUpdate".
-                              Default is RollingUpdate.
-                            type: string
-                        type: object
-                      version:
-                        description: version defines the desired Kubernetes version.
-                        type: string
-                    required:
-                    - kubeadmConfigSpec
-                    - machineTemplate
-                    - version
-                    type: object
-                required:
-                - spec
-                type: object
-            required:
-            - template
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources: {}
-  - additionalPrinterColumns:
-    - description: Time duration since creation of KubeadmControlPlaneTemplate
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates
-          API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubeadmControlPlaneTemplateSpec defines the desired state
-              of KubeadmControlPlaneTemplate.
-            properties:
-              template:
-                description: KubeadmControlPlaneTemplateResource describes the data
-                  needed to create a KubeadmControlPlane from a template.
-                properties:
-                  metadata:
-                    description: |-
-                      Standard object's metadata.
-                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          annotations is an unstructured key value map stored with a resource that may be
-                          set by external tools to store and retrieve arbitrary metadata. They are not
-                          queryable and should be preserved when modifying objects.
-                          More info: http://kubernetes.io/docs/user-guide/annotations
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Map of string keys and values that can be used to organize and categorize
-                          (scope and select) objects. May match selectors of replication controllers
-                          and services.
-                          More info: http://kubernetes.io/docs/user-guide/labels
-                        type: object
-                    type: object
-                  spec:
-                    description: |-
-                      KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane.
-                      NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but
-                      omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate,
-                      because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot
-                      be configured on the KubeadmControlPlaneTemplate.
-                    properties:
-                      kubeadmConfigSpec:
-                        description: |-
-                          kubeadmConfigSpec is a KubeadmConfigSpec
-                          to use for initializing and joining machines to the control plane.
-                        properties:
-                          clusterConfiguration:
-                            description: clusterConfiguration along with InitConfiguration
-                              are the configurations necessary for the init command
-                            properties:
-                              apiServer:
-                                description: apiServer contains extra settings for
-                                  the API server control plane component
-                                properties:
-                                  certSANs:
-                                    description: certSANs sets extra Subject Alternative
-                                      Names for the API Server signing cert.
-                                    items:
-                                      type: string
-                                    type: array
-                                  extraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: extraArgs is an extra set of flags
-                                      to pass to the control plane component.
-                                    type: object
-                                  extraEnvs:
-                                    description: |-
-                                      extraEnvs is an extra set of environment variables to pass to the control plane component.
-                                      Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                                      This option takes effect only on Kubernetes >=1.31.0.
-                                    items:
-                                      description: EnvVar represents an environment
-                                        variable present in a Container.
-                                      properties:
-                                        name:
-                                          description: Name of the environment variable.
-                                            Must be a C_IDENTIFIER.
-                                          type: string
-                                        value:
-                                          description: |-
-                                            Variable references $(VAR_NAME) are expanded
-                                            using the previously defined environment variables in the container and
-                                            any service environment variables. If a variable cannot be resolved,
-                                            the reference in the input string will be unchanged. Double $ are reduced
-                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                            "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                            Escaped references will never be expanded, regardless of whether the variable
-                                            exists or not.
-                                            Defaults to "".
-                                          type: string
-                                        valueFrom:
-                                          description: Source for the environment
-                                            variable's value. Cannot be used if value
-                                            is not empty.
-                                          properties:
-                                            configMapKeyRef:
-                                              description: Selects a key of a ConfigMap.
-                                              properties:
-                                                key:
-                                                  description: The key to select.
-                                                  type: string
-                                                name:
-                                                  default: ""
-                                                  description: |-
-                                                    Name of the referent.
-                                                    This field is effectively required, but due to backwards compatibility is
-                                                    allowed to be empty. Instances of this type with an empty value here are
-                                                    almost certainly wrong.
-                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            fieldRef:
-                                              description: |-
-                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                              properties:
-                                                apiVersion:
-                                                  description: Version of the schema
-                                                    the FieldPath is written in terms
-                                                    of, defaults to "v1".
-                                                  type: string
-                                                fieldPath:
-                                                  description: Path of the field to
-                                                    select in the specified API version.
-                                                  type: string
-                                              required:
-                                              - fieldPath
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            resourceFieldRef:
-                                              description: |-
-                                                Selects a resource of the container: only resources limits and requests
-                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                              properties:
-                                                containerName:
-                                                  description: 'Container name: required
-                                                    for volumes, optional for env
-                                                    vars'
-                                                  type: string
-                                                divisor:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Specifies the output
-                                                    format of the exposed resources,
-                                                    defaults to "1"
-                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                  x-kubernetes-int-or-string: true
-                                                resource:
-                                                  description: 'Required: resource
-                                                    to select'
-                                                  type: string
-                                              required:
-                                              - resource
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            secretKeyRef:
-                                              description: Selects a key of a secret
-                                                in the pod's namespace
-                                              properties:
-                                                key:
-                                                  description: The key of the secret
-                                                    to select from.  Must be a valid
-                                                    secret key.
-                                                  type: string
-                                                name:
-                                                  default: ""
-                                                  description: |-
-                                                    Name of the referent.
-                                                    This field is effectively required, but due to backwards compatibility is
-                                                    allowed to be empty. Instances of this type with an empty value here are
-                                                    almost certainly wrong.
-                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                          type: object
-                                      required:
-                                      - name
-                                      type: object
-                                    type: array
-                                  extraVolumes:
-                                    description: extraVolumes is an extra set of host
-                                      volumes, mounted to the control plane component.
-                                    items:
-                                      description: |-
-                                        HostPathMount contains elements describing volumes that are mounted from the
-                                        host.
-                                      properties:
-                                        hostPath:
-                                          description: |-
-                                            hostPath is the path in the host that will be mounted inside
-                                            the pod.
-                                          type: string
-                                        mountPath:
-                                          description: mountPath is the path inside
-                                            the pod where hostPath will be mounted.
-                                          type: string
-                                        name:
-                                          description: name of the volume inside the
-                                            pod template.
-                                          type: string
-                                        pathType:
-                                          description: pathType is the type of the
-                                            HostPath.
-                                          type: string
-                                        readOnly:
-                                          description: readOnly controls write access
-                                            to the volume
-                                          type: boolean
-                                      required:
-                                      - hostPath
-                                      - mountPath
-                                      - name
-                                      type: object
-                                    type: array
-                                  timeoutForControlPlane:
-                                    description: timeoutForControlPlane controls the
-                                      timeout that we use for API server to appear
-                                    type: string
-                                type: object
-                              apiVersion:
-                                description: |-
-                                  APIVersion defines the versioned schema of this representation of an object.
-                                  Servers should convert recognized schemas to the latest internal value, and
-                                  may reject unrecognized values.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                                type: string
-                              certificatesDir:
-                                description: |-
-                                  certificatesDir specifies where to store or look for all required certificates.
-                                  NB: if not provided, this will default to `/etc/kubernetes/pki`
-                                type: string
-                              clusterName:
-                                description: The cluster name
-                                type: string
-                              controlPlaneEndpoint:
-                                description: |-
-                                  controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
-                                  can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
-                                  In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
-                                  are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
-                                  the BindPort is used.
-                                  Possible usages are:
-                                  e.g. In a cluster with more than one control plane instances, this field should be
-                                  assigned the address of the external load balancer in front of the
-                                  control plane instances.
-                                  e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
-                                  could be used for assigning a stable DNS to the control plane.
-                                  NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
-                                type: string
-                              controllerManager:
-                                description: controllerManager contains extra settings
-                                  for the controller manager control plane component
-                                properties:
-                                  extraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: extraArgs is an extra set of flags
-                                      to pass to the control plane component.
-                                    type: object
-                                  extraEnvs:
-                                    description: |-
-                                      extraEnvs is an extra set of environment variables to pass to the control plane component.
-                                      Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                                      This option takes effect only on Kubernetes >=1.31.0.
-                                    items:
-                                      description: EnvVar represents an environment
-                                        variable present in a Container.
-                                      properties:
-                                        name:
-                                          description: Name of the environment variable.
-                                            Must be a C_IDENTIFIER.
-                                          type: string
-                                        value:
-                                          description: |-
-                                            Variable references $(VAR_NAME) are expanded
-                                            using the previously defined environment variables in the container and
-                                            any service environment variables. If a variable cannot be resolved,
-                                            the reference in the input string will be unchanged. Double $ are reduced
-                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                            "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                            Escaped references will never be expanded, regardless of whether the variable
-                                            exists or not.
-                                            Defaults to "".
-                                          type: string
-                                        valueFrom:
-                                          description: Source for the environment
-                                            variable's value. Cannot be used if value
-                                            is not empty.
-                                          properties:
-                                            configMapKeyRef:
-                                              description: Selects a key of a ConfigMap.
-                                              properties:
-                                                key:
-                                                  description: The key to select.
-                                                  type: string
-                                                name:
-                                                  default: ""
-                                                  description: |-
-                                                    Name of the referent.
-                                                    This field is effectively required, but due to backwards compatibility is
-                                                    allowed to be empty. Instances of this type with an empty value here are
-                                                    almost certainly wrong.
-                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            fieldRef:
-                                              description: |-
-                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                              properties:
-                                                apiVersion:
-                                                  description: Version of the schema
-                                                    the FieldPath is written in terms
-                                                    of, defaults to "v1".
-                                                  type: string
-                                                fieldPath:
-                                                  description: Path of the field to
-                                                    select in the specified API version.
-                                                  type: string
-                                              required:
-                                              - fieldPath
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            resourceFieldRef:
-                                              description: |-
-                                                Selects a resource of the container: only resources limits and requests
-                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                              properties:
-                                                containerName:
-                                                  description: 'Container name: required
-                                                    for volumes, optional for env
-                                                    vars'
-                                                  type: string
-                                                divisor:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Specifies the output
-                                                    format of the exposed resources,
-                                                    defaults to "1"
-                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                  x-kubernetes-int-or-string: true
-                                                resource:
-                                                  description: 'Required: resource
-                                                    to select'
-                                                  type: string
-                                              required:
-                                              - resource
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            secretKeyRef:
-                                              description: Selects a key of a secret
-                                                in the pod's namespace
-                                              properties:
-                                                key:
-                                                  description: The key of the secret
-                                                    to select from.  Must be a valid
-                                                    secret key.
-                                                  type: string
-                                                name:
-                                                  default: ""
-                                                  description: |-
-                                                    Name of the referent.
-                                                    This field is effectively required, but due to backwards compatibility is
-                                                    allowed to be empty. Instances of this type with an empty value here are
-                                                    almost certainly wrong.
-                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                          type: object
-                                      required:
-                                      - name
-                                      type: object
-                                    type: array
-                                  extraVolumes:
-                                    description: extraVolumes is an extra set of host
-                                      volumes, mounted to the control plane component.
-                                    items:
-                                      description: |-
-                                        HostPathMount contains elements describing volumes that are mounted from the
-                                        host.
-                                      properties:
-                                        hostPath:
-                                          description: |-
-                                            hostPath is the path in the host that will be mounted inside
-                                            the pod.
-                                          type: string
-                                        mountPath:
-                                          description: mountPath is the path inside
-                                            the pod where hostPath will be mounted.
-                                          type: string
-                                        name:
-                                          description: name of the volume inside the
-                                            pod template.
-                                          type: string
-                                        pathType:
-                                          description: pathType is the type of the
-                                            HostPath.
-                                          type: string
-                                        readOnly:
-                                          description: readOnly controls write access
-                                            to the volume
-                                          type: boolean
-                                      required:
-                                      - hostPath
-                                      - mountPath
-                                      - name
-                                      type: object
-                                    type: array
-                                type: object
-                              dns:
-                                description: dns defines the options for the DNS add-on
-                                  installed in the cluster.
-                                properties:
-                                  imageRepository:
-                                    description: |-
-                                      imageRepository sets the container registry to pull images from.
-                                      if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                    type: string
-                                  imageTag:
-                                    description: |-
-                                      imageTag allows to specify a tag for the image.
-                                      In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                    type: string
-                                type: object
-                              etcd:
-                                description: |-
-                                  etcd holds configuration for etcd.
-                                  NB: This value defaults to a Local (stacked) etcd
-                                properties:
-                                  external:
-                                    description: |-
-                                      external describes how to connect to an external etcd cluster
-                                      Local and External are mutually exclusive
-                                    properties:
-                                      caFile:
-                                        description: |-
-                                          caFile is an SSL Certificate Authority file used to secure etcd communication.
-                                          Required if using a TLS connection.
-                                        type: string
-                                      certFile:
-                                        description: |-
-                                          certFile is an SSL certification file used to secure etcd communication.
-                                          Required if using a TLS connection.
-                                        type: string
-                                      endpoints:
-                                        description: endpoints of etcd members. Required
-                                          for ExternalEtcd.
-                                        items:
-                                          type: string
-                                        type: array
-                                      keyFile:
-                                        description: |-
-                                          keyFile is an SSL key file used to secure etcd communication.
-                                          Required if using a TLS connection.
-                                        type: string
-                                    required:
-                                    - caFile
-                                    - certFile
-                                    - endpoints
-                                    - keyFile
-                                    type: object
-                                  local:
-                                    description: |-
-                                      local provides configuration knobs for configuring the local etcd instance
-                                      Local and External are mutually exclusive
-                                    properties:
-                                      dataDir:
-                                        description: |-
-                                          dataDir is the directory etcd will place its data.
-                                          Defaults to "/var/lib/etcd".
-                                        type: string
-                                      extraArgs:
-                                        additionalProperties:
-                                          type: string
-                                        description: |-
-                                          extraArgs are extra arguments provided to the etcd binary
-                                          when run inside a static pod.
-                                        type: object
-                                      extraEnvs:
-                                        description: |-
-                                          extraEnvs is an extra set of environment variables to pass to the control plane component.
-                                          Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                                          This option takes effect only on Kubernetes >=1.31.0.
-                                        items:
-                                          description: EnvVar represents an environment
-                                            variable present in a Container.
-                                          properties:
-                                            name:
-                                              description: Name of the environment
-                                                variable. Must be a C_IDENTIFIER.
-                                              type: string
-                                            value:
-                                              description: |-
-                                                Variable references $(VAR_NAME) are expanded
-                                                using the previously defined environment variables in the container and
-                                                any service environment variables. If a variable cannot be resolved,
-                                                the reference in the input string will be unchanged. Double $ are reduced
-                                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                                "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                                Escaped references will never be expanded, regardless of whether the variable
-                                                exists or not.
-                                                Defaults to "".
-                                              type: string
-                                            valueFrom:
-                                              description: Source for the environment
-                                                variable's value. Cannot be used if
-                                                value is not empty.
-                                              properties:
-                                                configMapKeyRef:
-                                                  description: Selects a key of a
-                                                    ConfigMap.
-                                                  properties:
-                                                    key:
-                                                      description: The key to select.
-                                                      type: string
-                                                    name:
-                                                      default: ""
-                                                      description: |-
-                                                        Name of the referent.
-                                                        This field is effectively required, but due to backwards compatibility is
-                                                        allowed to be empty. Instances of this type with an empty value here are
-                                                        almost certainly wrong.
-                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the ConfigMap or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                                  x-kubernetes-map-type: atomic
-                                                fieldRef:
-                                                  description: |-
-                                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                                  properties:
-                                                    apiVersion:
-                                                      description: Version of the
-                                                        schema the FieldPath is written
-                                                        in terms of, defaults to "v1".
-                                                      type: string
-                                                    fieldPath:
-                                                      description: Path of the field
-                                                        to select in the specified
-                                                        API version.
-                                                      type: string
-                                                  required:
-                                                  - fieldPath
-                                                  type: object
-                                                  x-kubernetes-map-type: atomic
-                                                resourceFieldRef:
-                                                  description: |-
-                                                    Selects a resource of the container: only resources limits and requests
-                                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                                  properties:
-                                                    containerName:
-                                                      description: 'Container name:
-                                                        required for volumes, optional
-                                                        for env vars'
-                                                      type: string
-                                                    divisor:
-                                                      anyOf:
-                                                      - type: integer
-                                                      - type: string
-                                                      description: Specifies the output
-                                                        format of the exposed resources,
-                                                        defaults to "1"
-                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                      x-kubernetes-int-or-string: true
-                                                    resource:
-                                                      description: 'Required: resource
-                                                        to select'
-                                                      type: string
-                                                  required:
-                                                  - resource
-                                                  type: object
-                                                  x-kubernetes-map-type: atomic
-                                                secretKeyRef:
-                                                  description: Selects a key of a
-                                                    secret in the pod's namespace
-                                                  properties:
-                                                    key:
-                                                      description: The key of the
-                                                        secret to select from.  Must
-                                                        be a valid secret key.
-                                                      type: string
-                                                    name:
-                                                      default: ""
-                                                      description: |-
-                                                        Name of the referent.
-                                                        This field is effectively required, but due to backwards compatibility is
-                                                        allowed to be empty. Instances of this type with an empty value here are
-                                                        almost certainly wrong.
-                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                      type: string
-                                                    optional:
-                                                      description: Specify whether
-                                                        the Secret or its key must
-                                                        be defined
-                                                      type: boolean
-                                                  required:
-                                                  - key
-                                                  type: object
-                                                  x-kubernetes-map-type: atomic
-                                              type: object
-                                          required:
-                                          - name
-                                          type: object
-                                        type: array
-                                      imageRepository:
-                                        description: |-
-                                          imageRepository sets the container registry to pull images from.
-                                          if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
-                                        type: string
-                                      imageTag:
-                                        description: |-
-                                          imageTag allows to specify a tag for the image.
-                                          In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
-                                        type: string
-                                      peerCertSANs:
-                                        description: peerCertSANs sets extra Subject
-                                          Alternative Names for the etcd peer signing
-                                          cert.
-                                        items:
-                                          type: string
-                                        type: array
-                                      serverCertSANs:
-                                        description: serverCertSANs sets extra Subject
-                                          Alternative Names for the etcd server signing
-                                          cert.
-                                        items:
-                                          type: string
-                                        type: array
-                                    type: object
-                                type: object
-                              featureGates:
-                                additionalProperties:
-                                  type: boolean
-                                description: featureGates enabled by the user.
-                                type: object
-                              imageRepository:
-                                description: |-
-                                  imageRepository sets the container registry to pull images from.
-                                  * If not set, the default registry of kubeadm will be used, i.e.
-                                    * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
-                                    * k8s.gcr.io (old registry): all older versions
-                                    Please note that when imageRepository is not set we don't allow upgrades to
-                                    versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
-                                    a newer patch version with the new registry instead (i.e. >= v1.22.17,
-                                    >= v1.23.15, >= v1.24.9, >= v1.25.0).
-                                  * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
-                                   `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
-                                    and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
-                                type: string
-                              kind:
-                                description: |-
-                                  Kind is a string value representing the REST resource this object represents.
-                                  Servers may infer this from the endpoint the client submits requests to.
-                                  Cannot be updated.
-                                  In CamelCase.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              kubernetesVersion:
-                                description: |-
-                                  kubernetesVersion is the target version of the control plane.
-                                  NB: This value defaults to the Machine object spec.version
-                                type: string
-                              networking:
-                                description: |-
-                                  networking holds configuration for the networking topology of the cluster.
-                                  NB: This value defaults to the Cluster object spec.clusterNetwork.
-                                properties:
-                                  dnsDomain:
-                                    description: dnsDomain is the dns domain used
-                                      by k8s services. Defaults to "cluster.local".
-                                    type: string
-                                  podSubnet:
-                                    description: |-
-                                      podSubnet is the subnet used by pods.
-                                      If unset, the API server will not allocate CIDR ranges for every node.
-                                      Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
-                                    type: string
-                                  serviceSubnet:
-                                    description: |-
-                                      serviceSubnet is the subnet used by k8s services.
-                                      Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
-                                      to "10.96.0.0/12" if that's unset.
-                                    type: string
-                                type: object
-                              scheduler:
-                                description: scheduler contains extra settings for
-                                  the scheduler control plane component
-                                properties:
-                                  extraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: extraArgs is an extra set of flags
-                                      to pass to the control plane component.
-                                    type: object
-                                  extraEnvs:
-                                    description: |-
-                                      extraEnvs is an extra set of environment variables to pass to the control plane component.
-                                      Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
-                                      This option takes effect only on Kubernetes >=1.31.0.
-                                    items:
-                                      description: EnvVar represents an environment
-                                        variable present in a Container.
-                                      properties:
-                                        name:
-                                          description: Name of the environment variable.
-                                            Must be a C_IDENTIFIER.
-                                          type: string
-                                        value:
-                                          description: |-
-                                            Variable references $(VAR_NAME) are expanded
-                                            using the previously defined environment variables in the container and
-                                            any service environment variables. If a variable cannot be resolved,
-                                            the reference in the input string will be unchanged. Double $ are reduced
-                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
-                                            "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
-                                            Escaped references will never be expanded, regardless of whether the variable
-                                            exists or not.
-                                            Defaults to "".
-                                          type: string
-                                        valueFrom:
-                                          description: Source for the environment
-                                            variable's value. Cannot be used if value
-                                            is not empty.
-                                          properties:
-                                            configMapKeyRef:
-                                              description: Selects a key of a ConfigMap.
-                                              properties:
-                                                key:
-                                                  description: The key to select.
-                                                  type: string
-                                                name:
-                                                  default: ""
-                                                  description: |-
-                                                    Name of the referent.
-                                                    This field is effectively required, but due to backwards compatibility is
-                                                    allowed to be empty. Instances of this type with an empty value here are
-                                                    almost certainly wrong.
-                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    ConfigMap or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            fieldRef:
-                                              description: |-
-                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
-                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-                                              properties:
-                                                apiVersion:
-                                                  description: Version of the schema
-                                                    the FieldPath is written in terms
-                                                    of, defaults to "v1".
-                                                  type: string
-                                                fieldPath:
-                                                  description: Path of the field to
-                                                    select in the specified API version.
-                                                  type: string
-                                              required:
-                                              - fieldPath
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            resourceFieldRef:
-                                              description: |-
-                                                Selects a resource of the container: only resources limits and requests
-                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-                                              properties:
-                                                containerName:
-                                                  description: 'Container name: required
-                                                    for volumes, optional for env
-                                                    vars'
-                                                  type: string
-                                                divisor:
-                                                  anyOf:
-                                                  - type: integer
-                                                  - type: string
-                                                  description: Specifies the output
-                                                    format of the exposed resources,
-                                                    defaults to "1"
-                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                                  x-kubernetes-int-or-string: true
-                                                resource:
-                                                  description: 'Required: resource
-                                                    to select'
-                                                  type: string
-                                              required:
-                                              - resource
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                            secretKeyRef:
-                                              description: Selects a key of a secret
-                                                in the pod's namespace
-                                              properties:
-                                                key:
-                                                  description: The key of the secret
-                                                    to select from.  Must be a valid
-                                                    secret key.
-                                                  type: string
-                                                name:
-                                                  default: ""
-                                                  description: |-
-                                                    Name of the referent.
-                                                    This field is effectively required, but due to backwards compatibility is
-                                                    allowed to be empty. Instances of this type with an empty value here are
-                                                    almost certainly wrong.
-                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                                  type: string
-                                                optional:
-                                                  description: Specify whether the
-                                                    Secret or its key must be defined
-                                                  type: boolean
-                                              required:
-                                              - key
-                                              type: object
-                                              x-kubernetes-map-type: atomic
-                                          type: object
-                                      required:
-                                      - name
-                                      type: object
-                                    type: array
-                                  extraVolumes:
-                                    description: extraVolumes is an extra set of host
-                                      volumes, mounted to the control plane component.
-                                    items:
-                                      description: |-
-                                        HostPathMount contains elements describing volumes that are mounted from the
-                                        host.
-                                      properties:
-                                        hostPath:
-                                          description: |-
-                                            hostPath is the path in the host that will be mounted inside
-                                            the pod.
-                                          type: string
-                                        mountPath:
-                                          description: mountPath is the path inside
-                                            the pod where hostPath will be mounted.
-                                          type: string
-                                        name:
-                                          description: name of the volume inside the
-                                            pod template.
-                                          type: string
-                                        pathType:
-                                          description: pathType is the type of the
-                                            HostPath.
-                                          type: string
-                                        readOnly:
-                                          description: readOnly controls write access
-                                            to the volume
-                                          type: boolean
-                                      required:
-                                      - hostPath
-                                      - mountPath
-                                      - name
-                                      type: object
-                                    type: array
-                                type: object
-                            type: object
-                          diskSetup:
-                            description: diskSetup specifies options for the creation
-                              of partition tables and file systems on devices.
-                            properties:
-                              filesystems:
-                                description: filesystems specifies the list of file
-                                  systems to setup.
-                                items:
-                                  description: Filesystem defines the file systems
-                                    to be created.
-                                  properties:
-                                    device:
-                                      description: device specifies the device name
-                                      type: string
-                                    extraOpts:
-                                      description: extraOpts defined extra options
-                                        to add to the command for creating the file
-                                        system.
-                                      items:
-                                        type: string
-                                      type: array
-                                    filesystem:
-                                      description: filesystem specifies the file system
-                                        type.
-                                      type: string
-                                    label:
-                                      description: label specifies the file system
-                                        label to be used. If set to None, no label
-                                        is used.
-                                      type: string
-                                    overwrite:
-                                      description: |-
-                                        overwrite defines whether or not to overwrite any existing filesystem.
-                                        If true, any pre-existing file system will be destroyed. Use with Caution.
-                                      type: boolean
-                                    partition:
-                                      description: 'partition specifies the partition
-                                        to use. The valid options are: "auto|any",
-                                        "auto", "any", "none", and <NUM>, where NUM
-                                        is the actual partition number.'
-                                      type: string
-                                    replaceFS:
-                                      description: |-
-                                        replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
-                                        NOTE: unless you define a label, this requires the use of the 'any' partition directive.
-                                      type: string
-                                  required:
-                                  - device
-                                  - filesystem
-                                  - label
-                                  type: object
-                                type: array
-                              partitions:
-                                description: partitions specifies the list of the
-                                  partitions to setup.
-                                items:
-                                  description: Partition defines how to create and
-                                    layout a partition.
-                                  properties:
-                                    device:
-                                      description: device is the name of the device.
-                                      type: string
-                                    layout:
-                                      description: |-
-                                        layout specifies the device layout.
-                                        If it is true, a single partition will be created for the entire device.
-                                        When layout is false, it means don't partition or ignore existing partitioning.
-                                      type: boolean
-                                    overwrite:
-                                      description: |-
-                                        overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-                                        Use with caution. Default is 'false'.
-                                      type: boolean
-                                    tableType:
-                                      description: |-
-                                        tableType specifies the tupe of partition table. The following are supported:
-                                        'mbr': default and setups a MS-DOS partition table
-                                        'gpt': setups a GPT partition table
-                                      type: string
-                                  required:
-                                  - device
-                                  - layout
-                                  type: object
-                                type: array
-                            type: object
-                          files:
-                            description: files specifies extra files to be passed
-                              to user_data upon creation.
-                            items:
-                              description: File defines the input for generating write_files
-                                in cloud-init.
-                              properties:
-                                append:
-                                  description: append specifies whether to append
-                                    Content to existing file if Path exists.
-                                  type: boolean
-                                content:
-                                  description: content is the actual content of the
-                                    file.
-                                  type: string
-                                contentFrom:
-                                  description: contentFrom is a referenced source
-                                    of content to populate the file.
-                                  properties:
-                                    secret:
-                                      description: secret represents a secret that
-                                        should populate this file.
-                                      properties:
-                                        key:
-                                          description: key is the key in the secret's
-                                            data map for this value.
-                                          type: string
-                                        name:
-                                          description: name of the secret in the KubeadmBootstrapConfig's
-                                            namespace to use.
-                                          type: string
-                                      required:
-                                      - key
-                                      - name
-                                      type: object
-                                  required:
-                                  - secret
-                                  type: object
-                                encoding:
-                                  description: encoding specifies the encoding of
-                                    the file contents.
-                                  enum:
-                                  - base64
-                                  - gzip
-                                  - gzip+base64
-                                  type: string
-                                owner:
-                                  description: owner specifies the ownership of the
-                                    file, e.g. "root:root".
-                                  type: string
-                                path:
-                                  description: path specifies the full path on disk
-                                    where to store the file.
-                                  type: string
-                                permissions:
-                                  description: permissions specifies the permissions
-                                    to assign to the file, e.g. "0640".
-                                  type: string
-                              required:
-                              - path
-                              type: object
-                            type: array
-                          format:
-                            description: format specifies the output format of the
-                              bootstrap data
-                            enum:
-                            - cloud-config
-                            - ignition
-                            type: string
-                          ignition:
-                            description: ignition contains Ignition specific configuration.
-                            properties:
-                              containerLinuxConfig:
-                                description: containerLinuxConfig contains CLC specific
-                                  configuration.
-                                properties:
-                                  additionalConfig:
-                                    description: |-
-                                      additionalConfig contains additional configuration to be merged with the Ignition
-                                      configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
-
-                                      The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
-                                    type: string
-                                  strict:
-                                    description: strict controls if AdditionalConfig
-                                      should be strictly parsed. If so, warnings are
-                                      treated as errors.
-                                    type: boolean
-                                type: object
-                            type: object
-                          initConfiguration:
-                            description: initConfiguration along with ClusterConfiguration
-                              are the configurations necessary for the init command
-                            properties:
-                              apiVersion:
-                                description: |-
-                                  APIVersion defines the versioned schema of this representation of an object.
-                                  Servers should convert recognized schemas to the latest internal value, and
-                                  may reject unrecognized values.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                                type: string
-                              bootstrapTokens:
-                                description: |-
-                                  bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
-                                  This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
-                                items:
-                                  description: BootstrapToken describes one bootstrap
-                                    token, stored as a Secret in the cluster.
-                                  properties:
-                                    description:
-                                      description: |-
-                                        description sets a human-friendly message why this token exists and what it's used
-                                        for, so other administrators can know its purpose.
-                                      type: string
-                                    expires:
-                                      description: |-
-                                        expires specifies the timestamp when this token expires. Defaults to being set
-                                        dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
-                                      format: date-time
-                                      type: string
-                                    groups:
-                                      description: |-
-                                        groups specifies the extra groups that this token will authenticate as when/if
-                                        used for authentication
-                                      items:
-                                        type: string
-                                      type: array
-                                    token:
-                                      description: |-
-                                        token is used for establishing bidirectional trust between nodes and control-planes.
-                                        Used for joining nodes in the cluster.
-                                      type: string
-                                    ttl:
-                                      description: |-
-                                        ttl defines the time to live for this token. Defaults to 24h.
-                                        Expires and TTL are mutually exclusive.
-                                      type: string
-                                    usages:
-                                      description: |-
-                                        usages describes the ways in which this token can be used. Can by default be used
-                                        for establishing bidirectional trust, but that can be changed here.
-                                      items:
-                                        type: string
-                                      type: array
-                                  required:
-                                  - token
-                                  type: object
-                                type: array
-                              kind:
-                                description: |-
-                                  Kind is a string value representing the REST resource this object represents.
-                                  Servers may infer this from the endpoint the client submits requests to.
-                                  Cannot be updated.
-                                  In CamelCase.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              localAPIEndpoint:
-                                description: |-
-                                  localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
-                                  In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
-                                  is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
-                                  configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
-                                  on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
-                                  fails you may set the desired value here.
-                                properties:
-                                  advertiseAddress:
-                                    description: advertiseAddress sets the IP address
-                                      for the API server to advertise.
-                                    type: string
-                                  bindPort:
-                                    description: |-
-                                      bindPort sets the secure port for the API Server to bind to.
-                                      Defaults to 6443.
-                                    format: int32
-                                    type: integer
-                                type: object
-                              nodeRegistration:
-                                description: |-
-                                  nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                                  When used in the context of control plane nodes, NodeRegistration should remain consistent
-                                  across both InitConfiguration and JoinConfiguration
-                                properties:
-                                  criSocket:
-                                    description: criSocket is used to retrieve container
-                                      runtime info. This information will be annotated
-                                      to the Node API object, for later re-use
-                                    type: string
-                                  ignorePreflightErrors:
-                                    description: ignorePreflightErrors provides a
-                                      slice of pre-flight errors to be ignored when
-                                      the current node is registered.
-                                    items:
-                                      type: string
-                                    type: array
-                                  imagePullPolicy:
-                                    description: |-
-                                      imagePullPolicy specifies the policy for image pulling
-                                      during kubeadm "init" and "join" operations. The value of
-                                      this field must be one of "Always", "IfNotPresent" or
-                                      "Never". Defaults to "IfNotPresent". This can be used only
-                                      with Kubernetes version equal to 1.22 and later.
-                                    enum:
-                                    - Always
-                                    - IfNotPresent
-                                    - Never
-                                    type: string
-                                  imagePullSerial:
-                                    description: |-
-                                      imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
-                                      This option takes effect only on Kubernetes >=1.31.0.
-                                      Default: true (defaulted in kubeadm)
-                                    type: boolean
-                                  kubeletExtraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: |-
-                                      kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                      kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                      Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                    type: object
-                                  name:
-                                    description: |-
-                                      name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                      This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                      Defaults to the hostname of the node if not provided.
-                                    type: string
-                                  taints:
-                                    description: |-
-                                      taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                      it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                      empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
-                                    items:
-                                      description: |-
-                                        The node this Taint is attached to has the "effect" on
-                                        any pod that does not tolerate the Taint.
-                                      properties:
-                                        effect:
-                                          description: |-
-                                            Required. The effect of the taint on pods
-                                            that do not tolerate the taint.
-                                            Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                          type: string
-                                        key:
-                                          description: Required. The taint key to
-                                            be applied to a node.
-                                          type: string
-                                        timeAdded:
-                                          description: |-
-                                            TimeAdded represents the time at which the taint was added.
-                                            It is only written for NoExecute taints.
-                                          format: date-time
-                                          type: string
-                                        value:
-                                          description: The taint value corresponding
-                                            to the taint key.
-                                          type: string
-                                      required:
-                                      - effect
-                                      - key
-                                      type: object
-                                    type: array
-                                type: object
-                              patches:
-                                description: |-
-                                  patches contains options related to applying patches to components deployed by kubeadm during
-                                  "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
-                                properties:
-                                  directory:
-                                    description: |-
-                                      directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
-                                      For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
-                                      "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
-                                      of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
-                                      The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
-                                      "suffix" is an optional string that can be used to determine which patches are applied
-                                      first alpha-numerically.
-                                      These files can be written into the target directory via KubeadmConfig.Files which
-                                      specifies additional files to be created on the machine, either with content inline or
-                                      by referencing a secret.
-                                    type: string
-                                type: object
-                              skipPhases:
-                                description: |-
-                                  skipPhases is a list of phases to skip during command execution.
-                                  The list of phases can be obtained with the "kubeadm init --help" command.
-                                  This option takes effect only on Kubernetes >=1.22.0.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                          joinConfiguration:
-                            description: joinConfiguration is the kubeadm configuration
-                              for the join command
-                            properties:
-                              apiVersion:
-                                description: |-
-                                  APIVersion defines the versioned schema of this representation of an object.
-                                  Servers should convert recognized schemas to the latest internal value, and
-                                  may reject unrecognized values.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-                                type: string
-                              caCertPath:
-                                description: |-
-                                  caCertPath is the path to the SSL certificate authority used to
-                                  secure comunications between node and control-plane.
-                                  Defaults to "/etc/kubernetes/pki/ca.crt".
-                                type: string
-                              controlPlane:
-                                description: |-
-                                  controlPlane defines the additional control plane instance to be deployed on the joining node.
-                                  If nil, no additional control plane instance will be deployed.
-                                properties:
-                                  localAPIEndpoint:
-                                    description: localAPIEndpoint represents the endpoint
-                                      of the API server instance to be deployed on
-                                      this node.
-                                    properties:
-                                      advertiseAddress:
-                                        description: advertiseAddress sets the IP
-                                          address for the API server to advertise.
-                                        type: string
-                                      bindPort:
-                                        description: |-
-                                          bindPort sets the secure port for the API Server to bind to.
-                                          Defaults to 6443.
-                                        format: int32
-                                        type: integer
-                                    type: object
-                                type: object
-                              discovery:
-                                description: discovery specifies the options for the
-                                  kubelet to use during the TLS Bootstrap process
-                                properties:
-                                  bootstrapToken:
-                                    description: |-
-                                      bootstrapToken is used to set the options for bootstrap token based discovery
-                                      BootstrapToken and File are mutually exclusive
-                                    properties:
-                                      apiServerEndpoint:
-                                        description: apiServerEndpoint is an IP or
-                                          domain name to the API server from which
-                                          info will be fetched.
-                                        type: string
-                                      caCertHashes:
-                                        description: |-
-                                          caCertHashes specifies a set of public key pins to verify
-                                          when token-based discovery is used. The root CA found during discovery
-                                          must match one of these values. Specifying an empty set disables root CA
-                                          pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
-                                          where the only currently supported type is "sha256". This is a hex-encoded
-                                          SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
-                                          ASN.1. These hashes can be calculated using, for example, OpenSSL:
-                                          openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
-                                        items:
-                                          type: string
-                                        type: array
-                                      token:
-                                        description: |-
-                                          token is a token used to validate cluster information
-                                          fetched from the control-plane.
-                                        type: string
-                                      unsafeSkipCAVerification:
-                                        description: |-
-                                          unsafeSkipCAVerification allows token-based discovery
-                                          without CA verification via CACertHashes. This can weaken
-                                          the security of kubeadm since other nodes can impersonate the control-plane.
-                                        type: boolean
-                                    required:
-                                    - token
-                                    type: object
-                                  file:
-                                    description: |-
-                                      file is used to specify a file or URL to a kubeconfig file from which to load cluster information
-                                      BootstrapToken and File are mutually exclusive
-                                    properties:
-                                      kubeConfig:
-                                        description: |-
-                                          kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
-                                          The file is generated at the path specified in KubeConfigPath.
-
-                                          Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
-                                          Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
-                                        properties:
-                                          cluster:
-                                            description: |-
-                                              cluster contains information about how to communicate with the kubernetes cluster.
-
-                                              By default the following fields are automatically populated:
-                                              - Server with the Cluster's ControlPlaneEndpoint.
-                                              - CertificateAuthorityData with the Cluster's CA certificate.
-                                            properties:
-                                              certificateAuthorityData:
-                                                description: |-
-                                                  certificateAuthorityData contains PEM-encoded certificate authority certificates.
-
-                                                  Defaults to the Cluster's CA certificate if empty.
-                                                format: byte
-                                                type: string
-                                              insecureSkipTLSVerify:
-                                                description: insecureSkipTLSVerify
-                                                  skips the validity check for the
-                                                  server's certificate. This will
-                                                  make your HTTPS connections insecure.
-                                                type: boolean
-                                              proxyURL:
-                                                description: |-
-                                                  proxyURL is the URL to the proxy to be used for all requests made by this
-                                                  client. URLs with "http", "https", and "socks5" schemes are supported.  If
-                                                  this configuration is not provided or the empty string, the client
-                                                  attempts to construct a proxy configuration from http_proxy and
-                                                  https_proxy environment variables. If these environment variables are not
-                                                  set, the client does not attempt to proxy requests.
-
-                                                  socks5 proxying does not currently support spdy streaming endpoints (exec,
-                                                  attach, port forward).
-                                                type: string
-                                              server:
-                                                description: |-
-                                                  server is the address of the kubernetes cluster (https://hostname:port).
-
-                                                  Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
-                                                type: string
-                                              tlsServerName:
-                                                description: tlsServerName is used
-                                                  to check server certificate. If
-                                                  TLSServerName is empty, the hostname
-                                                  used to contact the server is used.
-                                                type: string
-                                            type: object
-                                          user:
-                                            description: |-
-                                              user contains information that describes identity information.
-                                              This is used to tell the kubernetes cluster who you are.
-                                            properties:
-                                              authProvider:
-                                                description: authProvider specifies
-                                                  a custom authentication plugin for
-                                                  the kubernetes cluster.
-                                                properties:
-                                                  config:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: config holds the
-                                                      parameters for the authentication
-                                                      plugin.
-                                                    type: object
-                                                  name:
-                                                    description: name is the name
-                                                      of the authentication plugin.
-                                                    type: string
-                                                required:
-                                                - name
-                                                type: object
-                                              exec:
-                                                description: exec specifies a custom
-                                                  exec-based authentication plugin
-                                                  for the kubernetes cluster.
-                                                properties:
-                                                  apiVersion:
-                                                    description: |-
-                                                      Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
-                                                      the same encoding version as the input.
-                                                      Defaults to client.authentication.k8s.io/v1 if not set.
-                                                    type: string
-                                                  args:
-                                                    description: Arguments to pass
-                                                      to the command when executing
-                                                      it.
-                                                    items:
-                                                      type: string
-                                                    type: array
-                                                  command:
-                                                    description: command to execute.
-                                                    type: string
-                                                  env:
-                                                    description: |-
-                                                      env defines additional environment variables to expose to the process. These
-                                                      are unioned with the host's environment, as well as variables client-go uses
-                                                      to pass argument to the plugin.
-                                                    items:
-                                                      description: |-
-                                                        KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
-                                                        credential plugin.
-                                                      properties:
-                                                        name:
-                                                          type: string
-                                                        value:
-                                                          type: string
-                                                      required:
-                                                      - name
-                                                      - value
-                                                      type: object
-                                                    type: array
-                                                  provideClusterInfo:
-                                                    description: |-
-                                                      provideClusterInfo determines whether or not to provide cluster information,
-                                                      which could potentially contain very large CA data, to this exec plugin as a
-                                                      part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
-                                                      to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
-                                                      reading this environment variable.
-                                                    type: boolean
-                                                required:
-                                                - command
-                                                type: object
-                                            type: object
-                                        required:
-                                        - user
-                                        type: object
-                                      kubeConfigPath:
-                                        description: kubeConfigPath is used to specify
-                                          the actual file path or URL to the kubeconfig
-                                          file from which to load cluster information
-                                        type: string
-                                    required:
-                                    - kubeConfigPath
-                                    type: object
-                                  timeout:
-                                    description: timeout modifies the discovery timeout
-                                    type: string
-                                  tlsBootstrapToken:
-                                    description: |-
-                                      tlsBootstrapToken is a token used for TLS bootstrapping.
-                                      If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
-                                      If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
-                                    type: string
-                                type: object
-                              kind:
-                                description: |-
-                                  Kind is a string value representing the REST resource this object represents.
-                                  Servers may infer this from the endpoint the client submits requests to.
-                                  Cannot be updated.
-                                  In CamelCase.
-                                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-                                type: string
-                              nodeRegistration:
-                                description: |-
-                                  nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
-                                  When used in the context of control plane nodes, NodeRegistration should remain consistent
-                                  across both InitConfiguration and JoinConfiguration
-                                properties:
-                                  criSocket:
-                                    description: criSocket is used to retrieve container
-                                      runtime info. This information will be annotated
-                                      to the Node API object, for later re-use
-                                    type: string
-                                  ignorePreflightErrors:
-                                    description: ignorePreflightErrors provides a
-                                      slice of pre-flight errors to be ignored when
-                                      the current node is registered.
-                                    items:
-                                      type: string
-                                    type: array
-                                  imagePullPolicy:
-                                    description: |-
-                                      imagePullPolicy specifies the policy for image pulling
-                                      during kubeadm "init" and "join" operations. The value of
-                                      this field must be one of "Always", "IfNotPresent" or
-                                      "Never". Defaults to "IfNotPresent". This can be used only
-                                      with Kubernetes version equal to 1.22 and later.
-                                    enum:
-                                    - Always
-                                    - IfNotPresent
-                                    - Never
-                                    type: string
-                                  imagePullSerial:
-                                    description: |-
-                                      imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
-                                      This option takes effect only on Kubernetes >=1.31.0.
-                                      Default: true (defaulted in kubeadm)
-                                    type: boolean
-                                  kubeletExtraArgs:
-                                    additionalProperties:
-                                      type: string
-                                    description: |-
-                                      kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
-                                      kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
-                                      Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
-                                    type: object
-                                  name:
-                                    description: |-
-                                      name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
-                                      This field is also used in the CommonName field of the kubelet's client certificate to the API server.
-                                      Defaults to the hostname of the node if not provided.
-                                    type: string
-                                  taints:
-                                    description: |-
-                                      taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
-                                      it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
-                                      empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
-                                    items:
-                                      description: |-
-                                        The node this Taint is attached to has the "effect" on
-                                        any pod that does not tolerate the Taint.
-                                      properties:
-                                        effect:
-                                          description: |-
-                                            Required. The effect of the taint on pods
-                                            that do not tolerate the taint.
-                                            Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
-                                          type: string
-                                        key:
-                                          description: Required. The taint key to
-                                            be applied to a node.
-                                          type: string
-                                        timeAdded:
-                                          description: |-
-                                            TimeAdded represents the time at which the taint was added.
-                                            It is only written for NoExecute taints.
-                                          format: date-time
-                                          type: string
-                                        value:
-                                          description: The taint value corresponding
-                                            to the taint key.
-                                          type: string
-                                      required:
-                                      - effect
-                                      - key
-                                      type: object
-                                    type: array
-                                type: object
-                              patches:
-                                description: |-
-                                  patches contains options related to applying patches to components deployed by kubeadm during
-                                  "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
-                                properties:
-                                  directory:
-                                    description: |-
-                                      directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
-                                      For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
-                                      "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
-                                      of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
-                                      The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
-                                      "suffix" is an optional string that can be used to determine which patches are applied
-                                      first alpha-numerically.
-                                      These files can be written into the target directory via KubeadmConfig.Files which
-                                      specifies additional files to be created on the machine, either with content inline or
-                                      by referencing a secret.
-                                    type: string
-                                type: object
-                              skipPhases:
-                                description: |-
-                                  skipPhases is a list of phases to skip during command execution.
-                                  The list of phases can be obtained with the "kubeadm init --help" command.
-                                  This option takes effect only on Kubernetes >=1.22.0.
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                          mounts:
-                            description: mounts specifies a list of mount points to
-                              be setup.
-                            items:
-                              description: MountPoints defines input for generated
-                                mounts in cloud-init.
-                              items:
-                                type: string
-                              type: array
-                            type: array
-                          ntp:
-                            description: ntp specifies NTP configuration
-                            properties:
-                              enabled:
-                                description: enabled specifies whether NTP should
-                                  be enabled
-                                type: boolean
-                              servers:
-                                description: servers specifies which NTP servers to
-                                  use
-                                items:
-                                  type: string
-                                type: array
-                            type: object
-                          postKubeadmCommands:
-                            description: postKubeadmCommands specifies extra commands
-                              to run after kubeadm runs
-                            items:
-                              type: string
-                            type: array
-                          preKubeadmCommands:
-                            description: preKubeadmCommands specifies extra commands
-                              to run before kubeadm runs
-                            items:
-                              type: string
-                            type: array
-                          useExperimentalRetryJoin:
-                            description: |-
-                              useExperimentalRetryJoin replaces a basic kubeadm command with a shell
-                              script with retries for joins.
-
-                              This is meant to be an experimental temporary workaround on some environments
-                              where joins fail due to timing (and other issues). The long term goal is to add retries to
-                              kubeadm proper and use that functionality.
-
-                              This will add about 40KB to userdata
-
-                              For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-
-                              Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
-                              When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
-                            type: boolean
-                          users:
-                            description: users specifies extra users to add
-                            items:
-                              description: User defines the input for a generated
-                                user in cloud-init.
-                              properties:
-                                gecos:
-                                  description: gecos specifies the gecos to use for
-                                    the user
-                                  type: string
-                                groups:
-                                  description: groups specifies the additional groups
-                                    for the user
-                                  type: string
-                                homeDir:
-                                  description: homeDir specifies the home directory
-                                    to use for the user
-                                  type: string
-                                inactive:
-                                  description: inactive specifies whether to mark
-                                    the user as inactive
-                                  type: boolean
-                                lockPassword:
-                                  description: lockPassword specifies if password
-                                    login should be disabled
-                                  type: boolean
-                                name:
-                                  description: name specifies the user name
-                                  type: string
-                                passwd:
-                                  description: passwd specifies a hashed password
-                                    for the user
-                                  type: string
-                                passwdFrom:
-                                  description: passwdFrom is a referenced source of
-                                    passwd to populate the passwd.
-                                  properties:
-                                    secret:
-                                      description: secret represents a secret that
-                                        should populate this password.
-                                      properties:
-                                        key:
-                                          description: key is the key in the secret's
-                                            data map for this value.
-                                          type: string
-                                        name:
-                                          description: name of the secret in the KubeadmBootstrapConfig's
-                                            namespace to use.
-                                          type: string
-                                      required:
-                                      - key
-                                      - name
-                                      type: object
-                                  required:
-                                  - secret
-                                  type: object
-                                primaryGroup:
-                                  description: primaryGroup specifies the primary
-                                    group for the user
-                                  type: string
-                                shell:
-                                  description: shell specifies the user's shell
-                                  type: string
-                                sshAuthorizedKeys:
-                                  description: sshAuthorizedKeys specifies a list
-                                    of ssh authorized keys for the user
-                                  items:
-                                    type: string
-                                  type: array
-                                sudo:
-                                  description: sudo specifies a sudo role for the
-                                    user
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                            type: array
-                          verbosity:
-                            description: |-
-                              verbosity is the number for the kubeadm log level verbosity.
-                              It overrides the `--v` flag in kubeadm commands.
-                            format: int32
-                            type: integer
-                        type: object
-                      machineNamingStrategy:
-                        description: |-
-                          MachineNamingStrategy allows changing the naming pattern used when creating Machines.
-                          InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.
-                        properties:
-                          template:
-                            description: |-
-                              Template defines the template to use for generating the names of the Machine objects.
-                              If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`.
-                              If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will
-                              get concatenated with a random suffix of length 5.
-                              Length of the template string must not exceed 256 characters.
-                              The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`.
-                              The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created.
-                              The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created.
-                              The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5.
-                            maxLength: 256
-                            type: string
-                        type: object
-                      machineTemplate:
-                        description: |-
-                          machineTemplate contains information about how machines
-                          should be shaped when creating or updating a control plane.
-                        properties:
-                          metadata:
-                            description: |-
-                              Standard object's metadata.
-                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-                            properties:
-                              annotations:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  annotations is an unstructured key value map stored with a resource that may be
-                                  set by external tools to store and retrieve arbitrary metadata. They are not
-                                  queryable and should be preserved when modifying objects.
-                                  More info: http://kubernetes.io/docs/user-guide/annotations
-                                type: object
-                              labels:
-                                additionalProperties:
-                                  type: string
-                                description: |-
-                                  Map of string keys and values that can be used to organize and categorize
-                                  (scope and select) objects. May match selectors of replication controllers
-                                  and services.
-                                  More info: http://kubernetes.io/docs/user-guide/labels
-                                type: object
-                            type: object
-                          nodeDeletionTimeout:
-                            description: |-
-                              nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
-                              hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
-                              If no value is provided, the default value for this property of the Machine resource will be used.
-                            type: string
-                          nodeDrainTimeout:
-                            description: |-
-                              nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
-                              The default value is 0, meaning that the node can be drained without any time limitations.
-                              NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
-                            type: string
-                          nodeVolumeDetachTimeout:
-                            description: |-
-                              nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
-                              to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
-                            type: string
-                        type: object
-                      remediationStrategy:
-                        description: The RemediationStrategy that controls how control
-                          plane machine remediation happens.
-                        properties:
-                          maxRetry:
-                            description: "maxRetry is the Max number of retries while
-                              attempting to remediate an unhealthy machine.\nA retry
-                              happens when a machine that was created as a replacement
-                              for an unhealthy machine also fails.\nFor example, given
-                              a control plane with three machines M1, M2, M3:\n\n\tM1
-                              become unhealthy; remediation happens, and M1-1 is created
-                              as a replacement.\n\tIf M1-1 (replacement of M1) has
-                              problems while bootstrapping it will become unhealthy,
-                              and then be\n\tremediated; such operation is considered
-                              a retry, remediation-retry #1.\n\tIf M1-2 (replacement
-                              of M1-1) becomes unhealthy, remediation-retry #2 will
-                              happen, etc.\n\nA retry could happen only after RetryPeriod
-                              from the previous retry.\nIf a machine is marked as
-                              unhealthy after MinHealthyPeriod from the previous remediation
-                              expired,\nthis is not considered a retry anymore because
-                              the new issue is assumed unrelated from the previous
-                              one.\n\nIf not set, the remedation will be retried infinitely."
-                            format: int32
-                            type: integer
-                          minHealthyPeriod:
-                            description: "minHealthyPeriod defines the duration after
-                              which KCP will consider any failure to a machine unrelated\nfrom
-                              the previous one. In this case the remediation is not
-                              considered a retry anymore, and thus the retry\ncounter
-                              restarts from 0. For example, assuming MinHealthyPeriod
-                              is set to 1h (default)\n\n\tM1 become unhealthy; remediation
-                              happens, and M1-1 is created as a replacement.\n\tIf
-                              M1-1 (replacement of M1) has problems within the 1hr
-                              after the creation, also\n\tthis machine will be remediated
-                              and this operation is considered a retry - a problem
-                              related\n\tto the original issue happened to M1 -.\n\n\tIf
-                              instead the problem on M1-1 is happening after MinHealthyPeriod
-                              expired, e.g. four days after\n\tm1-1 has been created
-                              as a remediation of M1, the problem on M1-1 is considered
-                              unrelated to\n\tthe original issue happened to M1.\n\nIf
-                              not set, this value is defaulted to 1h."
-                            type: string
-                          retryPeriod:
-                            description: |-
-                              retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement
-                              for an unhealthy machine (a retry).
-
-                              If not set, a retry will happen immediately.
-                            type: string
-                        type: object
-                      rolloutAfter:
-                        description: |-
-                          rolloutAfter is a field to indicate a rollout should be performed
-                          after the specified time even if no changes have been made to the
-                          KubeadmControlPlane.
-                        format: date-time
-                        type: string
-                      rolloutBefore:
-                        description: |-
-                          rolloutBefore is a field to indicate a rollout should be performed
-                          if the specified criteria is met.
-                        properties:
-                          certificatesExpiryDays:
-                            description: |-
-                              certificatesExpiryDays indicates a rollout needs to be performed if the
-                              certificates of the machine will expire within the specified days.
-                            format: int32
-                            type: integer
-                        type: object
-                      rolloutStrategy:
-                        default:
-                          rollingUpdate:
-                            maxSurge: 1
-                          type: RollingUpdate
-                        description: |-
-                          The RolloutStrategy to use to replace control plane machines with
-                          new ones.
-                        properties:
-                          rollingUpdate:
-                            description: |-
-                              Rolling update config params. Present only if
-                              RolloutStrategyType = RollingUpdate.
-                            properties:
-                              maxSurge:
-                                anyOf:
-                                - type: integer
-                                - type: string
-                                description: |-
-                                  The maximum number of control planes that can be scheduled above or under the
-                                  desired number of control planes.
-                                  Value can be an absolute number 1 or 0.
-                                  Defaults to 1.
-                                  Example: when this is set to 1, the control plane can be scaled
-                                  up immediately when the rolling update starts.
-                                x-kubernetes-int-or-string: true
-                            type: object
-                          type:
-                            description: |-
-                              type of rollout. Currently the only supported strategy is
-                              "RollingUpdate".
-                              Default is RollingUpdate.
-                            type: string
-                        type: object
-                    required:
-                    - kubeadmConfigSpec
-                    type: object
-                required:
-                - spec
-                type: object
-            required:
-            - template
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-manager
-  namespace: capi-kubeadm-control-plane-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-leader-election-role
-  namespace: capi-kubeadm-control-plane-system
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
----
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-aggregated-manager-role
-rules: []
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-    kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
-  name: capi-kubeadm-control-plane-manager-role
-rules:
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
-- apiGroups:
-  - bootstrap.cluster.x-k8s.io
-  - controlplane.cluster.x-k8s.io
-  - infrastructure.cluster.x-k8s.io
-  resources:
-  - '*'
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
-  - clusters
-  - clusters/status
-  - machinepools
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
-  - machines
-  - machines/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-leader-election-rolebinding
-  namespace: capi-kubeadm-control-plane-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: capi-kubeadm-control-plane-leader-election-role
-subjects:
-- kind: ServiceAccount
-  name: capi-kubeadm-control-plane-manager
-  namespace: capi-kubeadm-control-plane-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: capi-kubeadm-control-plane-aggregated-manager-role
-subjects:
-- kind: ServiceAccount
-  name: capi-kubeadm-control-plane-manager
-  namespace: capi-kubeadm-control-plane-system
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-webhook-service
-  namespace: capi-kubeadm-control-plane-system
-spec:
-  ports:
-  - port: 443
-    targetPort: webhook-server
-  selector:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-    control-plane: controller-manager
-  name: capi-kubeadm-control-plane-controller-manager
-  namespace: capi-kubeadm-control-plane-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      cluster.x-k8s.io/provider: control-plane-kubeadm
-      control-plane: controller-manager
-  strategy: {}
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        cluster.x-k8s.io/provider: control-plane-kubeadm
-        control-plane: controller-manager
-    spec:
-      containers:
-      - args:
-        - --leader-elect
-        - --diagnostics-address=:8443
-        - --insecure-diagnostics=false
-        - --use-deprecated-infra-machine-naming=false
-        - --feature-gates=MachinePool=true,ClusterTopology=false,KubeadmBootstrapFormatIgnition=false
-        command:
-        - /manager
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.9.5
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: healthz
-        name: manager
-        ports:
-        - containerPort: 9443
-          name: webhook-server
-          protocol: TCP
-        - containerPort: 9440
-          name: healthz
-          protocol: TCP
-        - containerPort: 8443
-          name: metrics
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: healthz
-        resources: {}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsUser: 65532
-        terminationMessagePolicy: FallbackToLogsOnError
-        volumeMounts:
-        - mountPath: /tmp/k8s-webhook-server/serving-certs
-          name: cert
-          readOnly: true
-      securityContext:
-        runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: capi-kubeadm-control-plane-manager
-      terminationGracePeriodSeconds: 10
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-      volumes:
-      - name: cert
-        secret:
-          secretName: capi-kubeadm-control-plane-webhook-service-cert
-status: {}
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-mutating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-kubeadm-control-plane-webhook-service
-      namespace: capi-kubeadm-control-plane-system
-      path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - controlplane.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - kubeadmcontrolplanes
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-kubeadm-control-plane-webhook-service
-      namespace: capi-kubeadm-control-plane-system
-      path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
-  failurePolicy: Fail
-  name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - controlplane.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - kubeadmcontrolplanetemplates
-  sideEffects: None
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: control-plane-kubeadm
-    clusterctl.cluster.x-k8s.io: ""
-  name: capi-kubeadm-control-plane-validating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-kubeadm-control-plane-webhook-service
-      namespace: capi-kubeadm-control-plane-system
-      path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - controlplane.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - UPDATE
-    resources:
-    - kubeadmcontrolplanes/scale
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-kubeadm-control-plane-webhook-service
-      namespace: capi-kubeadm-control-plane-system
-      path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - controlplane.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - kubeadmcontrolplanes
-  sideEffects: None
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: capi-kubeadm-control-plane-webhook-service
-      namespace: capi-kubeadm-control-plane-system
-      path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
-  failurePolicy: Fail
-  name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - controlplane.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - kubeadmcontrolplanetemplates
-  sideEffects: None
diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack-resource-controller.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack-resource-controller.yaml
deleted file mode 100644
index d95f83e..0000000
--- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack-resource-controller.yaml
+++ /dev/null
@@ -1,888 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: orc
-    control-plane: controller-manager
-  name: orc-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.4
-  name: images.openstack.k-orc.cloud
-spec:
-  group: openstack.k-orc.cloud
-  names:
-    kind: Image
-    listKind: ImageList
-    plural: images
-    singular: image
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Resource ID
-      jsonPath: .status.id
-      name: ID
-      type: string
-    - description: Availability status of resource
-      jsonPath: .status.conditions[?(@.type=='Available')].status
-      name: Available
-      type: string
-    - description: Message describing current availability status
-      jsonPath: .status.conditions[?(@.type=='Available')].message
-      name: Message
-      type: string
-    - description: Time duration since creation
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: Image is the Schema for an ORC resource.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ImageSpec defines the desired state of an ORC object.
-            properties:
-              cloudCredentialsRef:
-                description: CloudCredentialsRef points to a secret containing OpenStack
-                  credentials
-                properties:
-                  cloudName:
-                    description: CloudName specifies the name of the entry in the
-                      clouds.yaml file to use.
-                    maxLength: 256
-                    minLength: 1
-                    type: string
-                  secretName:
-                    description: |-
-                      SecretName is the name of a secret in the same namespace as the resource being provisioned.
-                      The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
-                      The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
-                    maxLength: 253
-                    minLength: 1
-                    type: string
-                required:
-                - cloudName
-                - secretName
-                type: object
-              import:
-                description: |-
-                  Import refers to an existing OpenStack resource which will be imported instead of
-                  creating a new one.
-                maxProperties: 1
-                minProperties: 1
-                properties:
-                  filter:
-                    description: |-
-                      Filter contains a resource query which is expected to return a single
-                      result. The controller will continue to retry if filter returns no
-                      results. If filter returns multiple results the controller will set an
-                      error state and will not continue to retry.
-                    minProperties: 1
-                    properties:
-                      name:
-                        description: Name specifies the name of a Glance image
-                        maxLength: 1000
-                        minLength: 1
-                        type: string
-                    type: object
-                  id:
-                    description: |-
-                      ID contains the unique identifier of an existing OpenStack resource. Note
-                      that when specifying an import by ID, the resource MUST already exist.
-                      The ORC object will enter an error state if the resource does not exist.
-                    format: uuid
-                    type: string
-                type: object
-              managedOptions:
-                description: ManagedOptions specifies options which may be applied
-                  to managed objects.
-                properties:
-                  onDelete:
-                    default: delete
-                    description: |-
-                      OnDelete specifies the behaviour of the controller when the ORC
-                      object is deleted. Options are `delete` - delete the OpenStack resource;
-                      `detach` - do not delete the OpenStack resource. If not specified, the
-                      default is `delete`.
-                    enum:
-                    - delete
-                    - detach
-                    type: string
-                type: object
-              managementPolicy:
-                default: managed
-                description: |-
-                  ManagementPolicy defines how ORC will treat the object. Valid values are
-                  `managed`: ORC will create, update, and delete the resource; `unmanaged`:
-                  ORC will import an existing resource, and will not apply updates to it or
-                  delete it.
-                enum:
-                - managed
-                - unmanaged
-                type: string
-                x-kubernetes-validations:
-                - message: managementPolicy is immutable
-                  rule: self == oldSelf
-              resource:
-                description: |-
-                  Resource specifies the desired state of the resource.
-
-                  Resource may not be specified if the management policy is `unmanaged`.
-
-                  Resource must be specified if the management policy is `managed`.
-                properties:
-                  content:
-                    description: Content specifies how to obtain the image content.
-                    properties:
-                      containerFormat:
-                        default: bare
-                        description: |-
-                          ContainerFormat is the format of the image container.
-                          qcow2 and raw images do not usually have a container. This is specified as "bare", which is also the default.
-                          Permitted values are ami, ari, aki, bare, ovf, ova, and docker.
-                        enum:
-                        - ami
-                        - ari
-                        - aki
-                        - bare
-                        - ovf
-                        - ova
-                        - docker
-                        type: string
-                      diskFormat:
-                        description: |-
-                          DiskFormat is the format of the disk image.
-                          Normal values are "qcow2", or "raw". Glance may be configured to support others.
-                        enum:
-                        - ami
-                        - ari
-                        - aki
-                        - vhd
-                        - vhdx
-                        - vmdk
-                        - raw
-                        - qcow2
-                        - vdi
-                        - ploop
-                        - iso
-                        type: string
-                      download:
-                        description: |-
-                          Download describes how to obtain image data by downloading it from a URL.
-                          Must be set when creating a managed image.
-                        properties:
-                          decompress:
-                            description: |-
-                              Decompress specifies that the source data must be decompressed with the
-                              given compression algorithm before being stored. Specifying Decompress
-                              will disable the use of Glance's web-download, as web-download cannot
-                              currently deterministically decompress downloaded content.
-                            enum:
-                            - xz
-                            - gz
-                            - bz2
-                            type: string
-                          hash:
-                            description: |-
-                              Hash is a hash which will be used to verify downloaded data, i.e.
-                              before any decompression. If not specified, no hash verification will be
-                              performed. Specifying a Hash will disable the use of Glance's
-                              web-download, as web-download cannot currently deterministically verify
-                              the hash of downloaded content.
-                            properties:
-                              algorithm:
-                                description: Algorithm is the hash algorithm used
-                                  to generate value.
-                                enum:
-                                - md5
-                                - sha1
-                                - sha256
-                                - sha512
-                                type: string
-                              value:
-                                description: Value is the hash of the image data using
-                                  Algorithm. It must be hex encoded using lowercase
-                                  letters.
-                                maxLength: 1024
-                                minLength: 1
-                                pattern: ^[0-9a-f]+$
-                                type: string
-                            required:
-                            - algorithm
-                            - value
-                            type: object
-                            x-kubernetes-validations:
-                            - message: hash is immutable
-                              rule: self == oldSelf
-                          url:
-                            description: URL containing image data
-                            format: uri
-                            type: string
-                        required:
-                        - url
-                        type: object
-                    required:
-                    - diskFormat
-                    - download
-                    type: object
-                    x-kubernetes-validations:
-                    - message: content is immutable
-                      rule: self == oldSelf
-                  name:
-                    description: |-
-                      Name will be the name of the created Glance image. If not specified, the
-                      name of the Image object will be used.
-                    maxLength: 1024
-                    minLength: 1
-                    type: string
-                  properties:
-                    description: Properties is metadata available to consumers of
-                      the image
-                    properties:
-                      hardware:
-                        description: |-
-                          Hardware is a set of properties which control the virtual hardware
-                          created by Nova.
-                        properties:
-                          cdromBus:
-                            description: CDROMBus specifies the type of disk controller
-                              to attach CD-ROM devices to.
-                            enum:
-                            - scsi
-                            - virtio
-                            - uml
-                            - xen
-                            - ide
-                            - usb
-                            - lxc
-                            type: string
-                          cpuCores:
-                            description: CPUCores is the preferred number of cores
-                              to expose to the guest
-                            type: integer
-                          cpuPolicy:
-                            description: |-
-                              CPUPolicy is used to pin the virtual CPUs (vCPUs) of instances to the
-                              host's physical CPU cores (pCPUs). Host aggregates should be used to
-                              separate these pinned instances from unpinned instances as the latter
-                              will not respect the resourcing requirements of the former.
-
-                              Permitted values are shared (the default), and dedicated.
-
-                              shared: The guest vCPUs will be allowed to freely float across host
-                              pCPUs, albeit potentially constrained by NUMA policy.
-
-                              dedicated: The guest vCPUs will be strictly pinned to a set of host
-                              pCPUs. In the absence of an explicit vCPU topology request, the
-                              drivers typically expose all vCPUs as sockets with one core and one
-                              thread. When strict CPU pinning is in effect the guest CPU topology
-                              will be setup to match the topology of the CPUs to which it is
-                              pinned. This option implies an overcommit ratio of 1.0. For example,
-                              if a two vCPU guest is pinned to a single host core with two threads,
-                              then the guest will get a topology of one socket, one core, two
-                              threads.
-                            enum:
-                            - shared
-                            - dedicated
-                            type: string
-                          cpuSockets:
-                            description: CPUSockets is the preferred number of sockets
-                              to expose to the guest
-                            type: integer
-                          cpuThreadPolicy:
-                            description: |-
-                              CPUThreadPolicy further refines a CPUPolicy of 'dedicated' by stating
-                              how hardware CPU threads in a simultaneous multithreading-based (SMT)
-                              architecture be used. SMT-based architectures include Intel
-                              processors with Hyper-Threading technology. In these architectures,
-                              processor cores share a number of components with one or more other
-                              cores. Cores in such architectures are commonly referred to as
-                              hardware threads, while the cores that a given core share components
-                              with are known as thread siblings.
-
-                              Permitted values are prefer (the default), isolate, and require.
-
-                              prefer: The host may or may not have an SMT architecture. Where an
-                              SMT architecture is present, thread siblings are preferred.
-
-                              isolate: The host must not have an SMT architecture or must emulate a
-                              non-SMT architecture. If the host does not have an SMT architecture,
-                              each vCPU is placed on a different core as expected. If the host does
-                              have an SMT architecture - that is, one or more cores have thread
-                              siblings - then each vCPU is placed on a different physical core. No
-                              vCPUs from other guests are placed on the same core. All but one
-                              thread sibling on each utilized core is therefore guaranteed to be
-                              unusable.
-
-                              require: The host must have an SMT architecture. Each vCPU is
-                              allocated on thread siblings. If the host does not have an SMT
-                              architecture, then it is not used. If the host has an SMT
-                              architecture, but not enough cores with free thread siblings are
-                              available, then scheduling fails.
-                            enum:
-                            - prefer
-                            - isolate
-                            - require
-                            type: string
-                          cpuThreads:
-                            description: CPUThreads is the preferred number of threads
-                              to expose to the guest
-                            type: integer
-                          diskBus:
-                            description: DiskBus specifies the type of disk controller
-                              to attach disk devices to.
-                            enum:
-                            - scsi
-                            - virtio
-                            - uml
-                            - xen
-                            - ide
-                            - usb
-                            - lxc
-                            type: string
-                          scsiModel:
-                            description: |-
-                              SCSIModel enables the use of VirtIO SCSI (virtio-scsi) to provide
-                              block device access for compute instances; by default, instances use
-                              VirtIO Block (virtio-blk). VirtIO SCSI is a para-virtualized SCSI
-                              controller device that provides improved scalability and performance,
-                              and supports advanced SCSI hardware.
-
-                              The only permitted value is virtio-scsi.
-                            enum:
-                            - virtio-scsi
-                            type: string
-                          vifModel:
-                            description: |-
-                              VIFModel specifies the model of virtual network interface device to use.
-
-                              Permitted values are e1000, e1000e, ne2k_pci, pcnet, rtl8139, virtio,
-                              and vmxnet3.
-                            enum:
-                            - e1000
-                            - e1000e
-                            - ne2k_pci
-                            - pcnet
-                            - rtl8139
-                            - virtio
-                            - vmxnet3
-                            type: string
-                        type: object
-                      minDiskGB:
-                        description: MinDisk is the minimum amount of disk space in
-                          GB that is required to boot the image
-                        minimum: 1
-                        type: integer
-                      minMemoryMB:
-                        description: MinMemoryMB is the minimum amount of RAM in MB
-                          that is required to boot the image.
-                        minimum: 1
-                        type: integer
-                    type: object
-                  protected:
-                    description: |-
-                      Protected specifies that the image is protected from deletion.
-                      If not specified, the default is false.
-                    type: boolean
-                  tags:
-                    description: Tags is a list of tags which will be applied to the
-                      image. A tag has a maximum length of 255 characters.
-                    items:
-                      maxLength: 255
-                      minLength: 1
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  visibility:
-                    description: Visibility of the image
-                    enum:
-                    - public
-                    - private
-                    - shared
-                    - community
-                    type: string
-                    x-kubernetes-validations:
-                    - message: visibility is immutable
-                      rule: self == oldSelf
-                type: object
-                x-kubernetes-validations:
-                - message: name is immutable
-                  rule: 'has(self.name) ? self.name == oldSelf.name : !has(oldSelf.name)'
-                - message: name is immutable
-                  rule: 'has(self.protected) ? self.protected == oldSelf.protected
-                    : !has(oldSelf.protected)'
-                - message: tags is immutable
-                  rule: 'has(self.tags) ? self.tags == oldSelf.tags : !has(oldSelf.tags)'
-                - message: visibility is immutable
-                  rule: 'has(self.visibility) ? self.visibility == oldSelf.visibility
-                    : !has(oldSelf.visibility)'
-                - message: properties is immutable
-                  rule: 'has(self.properties) ? self.properties == oldSelf.properties
-                    : !has(oldSelf.properties)'
-            required:
-            - cloudCredentialsRef
-            type: object
-            x-kubernetes-validations:
-            - message: resource must be specified when policy is managed
-              rule: 'self.managementPolicy == ''managed'' ? has(self.resource) : true'
-            - message: import may not be specified when policy is managed
-              rule: 'self.managementPolicy == ''managed'' ? !has(self.__import__)
-                : true'
-            - message: resource may not be specified when policy is unmanaged
-              rule: 'self.managementPolicy == ''unmanaged'' ? !has(self.resource)
-                : true'
-            - message: import must be specified when policy is unmanaged
-              rule: 'self.managementPolicy == ''unmanaged'' ? has(self.__import__)
-                : true'
-            - message: managedOptions may only be provided when policy is managed
-              rule: 'has(self.managedOptions) ? self.managementPolicy == ''managed''
-                : true'
-            - message: resource content must be specified when not importing
-              rule: '!has(self.__import__) ? has(self.resource.content) : true'
-          status:
-            description: ImageStatus defines the observed state of an ORC resource.
-            properties:
-              conditions:
-                description: |-
-                  Conditions represents the observed status of the object.
-                  Known .status.conditions.type are: "Available", "Progressing"
-
-                  Available represents the availability of the OpenStack resource. If it is
-                  true then the resource is ready for use.
-
-                  Progressing indicates whether the controller is still attempting to
-                  reconcile the current state of the OpenStack resource to the desired
-                  state. Progressing will be False either because the desired state has
-                  been achieved, or because some terminal error prevents it from ever being
-                  achieved and the controller is no longer attempting to reconcile. If
-                  Progressing is True, an observer waiting on the resource should continue
-                  to wait.
-                items:
-                  description: Condition contains details for one aspect of the current
-                    state of this API Resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        message is a human readable message indicating details about the transition.
-                        This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        observedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: |-
-                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                        Producers of specific condition types may define expected values and meanings for this field,
-                        and whether the values are considered a guaranteed API.
-                        The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - type
-                x-kubernetes-list-type: map
-              downloadAttempts:
-                description: DownloadAttempts is the number of times the controller
-                  has attempted to download the image contents
-                type: integer
-              id:
-                description: ID is the unique identifier of the OpenStack resource.
-                type: string
-              resource:
-                description: Resource contains the observed state of the OpenStack
-                  resource.
-                properties:
-                  hash:
-                    description: |-
-                      Hash is the hash of the image data published by Glance. Note that this is
-                      a hash of the data stored internally by Glance, which will have been
-                      decompressed and potentially format converted depending on server-side
-                      configuration which is not visible to clients. It is expected that this
-                      hash will usually differ from the download hash.
-                    properties:
-                      algorithm:
-                        description: Algorithm is the hash algorithm used to generate
-                          value.
-                        enum:
-                        - md5
-                        - sha1
-                        - sha256
-                        - sha512
-                        type: string
-                      value:
-                        description: Value is the hash of the image data using Algorithm.
-                          It must be hex encoded using lowercase letters.
-                        maxLength: 1024
-                        minLength: 1
-                        pattern: ^[0-9a-f]+$
-                        type: string
-                    required:
-                    - algorithm
-                    - value
-                    type: object
-                  sizeB:
-                    description: SizeB is the size of the image data, in bytes
-                    format: int64
-                    type: integer
-                  status:
-                    description: Status is the image status as reported by Glance
-                    type: string
-                  virtualSizeB:
-                    description: VirtualSizeB is the size of the disk the image data
-                      represents, in bytes
-                    format: int64
-                    type: integer
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: orc
-  name: orc-controller-manager
-  namespace: orc-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: orc
-  name: orc-leader-election-role
-  namespace: orc-system
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: orc
-  name: orc-image-editor-role
-rules:
-- apiGroups:
-  - openstack.k-orc.cloud
-  resources:
-  - images
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - openstack.k-orc.cloud
-  resources:
-  - images/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: orc
-  name: orc-image-viewer-role
-rules:
-- apiGroups:
-  - openstack.k-orc.cloud
-  resources:
-  - images
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - openstack.k-orc.cloud
-  resources:
-  - images/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: orc-manager-role
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - openstack.k-orc.cloud
-  resources:
-  - images
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - openstack.k-orc.cloud
-  resources:
-  - images/status
-  verbs:
-  - get
-  - patch
-  - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: orc-metrics-auth-role
-rules:
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: orc-metrics-reader
-rules:
-- nonResourceURLs:
-  - /metrics
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: orc
-  name: orc-leader-election-rolebinding
-  namespace: orc-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: orc-leader-election-role
-subjects:
-- kind: ServiceAccount
-  name: orc-controller-manager
-  namespace: orc-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: orc
-  name: orc-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: orc-manager-role
-subjects:
-- kind: ServiceAccount
-  name: orc-controller-manager
-  namespace: orc-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: orc-metrics-auth-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: orc-metrics-auth-role
-subjects:
-- kind: ServiceAccount
-  name: orc-controller-manager
-  namespace: orc-system
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: orc
-    control-plane: controller-manager
-  name: orc-controller-manager-metrics-service
-  namespace: orc-system
-spec:
-  ports:
-  - name: https
-    port: 8443
-    protocol: TCP
-    targetPort: 8443
-  selector:
-    control-plane: controller-manager
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: orc
-    control-plane: controller-manager
-  name: orc-controller-manager
-  namespace: orc-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      control-plane: controller-manager
-  template:
-    metadata:
-      annotations:
-        kubectl.kubernetes.io/default-container: manager
-      labels:
-        control-plane: controller-manager
-    spec:
-      containers:
-      - args:
-        - --metrics-bind-address=:8443
-        - --leader-elect
-        - --health-probe-bind-address=:8081
-        command:
-        - /manager
-        image: quay.io/orc/openstack-resource-controller:v1.0.1
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        name: manager
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 10m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsUser: 65532
-        terminationMessagePolicy: FallbackToLogsOnError
-      securityContext:
-        runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: orc-controller-manager
-      terminationGracePeriodSeconds: 10
diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack.yaml
deleted file mode 100644
index 4f6a7e1..0000000
--- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack.yaml
+++ /dev/null
@@ -1,11668 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: restricted
-    pod-security.kubernetes.io/warn: restricted
-  name: capo-system
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-  name: capo-selfsigned-issuer
-  namespace: capo-system
-spec:
-  selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-  name: capo-serving-cert
-  namespace: capo-system
-spec:
-  dnsNames:
-  - capo-webhook-service.capo-system.svc
-  - capo-webhook-service.capo-system.svc.cluster.local
-  issuerRef:
-    kind: Issuer
-    name: capo-selfsigned-issuer
-  secretName: capo-webhook-service-cert
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.5
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: openstackclusters.infrastructure.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capo-webhook-service
-          namespace: capo-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: infrastructure.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: OpenStackCluster
-    listKind: OpenStackClusterList
-    plural: openstackclusters
-    shortNames:
-    - osc
-    singular: openstackcluster
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Cluster to which this OpenStackCluster belongs
-      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
-      name: Cluster
-      type: string
-    - description: Cluster infrastructure is ready for OpenStack instances
-      jsonPath: .status.ready
-      name: Ready
-      type: string
-    - description: Network the cluster is using
-      jsonPath: .status.network.id
-      name: Network
-      type: string
-    - description: API Endpoint
-      jsonPath: .spec.controlPlaneEndpoint.host
-      name: Endpoint
-      priority: 1
-      type: string
-    - description: Bastion address for breakglass access
-      jsonPath: .status.bastion.floatingIP
-      name: Bastion IP
-      type: string
-    - description: Time duration since creation of OpenStackCluster
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    deprecated: true
-    deprecationWarning: The v1alpha7 version of OpenStackCluster has been deprecated
-      and will be removed in a future release.
-    name: v1alpha7
-    schema:
-      openAPIV3Schema:
-        description: |-
-          OpenStackCluster is the Schema for the openstackclusters API.
-
-          Deprecated: v1alpha7.OpenStackCluster has been replaced by v1beta1.OpenStackCluster.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
-            properties:
-              allowAllInClusterTraffic:
-                description: |-
-                  AllowAllInClusterTraffic is only used when managed security groups are in use.
-                  If set to true, the rules for the managed security groups are configured so that all
-                  ingress and egress between cluster nodes is permitted, allowing CNIs other than
-                  Calico to be used.
-                type: boolean
-              apiServerFixedIP:
-                description: |-
-                  APIServerFixedIP is the fixed IP which will be associated with the API server.
-                  In the case where the API server has a floating IP but not a managed load balancer,
-                  this field is not used.
-                  If a managed load balancer is used and this field is not specified, a fixed IP will
-                  be dynamically allocated for the load balancer.
-                  If a managed load balancer is not used AND the API server floating IP is disabled,
-                  this field MUST be specified and should correspond to a pre-allocated port that
-                  holds the fixed IP to be used as a VIP.
-                type: string
-              apiServerFloatingIP:
-                description: |-
-                  APIServerFloatingIP is the floatingIP which will be associated with the API server.
-                  The floatingIP will be created if it does not already exist.
-                  If not specified, a new floatingIP is allocated.
-                  This field is not used if DisableAPIServerFloatingIP is set to true.
-                type: string
-              apiServerLoadBalancer:
-                description: |-
-                  APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
-                  It must be activated by setting `enabled: true`.
-                properties:
-                  additionalPorts:
-                    description: AdditionalPorts adds additional tcp ports to the
-                      load balancer.
-                    items:
-                      type: integer
-                    type: array
-                  allowedCidrs:
-                    description: AllowedCIDRs restrict access to all API-Server listeners
-                      to the given address CIDRs.
-                    items:
-                      type: string
-                    type: array
-                  enabled:
-                    description: Enabled defines whether a load balancer should be
-                      created.
-                    type: boolean
-                  provider:
-                    description: Octavia Provider Used to create load balancer
-                    type: string
-                type: object
-              apiServerPort:
-                description: |-
-                  APIServerPort is the port on which the listener on the APIServer
-                  will be created
-                type: integer
-              bastion:
-                description: |-
-                  Bastion is the OpenStack instance to login the nodes
-
-                  As a rolling update is not ideal during a bastion host session, we
-                  prevent changes to a running bastion configuration. Set `enabled: false` to
-                  make changes.
-                properties:
-                  availabilityZone:
-                    type: string
-                  enabled:
-                    type: boolean
-                  instance:
-                    description: Instance for the bastion itself
-                    properties:
-                      additionalBlockDevices:
-                        description: AdditionalBlockDevices is a list of specifications
-                          for additional block devices to attach to the server instance
-                        items:
-                          description: AdditionalBlockDevice is a block device to
-                            attach to the server.
-                          properties:
-                            name:
-                              description: |-
-                                Name of the block device in the context of a machine.
-                                If the block device is a volume, the Cinder volume will be named
-                                as a combination of the machine name and this name.
-                                Also, this name will be used for tagging the block device.
-                                Information about the block device tag can be obtained from the OpenStack
-                                metadata API or the config drive.
-                              type: string
-                            sizeGiB:
-                              description: SizeGiB is the size of the block device
-                                in gibibytes (GiB).
-                              type: integer
-                            storage:
-                              description: |-
-                                Storage specifies the storage type of the block device and
-                                additional storage options.
-                              properties:
-                                type:
-                                  description: |-
-                                    Type is the type of block device to create.
-                                    This can be either "Volume" or "Local".
-                                  type: string
-                                volume:
-                                  description: Volume contains additional storage
-                                    options for a volume block device.
-                                  properties:
-                                    availabilityZone:
-                                      description: |-
-                                        AvailabilityZone is the volume availability zone to create the volume in.
-                                        If omitted, the availability zone of the server will be used.
-                                        The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
-                                        to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
-                                        further information.
-                                      type: string
-                                    type:
-                                      description: |-
-                                        Type is the Cinder volume type of the volume.
-                                        If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                        will be used.
-                                      type: string
-                                  type: object
-                              required:
-                              - type
-                              type: object
-                          required:
-                          - name
-                          - sizeGiB
-                          - storage
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - name
-                        x-kubernetes-list-type: map
-                      cloudName:
-                        description: The name of the cloud to use from the clouds
-                          secret
-                        type: string
-                      configDrive:
-                        description: Config Drive support
-                        type: boolean
-                      flavor:
-                        description: The flavor reference for the flavor for your
-                          server instance.
-                        minLength: 1
-                        type: string
-                      flavorID:
-                        description: |-
-                          FlavorID allows flavors to be specified by ID.  This field takes precedence
-                          over Flavor.
-                        minLength: 1
-                        type: string
-                      floatingIP:
-                        description: |-
-                          The floatingIP which will be associated to the machine, only used for master.
-                          The floatingIP should have been created and haven't been associated.
-                        type: string
-                      identityRef:
-                        description: |-
-                          IdentityRef is a reference to a identity to be used when reconciling this cluster.
-                          If not specified, the identity ref of the cluster will be used instead.
-                        properties:
-                          kind:
-                            description: |-
-                              Kind of the identity. Must be supported by the infrastructure
-                              provider and may be either cluster or namespace-scoped.
-                            minLength: 1
-                            type: string
-                          name:
-                            description: |-
-                              Name of the infrastructure identity to be used.
-                              Must be either a cluster-scoped resource, or namespaced-scoped
-                              resource the same namespace as the resource(s) being provisioned.
-                            type: string
-                        required:
-                        - kind
-                        - name
-                        type: object
-                      image:
-                        description: |-
-                          The name of the image to use for your server instance.
-                          If the RootVolume is specified, this will be ignored and use rootVolume directly.
-                        type: string
-                      imageUUID:
-                        description: |-
-                          The uuid of the image to use for your server instance.
-                          if it's empty, Image name will be used
-                        type: string
-                      instanceID:
-                        description: InstanceID is the OpenStack instance ID for this
-                          machine.
-                        type: string
-                      ports:
-                        description: |-
-                          Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
-                          If not specified a default port will be added for the default cluster network.
-                        items:
-                          properties:
-                            adminStateUp:
-                              type: boolean
-                            allowedAddressPairs:
-                              items:
-                                properties:
-                                  ipAddress:
-                                    type: string
-                                  macAddress:
-                                    type: string
-                                type: object
-                              type: array
-                            description:
-                              type: string
-                            disablePortSecurity:
-                              description: |-
-                                DisablePortSecurity enables or disables the port security when set.
-                                When not set, it takes the value of the corresponding field at the network level.
-                              type: boolean
-                            fixedIPs:
-                              description: Specify pairs of subnet and/or IP address.
-                                These should be subnets of the network with the given
-                                NetworkID.
-                              items:
-                                properties:
-                                  ipAddress:
-                                    type: string
-                                  subnet:
-                                    description: |-
-                                      Subnet is an openstack subnet query that will return the id of a subnet to create
-                                      the fixed IP of a port in. This query must not return more than one subnet.
-                                    properties:
-                                      cidr:
-                                        type: string
-                                      description:
-                                        type: string
-                                      gateway_ip:
-                                        type: string
-                                      id:
-                                        type: string
-                                      ipVersion:
-                                        type: integer
-                                      ipv6AddressMode:
-                                        type: string
-                                      ipv6RaMode:
-                                        type: string
-                                      name:
-                                        type: string
-                                      notTags:
-                                        type: string
-                                      notTagsAny:
-                                        type: string
-                                      projectId:
-                                        type: string
-                                      tags:
-                                        type: string
-                                      tagsAny:
-                                        type: string
-                                    type: object
-                                required:
-                                - subnet
-                                type: object
-                              type: array
-                            hostId:
-                              description: The ID of the host where the port is allocated
-                              type: string
-                            macAddress:
-                              type: string
-                            nameSuffix:
-                              description: Used to make the name of the port unique.
-                                If unspecified, instead the 0-based index of the port
-                                in the list is used.
-                              type: string
-                            network:
-                              description: |-
-                                Network is a query for an openstack network that the port will be created or discovered on.
-                                This will fail if the query returns more than one network.
-                              properties:
-                                description:
-                                  type: string
-                                id:
-                                  type: string
-                                name:
-                                  type: string
-                                notTags:
-                                  type: string
-                                notTagsAny:
-                                  type: string
-                                projectId:
-                                  type: string
-                                tags:
-                                  type: string
-                                tagsAny:
-                                  type: string
-                              type: object
-                            profile:
-                              description: |-
-                                Profile is a set of key-value pairs that are used for binding details.
-                                We intentionally don't expose this as a map[string]string because we only want to enable
-                                the users to set the values of the keys that are known to work in OpenStack Networking API.
-                                See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                              properties:
-                                ovsHWOffload:
-                                  description: OVSHWOffload enables or disables the
-                                    OVS hardware offload feature.
-                                  type: boolean
-                                trustedVF:
-                                  description: TrustedVF enables or disables the “trusted
-                                    mode” for the VF.
-                                  type: boolean
-                              type: object
-                            propagateUplinkStatus:
-                              description: PropageteUplinkStatus enables or disables
-                                the propagate uplink status on the port.
-                              type: boolean
-                            securityGroupFilters:
-                              description: The names, uuids, filters or any combination
-                                these of the security groups to assign to the instance
-                              items:
-                                properties:
-                                  description:
-                                    type: string
-                                  id:
-                                    type: string
-                                  name:
-                                    type: string
-                                  notTags:
-                                    type: string
-                                  notTagsAny:
-                                    type: string
-                                  projectId:
-                                    type: string
-                                  tags:
-                                    type: string
-                                  tagsAny:
-                                    type: string
-                                type: object
-                              type: array
-                            tags:
-                              description: |-
-                                Tags applied to the port (and corresponding trunk, if a trunk is configured.)
-                                These tags are applied in addition to the instance's tags, which will also be applied to the port.
-                              items:
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            trunk:
-                              description: Enables and disables trunk at port level.
-                                If not provided, openStackMachine.Spec.Trunk is inherited.
-                              type: boolean
-                            valueSpecs:
-                              description: |-
-                                Value specs are extra parameters to include in the API request with OpenStack.
-                                This is an extension point for the API, so what they do and if they are supported,
-                                depends on the specific OpenStack implementation.
-                              items:
-                                description: ValueSpec represents a single value_spec
-                                  key-value pair.
-                                properties:
-                                  key:
-                                    description: Key is the key in the key-value pair.
-                                    type: string
-                                  name:
-                                    description: |-
-                                      Name is the name of the key-value pair.
-                                      This is just for identifying the pair and will not be sent to the OpenStack API.
-                                    type: string
-                                  value:
-                                    description: Value is the value in the key-value
-                                      pair.
-                                    type: string
-                                required:
-                                - key
-                                - name
-                                - value
-                                type: object
-                              type: array
-                              x-kubernetes-list-map-keys:
-                              - name
-                              x-kubernetes-list-type: map
-                            vnicType:
-                              description: The virtual network interface card (vNIC)
-                                type that is bound to the neutron port.
-                              type: string
-                          type: object
-                        type: array
-                      providerID:
-                        description: ProviderID is the unique identifier as specified
-                          by the cloud provider.
-                        type: string
-                      rootVolume:
-                        description: The volume metadata to boot from
-                        properties:
-                          availabilityZone:
-                            type: string
-                          diskSize:
-                            type: integer
-                          volumeType:
-                            type: string
-                        type: object
-                      securityGroups:
-                        description: The names of the security groups to assign to
-                          the instance
-                        items:
-                          properties:
-                            description:
-                              type: string
-                            id:
-                              type: string
-                            name:
-                              type: string
-                            notTags:
-                              type: string
-                            notTagsAny:
-                              type: string
-                            projectId:
-                              type: string
-                            tags:
-                              type: string
-                            tagsAny:
-                              type: string
-                          type: object
-                        type: array
-                      serverGroupID:
-                        description: The server group to assign the machine to
-                        type: string
-                      serverMetadata:
-                        additionalProperties:
-                          type: string
-                        description: Metadata mapping. Allows you to create a map
-                          of key value pairs to add to the server instance.
-                        type: object
-                      sshKeyName:
-                        description: The ssh key to inject in the instance
-                        type: string
-                      tags:
-                        description: |-
-                          Machine tags
-                          Requires Nova api 2.52 minimum!
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      trunk:
-                        description: Whether the server instance is created on a trunk
-                          port or not.
-                        type: boolean
-                    type: object
-                type: object
-              cloudName:
-                description: The name of the cloud to use from the clouds secret
-                type: string
-              controlPlaneAvailabilityZones:
-                description: ControlPlaneAvailabilityZones is the az to deploy control
-                  plane to
-                items:
-                  type: string
-                type: array
-                x-kubernetes-list-type: set
-              controlPlaneEndpoint:
-                description: ControlPlaneEndpoint represents the endpoint used to
-                  communicate with the control plane.
-                properties:
-                  host:
-                    description: The hostname on which the API server is serving.
-                    type: string
-                  port:
-                    description: The port on which the API server is serving.
-                    format: int32
-                    type: integer
-                required:
-                - host
-                - port
-                type: object
-              controlPlaneOmitAvailabilityZone:
-                description: |-
-                  Indicates whether to omit the az for control plane nodes, allowing the Nova scheduler
-                  to make a decision on which az to use based on other scheduling constraints
-                type: boolean
-              disableAPIServerFloatingIP:
-                description: |-
-                  DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
-                  IP to the API server. This allows for the creation of clusters when attaching a floating
-                  IP to the API server (and hence, in many cases, exposing the API server to the internet)
-                  is not possible or desirable, e.g. if using a shared VLAN for communication between
-                  management and workload clusters or when the management cluster is inside the
-                  project network.
-                  This option requires that the API server use a VIP on the cluster network so that the
-                  underlying machines can change without changing ControlPlaneEndpoint.Host.
-                  When using a managed load balancer, this VIP will be managed automatically.
-                  If not using a managed load balancer, cluster configuration will fail without additional
-                  configuration to manage the VIP on the control plane machines, which falls outside of
-                  the scope of this controller.
-                type: boolean
-              disablePortSecurity:
-                description: |-
-                  DisablePortSecurity disables the port security of the network created for the
-                  Kubernetes cluster, which also disables SecurityGroups
-                type: boolean
-              dnsNameservers:
-                description: |-
-                  DNSNameservers is the list of nameservers for OpenStack Subnet being created.
-                  Set this value when you need create a new network/subnet while the access
-                  through DNS is required.
-                items:
-                  type: string
-                type: array
-                x-kubernetes-list-type: set
-              externalNetworkId:
-                description: |-
-                  ExternalNetworkID is the ID of an external OpenStack Network. This is necessary
-                  to get public internet to the VMs.
-                type: string
-              externalRouterIPs:
-                description: |-
-                  ExternalRouterIPs is an array of externalIPs on the respective subnets.
-                  This is necessary if the router needs a fixed ip in a specific subnet.
-                items:
-                  properties:
-                    fixedIP:
-                      description: The FixedIP in the corresponding subnet
-                      type: string
-                    subnet:
-                      description: The subnet in which the FixedIP is used for the
-                        Gateway of this router
-                      properties:
-                        cidr:
-                          type: string
-                        description:
-                          type: string
-                        gateway_ip:
-                          type: string
-                        id:
-                          type: string
-                        ipVersion:
-                          type: integer
-                        ipv6AddressMode:
-                          type: string
-                        ipv6RaMode:
-                          type: string
-                        name:
-                          type: string
-                        notTags:
-                          type: string
-                        notTagsAny:
-                          type: string
-                        projectId:
-                          type: string
-                        tags:
-                          type: string
-                        tagsAny:
-                          type: string
-                      type: object
-                  required:
-                  - subnet
-                  type: object
-                type: array
-              identityRef:
-                description: IdentityRef is a reference to a identity to be used when
-                  reconciling this cluster
-                properties:
-                  kind:
-                    description: |-
-                      Kind of the identity. Must be supported by the infrastructure
-                      provider and may be either cluster or namespace-scoped.
-                    minLength: 1
-                    type: string
-                  name:
-                    description: |-
-                      Name of the infrastructure identity to be used.
-                      Must be either a cluster-scoped resource, or namespaced-scoped
-                      resource the same namespace as the resource(s) being provisioned.
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-              managedSecurityGroups:
-                description: |-
-                  ManagedSecurityGroups determines whether OpenStack security groups for the cluster
-                  will be managed by the OpenStack provider or whether pre-existing security groups will
-                  be specified as part of the configuration.
-                  By default, the managed security groups have rules that allow the Kubelet, etcd, the
-                  Kubernetes API server and the Calico CNI plugin to function correctly.
-                type: boolean
-              network:
-                description: If NodeCIDR cannot be set this can be used to detect
-                  an existing network.
-                properties:
-                  description:
-                    type: string
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  notTags:
-                    type: string
-                  notTagsAny:
-                    type: string
-                  projectId:
-                    type: string
-                  tags:
-                    type: string
-                  tagsAny:
-                    type: string
-                type: object
-              networkMtu:
-                description: |-
-                  NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
-                  This value will be used only if the Cluster actuator creates the network.
-                  If leaved empty, the network will have the default MTU defined in Openstack network service.
-                  To use this field, the Openstack installation requires the net-mtu neutron API extension.
-                type: integer
-              nodeCidr:
-                description: |-
-                  NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a
-                  network, a subnet with NodeCIDR, and a router connected to this subnet.
-                  If you leave this empty, no network will be created.
-                type: string
-              router:
-                description: |-
-                  If NodeCIDR is set this option can be used to detect an existing router.
-                  If specified, no new router will be created.
-                properties:
-                  description:
-                    type: string
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  notTags:
-                    type: string
-                  notTagsAny:
-                    type: string
-                  projectId:
-                    type: string
-                  tags:
-                    type: string
-                  tagsAny:
-                    type: string
-                type: object
-              subnet:
-                description: If NodeCIDR cannot be set this can be used to detect
-                  an existing subnet.
-                properties:
-                  cidr:
-                    type: string
-                  description:
-                    type: string
-                  gateway_ip:
-                    type: string
-                  id:
-                    type: string
-                  ipVersion:
-                    type: integer
-                  ipv6AddressMode:
-                    type: string
-                  ipv6RaMode:
-                    type: string
-                  name:
-                    type: string
-                  notTags:
-                    type: string
-                  notTagsAny:
-                    type: string
-                  projectId:
-                    type: string
-                  tags:
-                    type: string
-                  tagsAny:
-                    type: string
-                type: object
-              tags:
-                description: Tags for all resources in cluster
-                items:
-                  type: string
-                type: array
-                x-kubernetes-list-type: set
-            type: object
-          status:
-            description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
-            properties:
-              apiServerLoadBalancer:
-                description: APIServerLoadBalancer describes the api server load balancer
-                  if one exists
-                properties:
-                  allowedCIDRs:
-                    items:
-                      type: string
-                    type: array
-                  id:
-                    type: string
-                  internalIP:
-                    type: string
-                  ip:
-                    type: string
-                  name:
-                    type: string
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - id
-                - internalIP
-                - ip
-                - name
-                type: object
-              bastion:
-                properties:
-                  floatingIP:
-                    type: string
-                  id:
-                    type: string
-                  ip:
-                    type: string
-                  name:
-                    type: string
-                  sshKeyName:
-                    type: string
-                  state:
-                    description: InstanceState describes the state of an OpenStack
-                      instance.
-                    type: string
-                type: object
-              bastionSecurityGroup:
-                description: |-
-                  SecurityGroup represents the basic information of the associated
-                  OpenStack Neutron Security Group.
-                properties:
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  rules:
-                    items:
-                      description: |-
-                        SecurityGroupRule represent the basic information of the associated OpenStack
-                        Security Group Role.
-                      properties:
-                        description:
-                          type: string
-                        direction:
-                          type: string
-                        etherType:
-                          type: string
-                        name:
-                          type: string
-                        portRangeMax:
-                          type: integer
-                        portRangeMin:
-                          type: integer
-                        protocol:
-                          type: string
-                        remoteGroupID:
-                          type: string
-                        remoteIPPrefix:
-                          type: string
-                        securityGroupID:
-                          type: string
-                      required:
-                      - description
-                      - direction
-                      - etherType
-                      - name
-                      - portRangeMax
-                      - portRangeMin
-                      - protocol
-                      - remoteGroupID
-                      - remoteIPPrefix
-                      - securityGroupID
-                      type: object
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-              controlPlaneSecurityGroup:
-                description: |-
-                  ControlPlaneSecurityGroups contains all the information about the OpenStack
-                  Security Group that needs to be applied to control plane nodes.
-                properties:
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  rules:
-                    items:
-                      description: |-
-                        SecurityGroupRule represent the basic information of the associated OpenStack
-                        Security Group Role.
-                      properties:
-                        description:
-                          type: string
-                        direction:
-                          type: string
-                        etherType:
-                          type: string
-                        name:
-                          type: string
-                        portRangeMax:
-                          type: integer
-                        portRangeMin:
-                          type: integer
-                        protocol:
-                          type: string
-                        remoteGroupID:
-                          type: string
-                        remoteIPPrefix:
-                          type: string
-                        securityGroupID:
-                          type: string
-                      required:
-                      - description
-                      - direction
-                      - etherType
-                      - name
-                      - portRangeMax
-                      - portRangeMin
-                      - protocol
-                      - remoteGroupID
-                      - remoteIPPrefix
-                      - securityGroupID
-                      type: object
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-              externalNetwork:
-                description: externalNetwork contains information about the external
-                  network used for default ingress and egress traffic.
-                properties:
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-              failureDomains:
-                additionalProperties:
-                  description: |-
-                    FailureDomainSpec is the Schema for Cluster API failure domains.
-                    It allows controllers to understand how many failure domains a cluster can optionally span across.
-                  properties:
-                    attributes:
-                      additionalProperties:
-                        type: string
-                      description: attributes is a free form map of attributes an
-                        infrastructure provider might use or require.
-                      type: object
-                    controlPlane:
-                      description: controlPlane determines if this failure domain
-                        is suitable for use by control plane machines.
-                      type: boolean
-                  type: object
-                description: FailureDomains represent OpenStack availability zones
-                type: object
-              failureMessage:
-                description: |-
-                  FailureMessage will be set in the event that there is a terminal problem
-                  reconciling the OpenStackCluster and will contain a more verbose string suitable
-                  for logging and human consumption.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the OpenStackCluster's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of
-                  OpenStackClusters can be added as events to the OpenStackCluster object
-                  and/or logged in the controller's output.
-                type: string
-              failureReason:
-                description: |-
-                  FailureReason will be set in the event that there is a terminal problem
-                  reconciling the OpenStackCluster and will contain a succinct value suitable
-                  for machine interpretation.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the OpenStackCluster's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of
-                  OpenStackClusters can be added as events to the OpenStackCluster object
-                  and/or logged in the controller's output.
-                type: string
-              network:
-                description: Network contains information about the created OpenStack
-                  Network.
-                properties:
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  subnets:
-                    description: Subnets is a list of subnets associated with the
-                      default cluster network. Machines which use the default cluster
-                      network will get an address from all of these subnets.
-                    items:
-                      description: Subnet represents basic information about the associated
-                        OpenStack Neutron Subnet.
-                      properties:
-                        cidr:
-                          type: string
-                        id:
-                          type: string
-                        name:
-                          type: string
-                        tags:
-                          items:
-                            type: string
-                          type: array
-                      required:
-                      - cidr
-                      - id
-                      - name
-                      type: object
-                    type: array
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-              ready:
-                type: boolean
-              router:
-                description: Router describes the default cluster router
-                properties:
-                  id:
-                    type: string
-                  ips:
-                    items:
-                      type: string
-                    type: array
-                  name:
-                    type: string
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-              workerSecurityGroup:
-                description: |-
-                  WorkerSecurityGroup contains all the information about the OpenStack Security
-                  Group that needs to be applied to worker nodes.
-                properties:
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  rules:
-                    items:
-                      description: |-
-                        SecurityGroupRule represent the basic information of the associated OpenStack
-                        Security Group Role.
-                      properties:
-                        description:
-                          type: string
-                        direction:
-                          type: string
-                        etherType:
-                          type: string
-                        name:
-                          type: string
-                        portRangeMax:
-                          type: integer
-                        portRangeMin:
-                          type: integer
-                        protocol:
-                          type: string
-                        remoteGroupID:
-                          type: string
-                        remoteIPPrefix:
-                          type: string
-                        securityGroupID:
-                          type: string
-                      required:
-                      - description
-                      - direction
-                      - etherType
-                      - name
-                      - portRangeMax
-                      - portRangeMin
-                      - protocol
-                      - remoteGroupID
-                      - remoteIPPrefix
-                      - securityGroupID
-                      type: object
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-            required:
-            - ready
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster to which this OpenStackCluster belongs
-      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
-      name: Cluster
-      type: string
-    - description: Cluster infrastructure is ready for OpenStack instances
-      jsonPath: .status.ready
-      name: Ready
-      type: string
-    - description: Network the cluster is using
-      jsonPath: .status.network.id
-      name: Network
-      type: string
-    - description: API Endpoint
-      jsonPath: .spec.controlPlaneEndpoint.host
-      name: Endpoint
-      priority: 1
-      type: string
-    - description: Bastion address for breakglass access
-      jsonPath: .status.bastion.floatingIP
-      name: Bastion IP
-      type: string
-    - description: Time duration since creation of OpenStackCluster
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: OpenStackCluster is the Schema for the openstackclusters API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
-            properties:
-              apiServerFixedIP:
-                description: |-
-                  APIServerFixedIP is the fixed IP which will be associated with the API server.
-                  In the case where the API server has a floating IP but not a managed load balancer,
-                  this field is not used.
-                  If a managed load balancer is used and this field is not specified, a fixed IP will
-                  be dynamically allocated for the load balancer.
-                  If a managed load balancer is not used AND the API server floating IP is disabled,
-                  this field MUST be specified and should correspond to a pre-allocated port that
-                  holds the fixed IP to be used as a VIP.
-                type: string
-              apiServerFloatingIP:
-                description: |-
-                  APIServerFloatingIP is the floatingIP which will be associated with the API server.
-                  The floatingIP will be created if it does not already exist.
-                  If not specified, a new floatingIP is allocated.
-                  This field is not used if DisableAPIServerFloatingIP is set to true.
-                type: string
-              apiServerLoadBalancer:
-                description: |-
-                  APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
-                  If not specified, no load balancer will be created for the API server.
-                properties:
-                  additionalPorts:
-                    description: AdditionalPorts adds additional tcp ports to the
-                      load balancer.
-                    items:
-                      type: integer
-                    type: array
-                    x-kubernetes-list-type: set
-                  allowedCIDRs:
-                    description: AllowedCIDRs restrict access to all API-Server listeners
-                      to the given address CIDRs.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  availabilityZone:
-                    description: AvailabilityZone is the failure domain that will
-                      be used to create the APIServerLoadBalancer Spec.
-                    type: string
-                  enabled:
-                    default: true
-                    description: |-
-                      Enabled defines whether a load balancer should be created. This value
-                      defaults to true if an APIServerLoadBalancer is given.
-
-                      There is no reason to set this to false. To disable creation of the
-                      API server loadbalancer, omit the APIServerLoadBalancer field in the
-                      cluster spec instead.
-                    type: boolean
-                  flavor:
-                    description: Flavor is the flavor name that will be used to create
-                      the APIServerLoadBalancer Spec.
-                    type: string
-                  network:
-                    description: Network defines which network should the load balancer
-                      be allocated on.
-                    maxProperties: 1
-                    minProperties: 1
-                    properties:
-                      filter:
-                        description: Filter specifies a filter to select an OpenStack
-                          network. If provided, cannot be empty.
-                        minProperties: 1
-                        properties:
-                          description:
-                            type: string
-                          name:
-                            type: string
-                          notTags:
-                            description: |-
-                              NotTags is a list of tags to filter by. If specified, resources which
-                              contain all of the given tags will be excluded from the result.
-                            items:
-                              description: |-
-                                NeutronTag represents a tag on a Neutron resource.
-                                It may not be empty and may not contain commas.
-                              minLength: 1
-                              pattern: ^[^,]+$
-                              type: string
-                            type: array
-                            x-kubernetes-list-type: set
-                          notTagsAny:
-                            description: |-
-                              NotTagsAny is a list of tags to filter by. If specified, resources
-                              which contain any of the given tags will be excluded from the result.
-                            items:
-                              description: |-
-                                NeutronTag represents a tag on a Neutron resource.
-                                It may not be empty and may not contain commas.
-                              minLength: 1
-                              pattern: ^[^,]+$
-                              type: string
-                            type: array
-                            x-kubernetes-list-type: set
-                          projectID:
-                            type: string
-                          tags:
-                            description: |-
-                              Tags is a list of tags to filter by. If specified, the resource must
-                              have all of the tags specified to be included in the result.
-                            items:
-                              description: |-
-                                NeutronTag represents a tag on a Neutron resource.
-                                It may not be empty and may not contain commas.
-                              minLength: 1
-                              pattern: ^[^,]+$
-                              type: string
-                            type: array
-                            x-kubernetes-list-type: set
-                          tagsAny:
-                            description: |-
-                              TagsAny is a list of tags to filter by. If specified, the resource
-                              must have at least one of the tags specified to be included in the
-                              result.
-                            items:
-                              description: |-
-                                NeutronTag represents a tag on a Neutron resource.
-                                It may not be empty and may not contain commas.
-                              minLength: 1
-                              pattern: ^[^,]+$
-                              type: string
-                            type: array
-                            x-kubernetes-list-type: set
-                        type: object
-                      id:
-                        description: ID is the ID of the network to use. If ID is
-                          provided, the other filters cannot be provided. Must be
-                          in UUID format.
-                        format: uuid
-                        type: string
-                    type: object
-                  provider:
-                    description: |-
-                      Provider specifies name of a specific Octavia provider to use for the
-                      API load balancer. The Octavia default will be used if it is not
-                      specified.
-                    type: string
-                  subnets:
-                    description: |-
-                      Subnets define which subnets should the load balancer be allocated on.
-                      It is expected that subnets are located on the network specified in this resource.
-                      Only the first element is taken into account.
-                      kubebuilder:validation:MaxLength:=2
-                    items:
-                      description: SubnetParam specifies an OpenStack subnet to use.
-                        It may be specified by either ID or filter, but not both.
-                      maxProperties: 1
-                      minProperties: 1
-                      properties:
-                        filter:
-                          description: Filter specifies a filter to select the subnet.
-                            It must match exactly one subnet.
-                          minProperties: 1
-                          properties:
-                            cidr:
-                              type: string
-                            description:
-                              type: string
-                            gatewayIP:
-                              type: string
-                            ipVersion:
-                              type: integer
-                            ipv6AddressMode:
-                              type: string
-                            ipv6RAMode:
-                              type: string
-                            name:
-                              type: string
-                            notTags:
-                              description: |-
-                                NotTags is a list of tags to filter by. If specified, resources which
-                                contain all of the given tags will be excluded from the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            notTagsAny:
-                              description: |-
-                                NotTagsAny is a list of tags to filter by. If specified, resources
-                                which contain any of the given tags will be excluded from the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            projectID:
-                              type: string
-                            tags:
-                              description: |-
-                                Tags is a list of tags to filter by. If specified, the resource must
-                                have all of the tags specified to be included in the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            tagsAny:
-                              description: |-
-                                TagsAny is a list of tags to filter by. If specified, the resource
-                                must have at least one of the tags specified to be included in the
-                                result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                          type: object
-                        id:
-                          description: ID is the uuid of the subnet. It will not be
-                            validated.
-                          format: uuid
-                          type: string
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                required:
-                - enabled
-                type: object
-              apiServerPort:
-                description: |-
-                  APIServerPort is the port on which the listener on the APIServer
-                  will be created. If specified, it must be an integer between 0 and 65535.
-                maximum: 65535
-                minimum: 0
-                type: integer
-              bastion:
-                description: |-
-                  Bastion is the OpenStack instance to login the nodes
-
-                  As a rolling update is not ideal during a bastion host session, we
-                  prevent changes to a running bastion configuration. To make changes, it's required
-                  to first set `enabled: false` which will remove the bastion and then changes can be made.
-                properties:
-                  availabilityZone:
-                    description: AvailabilityZone is the failure domain that will
-                      be used to create the Bastion Spec.
-                    type: string
-                  enabled:
-                    default: true
-                    description: |-
-                      Enabled means that bastion is enabled. The bastion is enabled by
-                      default if this field is not specified. Set this field to false to disable the
-                      bastion.
-
-                      It is not currently possible to remove the bastion from the cluster
-                      spec without first disabling it by setting this field to false and
-                      waiting until the bastion has been deleted.
-                    type: boolean
-                  floatingIP:
-                    description: |-
-                      FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID.
-                      The floating IP should already exist and should not be associated with a port. If FIP of this address does not
-                      exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so.
-                    format: ipv4
-                    type: string
-                  spec:
-                    description: Spec for the bastion itself
-                    properties:
-                      additionalBlockDevices:
-                        description: AdditionalBlockDevices is a list of specifications
-                          for additional block devices to attach to the server instance
-                        items:
-                          description: AdditionalBlockDevice is a block device to
-                            attach to the server.
-                          properties:
-                            name:
-                              description: |-
-                                Name of the block device in the context of a machine.
-                                If the block device is a volume, the Cinder volume will be named
-                                as a combination of the machine name and this name.
-                                Also, this name will be used for tagging the block device.
-                                Information about the block device tag can be obtained from the OpenStack
-                                metadata API or the config drive.
-                                Name cannot be 'root', which is reserved for the root volume.
-                              type: string
-                            sizeGiB:
-                              description: SizeGiB is the size of the block device
-                                in gibibytes (GiB).
-                              minimum: 1
-                              type: integer
-                            storage:
-                              description: |-
-                                Storage specifies the storage type of the block device and
-                                additional storage options.
-                              properties:
-                                type:
-                                  description: |-
-                                    Type is the type of block device to create.
-                                    This can be either "Volume" or "Local".
-                                  type: string
-                                volume:
-                                  description: Volume contains additional storage
-                                    options for a volume block device.
-                                  properties:
-                                    availabilityZone:
-                                      description: |-
-                                        AvailabilityZone is the volume availability zone to create the volume
-                                        in. If not specified, the volume will be created without an explicit
-                                        availability zone.
-                                      properties:
-                                        from:
-                                          default: Name
-                                          description: |-
-                                            From specifies where we will obtain the availability zone for the
-                                            volume. The options are "Name" and "Machine". If "Name" is specified
-                                            then the Name field must also be specified. If "Machine" is specified
-                                            the volume will use the value of FailureDomain, if any, from the
-                                            associated Machine.
-                                          enum:
-                                          - Name
-                                          - Machine
-                                          type: string
-                                        name:
-                                          description: |-
-                                            Name is the name of a volume availability zone to use. It is required
-                                            if From is "Name". The volume availability zone name may not contain
-                                            spaces.
-                                          minLength: 1
-                                          pattern: ^[^ ]+$
-                                          type: string
-                                      type: object
-                                      x-kubernetes-validations:
-                                      - message: name is required when from is 'Name'
-                                          or default
-                                        rule: '!has(self.from) || self.from == ''Name''
-                                          ? has(self.name) : !has(self.name)'
-                                    type:
-                                      description: |-
-                                        Type is the Cinder volume type of the volume.
-                                        If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                        will be used.
-                                      type: string
-                                  type: object
-                              required:
-                              - type
-                              type: object
-                          required:
-                          - name
-                          - sizeGiB
-                          - storage
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - name
-                        x-kubernetes-list-type: map
-                      configDrive:
-                        description: Config Drive support
-                        type: boolean
-                      flavor:
-                        description: The flavor reference for the flavor for your
-                          server instance.
-                        minLength: 1
-                        type: string
-                      flavorID:
-                        description: |-
-                          FlavorID allows flavors to be specified by ID.  This field takes precedence
-                          over Flavor.
-                        minLength: 1
-                        type: string
-                      floatingIPPoolRef:
-                        description: |-
-                          floatingIPPoolRef is a reference to a IPPool that will be assigned
-                          to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
-                          will be assigned to the OpenStackMachine.
-                        properties:
-                          apiGroup:
-                            description: |-
-                              APIGroup is the group for the resource being referenced.
-                              If APIGroup is not specified, the specified Kind must be in the core API group.
-                              For any other third-party types, APIGroup is required.
-                            type: string
-                          kind:
-                            description: Kind is the type of resource being referenced
-                            type: string
-                          name:
-                            description: Name is the name of resource being referenced
-                            type: string
-                        required:
-                        - kind
-                        - name
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      identityRef:
-                        description: |-
-                          IdentityRef is a reference to a secret holding OpenStack credentials
-                          to be used when reconciling this machine. If not specified, the
-                          credentials specified in the cluster will be used.
-                        properties:
-                          cloudName:
-                            description: CloudName specifies the name of the entry
-                              in the clouds.yaml file to use.
-                            type: string
-                          name:
-                            description: |-
-                              Name is the name of a secret in the same namespace as the resource being provisioned.
-                              The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
-                              The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
-                            type: string
-                          region:
-                            description: |-
-                              Region specifies an OpenStack region to use. If specified, it overrides
-                              any value in clouds.yaml. If specified for an OpenStackMachine, its
-                              value will be included in providerID.
-                            type: string
-                        required:
-                        - cloudName
-                        - name
-                        type: object
-                        x-kubernetes-validations:
-                        - message: region is immutable
-                          rule: (!has(self.region) && !has(oldSelf.region)) || self.region
-                            == oldSelf.region
-                      image:
-                        description: |-
-                          The image to use for your server instance.
-                          If the rootVolume is specified, this will be used when creating the root volume.
-                        maxProperties: 1
-                        minProperties: 1
-                        properties:
-                          filter:
-                            description: |-
-                              Filter describes a query for an image. If specified, the combination
-                              of name and tags must return a single matching image or an error will
-                              be raised.
-                            minProperties: 1
-                            properties:
-                              name:
-                                description: The name of the desired image. If specified,
-                                  the combination of name and tags must return a single
-                                  matching image or an error will be raised.
-                                type: string
-                              tags:
-                                description: The tags associated with the desired
-                                  image. If specified, the combination of name and
-                                  tags must return a single matching image or an error
-                                  will be raised.
-                                items:
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                            type: object
-                          id:
-                            description: ID is the uuid of the image. ID will not
-                              be validated before use.
-                            format: uuid
-                            type: string
-                          imageRef:
-                            description: |-
-                              ImageRef is a reference to an ORC Image in the same namespace as the
-                              referring object.
-                            properties:
-                              name:
-                                description: Name is the name of the referenced resource
-                                type: string
-                            required:
-                            - name
-                            type: object
-                        type: object
-                      ports:
-                        description: |-
-                          Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
-                          If not specified a default port will be added for the default cluster network.
-                        items:
-                          properties:
-                            adminStateUp:
-                              description: AdminStateUp specifies whether the port
-                                should be created in the up (true) or down (false)
-                                state. The default is up.
-                              type: boolean
-                            allowedAddressPairs:
-                              description: |-
-                                AllowedAddressPairs is a list of address pairs which Neutron will
-                                allow the port to send traffic from in addition to the port's
-                                addresses. If not specified, the MAC Address will be the MAC Address
-                                of the port. Depending on the configuration of Neutron, it may be
-                                supported to specify a CIDR instead of a specific IP address.
-                              items:
-                                properties:
-                                  ipAddress:
-                                    description: |-
-                                      IPAddress is the IP address of the allowed address pair. Depending on
-                                      the configuration of Neutron, it may be supported to specify a CIDR
-                                      instead of a specific IP address.
-                                    type: string
-                                  macAddress:
-                                    description: |-
-                                      MACAddress is the MAC address of the allowed address pair. If not
-                                      specified, the MAC address will be the MAC address of the port.
-                                    type: string
-                                required:
-                                - ipAddress
-                                type: object
-                              type: array
-                            description:
-                              description: Description is a human-readable description
-                                for the port.
-                              type: string
-                            disablePortSecurity:
-                              description: |-
-                                DisablePortSecurity enables or disables the port security when set.
-                                When not set, it takes the value of the corresponding field at the network level.
-                              type: boolean
-                            fixedIPs:
-                              description: FixedIPs is a list of pairs of subnet and/or
-                                IP address to assign to the port. If specified, these
-                                must be subnets of the port's network.
-                              items:
-                                properties:
-                                  ipAddress:
-                                    description: |-
-                                      IPAddress is a specific IP address to assign to the port. If Subnet
-                                      is also specified, IPAddress must be a valid IP address in the
-                                      subnet. If Subnet is not specified, IPAddress must be a valid IP
-                                      address in any subnet of the port's network.
-                                    type: string
-                                  subnet:
-                                    description: |-
-                                      Subnet is an openstack subnet query that will return the id of a subnet to create
-                                      the fixed IP of a port in. This query must not return more than one subnet.
-                                    maxProperties: 1
-                                    minProperties: 1
-                                    properties:
-                                      filter:
-                                        description: Filter specifies a filter to
-                                          select the subnet. It must match exactly
-                                          one subnet.
-                                        minProperties: 1
-                                        properties:
-                                          cidr:
-                                            type: string
-                                          description:
-                                            type: string
-                                          gatewayIP:
-                                            type: string
-                                          ipVersion:
-                                            type: integer
-                                          ipv6AddressMode:
-                                            type: string
-                                          ipv6RAMode:
-                                            type: string
-                                          name:
-                                            type: string
-                                          notTags:
-                                            description: |-
-                                              NotTags is a list of tags to filter by. If specified, resources which
-                                              contain all of the given tags will be excluded from the result.
-                                            items:
-                                              description: |-
-                                                NeutronTag represents a tag on a Neutron resource.
-                                                It may not be empty and may not contain commas.
-                                              minLength: 1
-                                              pattern: ^[^,]+$
-                                              type: string
-                                            type: array
-                                            x-kubernetes-list-type: set
-                                          notTagsAny:
-                                            description: |-
-                                              NotTagsAny is a list of tags to filter by. If specified, resources
-                                              which contain any of the given tags will be excluded from the result.
-                                            items:
-                                              description: |-
-                                                NeutronTag represents a tag on a Neutron resource.
-                                                It may not be empty and may not contain commas.
-                                              minLength: 1
-                                              pattern: ^[^,]+$
-                                              type: string
-                                            type: array
-                                            x-kubernetes-list-type: set
-                                          projectID:
-                                            type: string
-                                          tags:
-                                            description: |-
-                                              Tags is a list of tags to filter by. If specified, the resource must
-                                              have all of the tags specified to be included in the result.
-                                            items:
-                                              description: |-
-                                                NeutronTag represents a tag on a Neutron resource.
-                                                It may not be empty and may not contain commas.
-                                              minLength: 1
-                                              pattern: ^[^,]+$
-                                              type: string
-                                            type: array
-                                            x-kubernetes-list-type: set
-                                          tagsAny:
-                                            description: |-
-                                              TagsAny is a list of tags to filter by. If specified, the resource
-                                              must have at least one of the tags specified to be included in the
-                                              result.
-                                            items:
-                                              description: |-
-                                                NeutronTag represents a tag on a Neutron resource.
-                                                It may not be empty and may not contain commas.
-                                              minLength: 1
-                                              pattern: ^[^,]+$
-                                              type: string
-                                            type: array
-                                            x-kubernetes-list-type: set
-                                        type: object
-                                      id:
-                                        description: ID is the uuid of the subnet.
-                                          It will not be validated.
-                                        format: uuid
-                                        type: string
-                                    type: object
-                                type: object
-                              type: array
-                              x-kubernetes-list-type: atomic
-                            hostID:
-                              description: HostID specifies the ID of the host where
-                                the port resides.
-                              type: string
-                            macAddress:
-                              description: MACAddress specifies the MAC address of
-                                the port. If not specified, the MAC address will be
-                                generated.
-                              type: string
-                            nameSuffix:
-                              description: NameSuffix will be appended to the name
-                                of the port if specified. If unspecified, instead
-                                the 0-based index of the port in the list is used.
-                              type: string
-                            network:
-                              description: |-
-                                Network is a query for an openstack network that the port will be created or discovered on.
-                                This will fail if the query returns more than one network.
-                              maxProperties: 1
-                              minProperties: 1
-                              properties:
-                                filter:
-                                  description: Filter specifies a filter to select
-                                    an OpenStack network. If provided, cannot be empty.
-                                  minProperties: 1
-                                  properties:
-                                    description:
-                                      type: string
-                                    name:
-                                      type: string
-                                    notTags:
-                                      description: |-
-                                        NotTags is a list of tags to filter by. If specified, resources which
-                                        contain all of the given tags will be excluded from the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    notTagsAny:
-                                      description: |-
-                                        NotTagsAny is a list of tags to filter by. If specified, resources
-                                        which contain any of the given tags will be excluded from the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    projectID:
-                                      type: string
-                                    tags:
-                                      description: |-
-                                        Tags is a list of tags to filter by. If specified, the resource must
-                                        have all of the tags specified to be included in the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    tagsAny:
-                                      description: |-
-                                        TagsAny is a list of tags to filter by. If specified, the resource
-                                        must have at least one of the tags specified to be included in the
-                                        result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                  type: object
-                                id:
-                                  description: ID is the ID of the network to use.
-                                    If ID is provided, the other filters cannot be
-                                    provided. Must be in UUID format.
-                                  format: uuid
-                                  type: string
-                              type: object
-                            profile:
-                              description: |-
-                                Profile is a set of key-value pairs that are used for binding
-                                details. We intentionally don't expose this as a map[string]string
-                                because we only want to enable the users to set the values of the
-                                keys that are known to work in OpenStack Networking API.  See
-                                https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                                To set profiles, your tenant needs permissions rule:create_port, and
-                                rule:create_port:binding:profile
-                              properties:
-                                ovsHWOffload:
-                                  description: |-
-                                    OVSHWOffload enables or disables the OVS hardware offload feature.
-                                    This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
-                                    See: https://bugs.launchpad.net/nova/+bug/2020813
-                                  type: boolean
-                                trustedVF:
-                                  description: TrustedVF enables or disables the “trusted
-                                    mode” for the VF.
-                                  type: boolean
-                              type: object
-                            propagateUplinkStatus:
-                              description: PropageteUplinkStatus enables or disables
-                                the propagate uplink status on the port.
-                              type: boolean
-                            securityGroups:
-                              description: SecurityGroups is a list of the names,
-                                uuids, filters or any combination these of the security
-                                groups to assign to the instance.
-                              items:
-                                description: SecurityGroupParam specifies an OpenStack
-                                  security group. It may be specified by ID or filter,
-                                  but not both.
-                                maxProperties: 1
-                                minProperties: 1
-                                properties:
-                                  filter:
-                                    description: Filter specifies a query to select
-                                      an OpenStack security group. If provided, cannot
-                                      be empty.
-                                    minProperties: 1
-                                    properties:
-                                      description:
-                                        type: string
-                                      name:
-                                        type: string
-                                      notTags:
-                                        description: |-
-                                          NotTags is a list of tags to filter by. If specified, resources which
-                                          contain all of the given tags will be excluded from the result.
-                                        items:
-                                          description: |-
-                                            NeutronTag represents a tag on a Neutron resource.
-                                            It may not be empty and may not contain commas.
-                                          minLength: 1
-                                          pattern: ^[^,]+$
-                                          type: string
-                                        type: array
-                                        x-kubernetes-list-type: set
-                                      notTagsAny:
-                                        description: |-
-                                          NotTagsAny is a list of tags to filter by. If specified, resources
-                                          which contain any of the given tags will be excluded from the result.
-                                        items:
-                                          description: |-
-                                            NeutronTag represents a tag on a Neutron resource.
-                                            It may not be empty and may not contain commas.
-                                          minLength: 1
-                                          pattern: ^[^,]+$
-                                          type: string
-                                        type: array
-                                        x-kubernetes-list-type: set
-                                      projectID:
-                                        type: string
-                                      tags:
-                                        description: |-
-                                          Tags is a list of tags to filter by. If specified, the resource must
-                                          have all of the tags specified to be included in the result.
-                                        items:
-                                          description: |-
-                                            NeutronTag represents a tag on a Neutron resource.
-                                            It may not be empty and may not contain commas.
-                                          minLength: 1
-                                          pattern: ^[^,]+$
-                                          type: string
-                                        type: array
-                                        x-kubernetes-list-type: set
-                                      tagsAny:
-                                        description: |-
-                                          TagsAny is a list of tags to filter by. If specified, the resource
-                                          must have at least one of the tags specified to be included in the
-                                          result.
-                                        items:
-                                          description: |-
-                                            NeutronTag represents a tag on a Neutron resource.
-                                            It may not be empty and may not contain commas.
-                                          minLength: 1
-                                          pattern: ^[^,]+$
-                                          type: string
-                                        type: array
-                                        x-kubernetes-list-type: set
-                                    type: object
-                                  id:
-                                    description: ID is the ID of the security group
-                                      to use. If ID is provided, the other filters
-                                      cannot be provided. Must be in UUID format.
-                                    format: uuid
-                                    type: string
-                                type: object
-                              type: array
-                              x-kubernetes-list-type: atomic
-                            tags:
-                              description: |-
-                                Tags applied to the port (and corresponding trunk, if a trunk is configured.)
-                                These tags are applied in addition to the instance's tags, which will also be applied to the port.
-                              items:
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            trunk:
-                              description: |-
-                                Trunk specifies whether trunking is enabled at the port level. If not
-                                provided the value is inherited from the machine, or false for a
-                                bastion host.
-                              type: boolean
-                            valueSpecs:
-                              description: |-
-                                Value specs are extra parameters to include in the API request with OpenStack.
-                                This is an extension point for the API, so what they do and if they are supported,
-                                depends on the specific OpenStack implementation.
-                              items:
-                                description: ValueSpec represents a single value_spec
-                                  key-value pair.
-                                properties:
-                                  key:
-                                    description: Key is the key in the key-value pair.
-                                    type: string
-                                  name:
-                                    description: |-
-                                      Name is the name of the key-value pair.
-                                      This is just for identifying the pair and will not be sent to the OpenStack API.
-                                    type: string
-                                  value:
-                                    description: Value is the value in the key-value
-                                      pair.
-                                    type: string
-                                required:
-                                - key
-                                - name
-                                - value
-                                type: object
-                              type: array
-                              x-kubernetes-list-map-keys:
-                              - name
-                              x-kubernetes-list-type: map
-                            vnicType:
-                              description: |-
-                                VNICType specifies the type of vNIC which this port should be
-                                attached to. This is used to determine which mechanism driver(s) to
-                                be used to bind the port. The valid values are normal, macvtap,
-                                direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
-                                remote-managed, although these values will not be validated in this
-                                API to ensure compatibility with future neutron changes or custom
-                                implementations. What type of vNIC is actually available depends on
-                                deployments. If not specified, the Neutron default value is used.
-                              type: string
-                          type: object
-                        type: array
-                      providerID:
-                        description: ProviderID is the unique identifier as specified
-                          by the cloud provider.
-                        type: string
-                      rootVolume:
-                        description: The volume metadata to boot from
-                        properties:
-                          availabilityZone:
-                            description: |-
-                              AvailabilityZone is the volume availability zone to create the volume
-                              in. If not specified, the volume will be created without an explicit
-                              availability zone.
-                            properties:
-                              from:
-                                default: Name
-                                description: |-
-                                  From specifies where we will obtain the availability zone for the
-                                  volume. The options are "Name" and "Machine". If "Name" is specified
-                                  then the Name field must also be specified. If "Machine" is specified
-                                  the volume will use the value of FailureDomain, if any, from the
-                                  associated Machine.
-                                enum:
-                                - Name
-                                - Machine
-                                type: string
-                              name:
-                                description: |-
-                                  Name is the name of a volume availability zone to use. It is required
-                                  if From is "Name". The volume availability zone name may not contain
-                                  spaces.
-                                minLength: 1
-                                pattern: ^[^ ]+$
-                                type: string
-                            type: object
-                            x-kubernetes-validations:
-                            - message: name is required when from is 'Name' or default
-                              rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
-                                : !has(self.name)'
-                          sizeGiB:
-                            description: SizeGiB is the size of the block device in
-                              gibibytes (GiB).
-                            minimum: 1
-                            type: integer
-                          type:
-                            description: |-
-                              Type is the Cinder volume type of the volume.
-                              If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                              will be used.
-                            type: string
-                        required:
-                        - sizeGiB
-                        type: object
-                      schedulerHintAdditionalProperties:
-                        description: |-
-                          SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
-                          to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
-                          such as specifying certain host aggregates or availability zones.
-                        items:
-                          description: |-
-                            SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
-                            It includes a Name to identify the property and a Value that can be of various types.
-                          properties:
-                            name:
-                              description: |-
-                                Name is the name of the scheduler hint property.
-                                It is a unique identifier for the property.
-                              minLength: 1
-                              type: string
-                            value:
-                              description: |-
-                                Value is the value of the scheduler hint property, which can be of various types
-                                (e.g., bool, string, int). The type is indicated by the Value.Type field.
-                              properties:
-                                bool:
-                                  description: |-
-                                    Bool is the boolean value of the scheduler hint, used when Type is "Bool".
-                                    This field is required if type is 'Bool', and must not be set otherwise.
-                                  type: boolean
-                                number:
-                                  description: |-
-                                    Number is the integer value of the scheduler hint, used when Type is "Number".
-                                    This field is required if type is 'Number', and must not be set otherwise.
-                                  type: integer
-                                string:
-                                  description: |-
-                                    String is the string value of the scheduler hint, used when Type is "String".
-                                    This field is required if type is 'String', and must not be set otherwise.
-                                  maxLength: 255
-                                  minLength: 1
-                                  type: string
-                                type:
-                                  description: |-
-                                    Type represents the type of the value.
-                                    Valid values are Bool, String, and Number.
-                                  enum:
-                                  - Bool
-                                  - String
-                                  - Number
-                                  type: string
-                              required:
-                              - type
-                              type: object
-                              x-kubernetes-validations:
-                              - message: bool is required when type is Bool, and forbidden
-                                  otherwise
-                                rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
-                                  : !has(self.bool)'
-                              - message: number is required when type is Number, and
-                                  forbidden otherwise
-                                rule: 'has(self.type) && self.type == ''Number'' ?
-                                  has(self.number) : !has(self.number)'
-                              - message: string is required when type is String, and
-                                  forbidden otherwise
-                                rule: 'has(self.type) && self.type == ''String'' ?
-                                  has(self.string) : !has(self.string)'
-                          required:
-                          - name
-                          - value
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - name
-                        x-kubernetes-list-type: map
-                      securityGroups:
-                        description: The names of the security groups to assign to
-                          the instance
-                        items:
-                          description: SecurityGroupParam specifies an OpenStack security
-                            group. It may be specified by ID or filter, but not both.
-                          maxProperties: 1
-                          minProperties: 1
-                          properties:
-                            filter:
-                              description: Filter specifies a query to select an OpenStack
-                                security group. If provided, cannot be empty.
-                              minProperties: 1
-                              properties:
-                                description:
-                                  type: string
-                                name:
-                                  type: string
-                                notTags:
-                                  description: |-
-                                    NotTags is a list of tags to filter by. If specified, resources which
-                                    contain all of the given tags will be excluded from the result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                                notTagsAny:
-                                  description: |-
-                                    NotTagsAny is a list of tags to filter by. If specified, resources
-                                    which contain any of the given tags will be excluded from the result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                                projectID:
-                                  type: string
-                                tags:
-                                  description: |-
-                                    Tags is a list of tags to filter by. If specified, the resource must
-                                    have all of the tags specified to be included in the result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                                tagsAny:
-                                  description: |-
-                                    TagsAny is a list of tags to filter by. If specified, the resource
-                                    must have at least one of the tags specified to be included in the
-                                    result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                              type: object
-                            id:
-                              description: ID is the ID of the security group to use.
-                                If ID is provided, the other filters cannot be provided.
-                                Must be in UUID format.
-                              format: uuid
-                              type: string
-                          type: object
-                        type: array
-                      serverGroup:
-                        description: The server group to assign the machine to.
-                        maxProperties: 1
-                        minProperties: 1
-                        properties:
-                          filter:
-                            description: Filter specifies a query to select an OpenStack
-                              server group. If provided, it cannot be empty.
-                            minProperties: 1
-                            properties:
-                              name:
-                                description: Name is the name of a server group to
-                                  look for.
-                                type: string
-                            type: object
-                          id:
-                            description: ID is the ID of the server group to use.
-                            format: uuid
-                            type: string
-                        type: object
-                      serverMetadata:
-                        description: Metadata mapping. Allows you to create a map
-                          of key value pairs to add to the server instance.
-                        items:
-                          properties:
-                            key:
-                              description: Key is the server metadata key
-                              maxLength: 255
-                              type: string
-                            value:
-                              description: Value is the server metadata value
-                              maxLength: 255
-                              type: string
-                          required:
-                          - key
-                          - value
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - key
-                        x-kubernetes-list-type: map
-                      sshKeyName:
-                        description: The ssh key to inject in the instance
-                        type: string
-                      tags:
-                        description: |-
-                          Tags which will be added to the machine and all dependent resources
-                          which support them. These are in addition to Tags defined on the
-                          cluster.
-                          Requires Nova api 2.52 minimum!
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      trunk:
-                        description: Whether the server instance is created on a trunk
-                          port or not.
-                        type: boolean
-                    required:
-                    - image
-                    type: object
-                    x-kubernetes-validations:
-                    - message: at least one of flavor or flavorID must be set
-                      rule: (has(self.flavor) || has(self.flavorID))
-                type: object
-                x-kubernetes-validations:
-                - message: spec is required if bastion is enabled
-                  rule: '!self.enabled || has(self.spec)'
-              controlPlaneAvailabilityZones:
-                description: |-
-                  ControlPlaneAvailabilityZones is the set of availability zones which
-                  control plane machines may be deployed to.
-                items:
-                  type: string
-                type: array
-                x-kubernetes-list-type: set
-              controlPlaneEndpoint:
-                description: |-
-                  ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
-                  It is normally populated automatically by the OpenStackCluster
-                  controller during cluster provisioning. If it is set on creation the
-                  control plane endpoint will use the values set here in preference to
-                  values set elsewhere.
-                  ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set.
-                properties:
-                  host:
-                    description: The hostname on which the API server is serving.
-                    type: string
-                  port:
-                    description: The port on which the API server is serving.
-                    format: int32
-                    type: integer
-                required:
-                - host
-                - port
-                type: object
-              controlPlaneOmitAvailabilityZone:
-                description: |-
-                  ControlPlaneOmitAvailabilityZone causes availability zone to be
-                  omitted when creating control plane nodes, allowing the Nova
-                  scheduler to make a decision on which availability zone to use based
-                  on other scheduling constraints
-                type: boolean
-              disableAPIServerFloatingIP:
-                description: |-
-                  DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
-                  IP to the API server. This allows for the creation of clusters when attaching a floating
-                  IP to the API server (and hence, in many cases, exposing the API server to the internet)
-                  is not possible or desirable, e.g. if using a shared VLAN for communication between
-                  management and workload clusters or when the management cluster is inside the
-                  project network.
-                  This option requires that the API server use a VIP on the cluster network so that the
-                  underlying machines can change without changing ControlPlaneEndpoint.Host.
-                  When using a managed load balancer, this VIP will be managed automatically.
-                  If not using a managed load balancer, cluster configuration will fail without additional
-                  configuration to manage the VIP on the control plane machines, which falls outside of
-                  the scope of this controller.
-                type: boolean
-              disableExternalNetwork:
-                description: |-
-                  DisableExternalNetwork specifies whether or not to attempt to connect the cluster
-                  to an external network. This allows for the creation of clusters when connecting
-                  to an external network is not possible or desirable, e.g. if using a provider network.
-                type: boolean
-              disablePortSecurity:
-                description: |-
-                  DisablePortSecurity disables the port security of the network created for the
-                  Kubernetes cluster, which also disables SecurityGroups
-                type: boolean
-              externalNetwork:
-                description: |-
-                  ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs.
-                  This option is ignored if DisableExternalNetwork is set to true.
-
-                  If ExternalNetwork is defined it must refer to exactly one external network.
-
-                  If ExternalNetwork is not defined or is empty the controller will use any
-                  existing external network as long as there is only one. It is an
-                  error if ExternalNetwork is not defined and there are multiple
-                  external networks unless DisableExternalNetwork is also set.
-
-                  If ExternalNetwork is not defined and there are no external networks
-                  the controller will proceed as though DisableExternalNetwork was set.
-                maxProperties: 1
-                minProperties: 1
-                properties:
-                  filter:
-                    description: Filter specifies a filter to select an OpenStack
-                      network. If provided, cannot be empty.
-                    minProperties: 1
-                    properties:
-                      description:
-                        type: string
-                      name:
-                        type: string
-                      notTags:
-                        description: |-
-                          NotTags is a list of tags to filter by. If specified, resources which
-                          contain all of the given tags will be excluded from the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      notTagsAny:
-                        description: |-
-                          NotTagsAny is a list of tags to filter by. If specified, resources
-                          which contain any of the given tags will be excluded from the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      projectID:
-                        type: string
-                      tags:
-                        description: |-
-                          Tags is a list of tags to filter by. If specified, the resource must
-                          have all of the tags specified to be included in the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      tagsAny:
-                        description: |-
-                          TagsAny is a list of tags to filter by. If specified, the resource
-                          must have at least one of the tags specified to be included in the
-                          result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                    type: object
-                  id:
-                    description: ID is the ID of the network to use. If ID is provided,
-                      the other filters cannot be provided. Must be in UUID format.
-                    format: uuid
-                    type: string
-                type: object
-              externalRouterIPs:
-                description: |-
-                  ExternalRouterIPs is an array of externalIPs on the respective subnets.
-                  This is necessary if the router needs a fixed ip in a specific subnet.
-                items:
-                  properties:
-                    fixedIP:
-                      description: The FixedIP in the corresponding subnet
-                      type: string
-                    subnet:
-                      description: The subnet in which the FixedIP is used for the
-                        Gateway of this router
-                      maxProperties: 1
-                      minProperties: 1
-                      properties:
-                        filter:
-                          description: Filter specifies a filter to select the subnet.
-                            It must match exactly one subnet.
-                          minProperties: 1
-                          properties:
-                            cidr:
-                              type: string
-                            description:
-                              type: string
-                            gatewayIP:
-                              type: string
-                            ipVersion:
-                              type: integer
-                            ipv6AddressMode:
-                              type: string
-                            ipv6RAMode:
-                              type: string
-                            name:
-                              type: string
-                            notTags:
-                              description: |-
-                                NotTags is a list of tags to filter by. If specified, resources which
-                                contain all of the given tags will be excluded from the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            notTagsAny:
-                              description: |-
-                                NotTagsAny is a list of tags to filter by. If specified, resources
-                                which contain any of the given tags will be excluded from the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            projectID:
-                              type: string
-                            tags:
-                              description: |-
-                                Tags is a list of tags to filter by. If specified, the resource must
-                                have all of the tags specified to be included in the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            tagsAny:
-                              description: |-
-                                TagsAny is a list of tags to filter by. If specified, the resource
-                                must have at least one of the tags specified to be included in the
-                                result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                          type: object
-                        id:
-                          description: ID is the uuid of the subnet. It will not be
-                            validated.
-                          format: uuid
-                          type: string
-                      type: object
-                  required:
-                  - subnet
-                  type: object
-                type: array
-                x-kubernetes-list-type: atomic
-              identityRef:
-                description: |-
-                  IdentityRef is a reference to a secret holding OpenStack credentials
-                  to be used when reconciling this cluster. It is also to reconcile
-                  machines unless overridden in the machine spec.
-                properties:
-                  cloudName:
-                    description: CloudName specifies the name of the entry in the
-                      clouds.yaml file to use.
-                    type: string
-                  name:
-                    description: |-
-                      Name is the name of a secret in the same namespace as the resource being provisioned.
-                      The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
-                      The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
-                    type: string
-                  region:
-                    description: |-
-                      Region specifies an OpenStack region to use. If specified, it overrides
-                      any value in clouds.yaml. If specified for an OpenStackMachine, its
-                      value will be included in providerID.
-                    type: string
-                required:
-                - cloudName
-                - name
-                type: object
-                x-kubernetes-validations:
-                - message: region is immutable
-                  rule: (!has(self.region) && !has(oldSelf.region)) || self.region
-                    == oldSelf.region
-              managedSecurityGroups:
-                description: |-
-                  ManagedSecurityGroups determines whether OpenStack security groups for the cluster
-                  will be managed by the OpenStack provider or whether pre-existing security groups will
-                  be specified as part of the configuration.
-                  By default, the managed security groups have rules that allow the Kubelet, etcd, and the
-                  Kubernetes API server to function correctly.
-                  It's possible to add additional rules to the managed security groups.
-                  When defined to an empty struct, the managed security groups will be created with the default rules.
-                properties:
-                  allNodesSecurityGroupRules:
-                    description: allNodesSecurityGroupRules defines the rules that
-                      should be applied to all nodes.
-                    items:
-                      description: |-
-                        SecurityGroupRuleSpec represent the basic information of the associated OpenStack
-                        Security Group Role.
-                        For now this is only used for the allNodesSecurityGroupRules but when we add
-                        other security groups, we'll need to add a validation because
-                        Remote* fields are mutually exclusive.
-                      properties:
-                        description:
-                          description: description of the security group rule.
-                          type: string
-                        direction:
-                          description: |-
-                            direction in which the security group rule is applied. The only values
-                            allowed are "ingress" or "egress". For a compute instance, an ingress
-                            security group rule is applied to incoming (ingress) traffic for that
-                            instance. An egress rule is applied to traffic leaving the instance.
-                          type: string
-                        etherType:
-                          description: |-
-                            etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
-                            ingress or egress rules.
-                          type: string
-                        name:
-                          description: |-
-                            name of the security group rule.
-                            It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
-                          type: string
-                        portRangeMax:
-                          description: |-
-                            portRangeMax is a number in the range that is matched by the security group
-                            rule. The portRangeMin attribute constrains the portRangeMax attribute.
-                          type: integer
-                        portRangeMin:
-                          description: |-
-                            portRangeMin is a number in the range that is matched by the security group
-                            rule. If the protocol is TCP or UDP, this value must be less than or equal
-                            to the value of the portRangeMax attribute.
-                          type: integer
-                        protocol:
-                          description: protocol is the protocol that is matched by
-                            the security group rule.
-                          type: string
-                        remoteGroupID:
-                          description: |-
-                            remoteGroupID is the remote group ID to be associated with this security group rule.
-                            You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                          type: string
-                        remoteIPPrefix:
-                          description: |-
-                            remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
-                            You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                          type: string
-                        remoteManagedGroups:
-                          description: |-
-                            remoteManagedGroups is the remote managed groups to be associated with this security group rule.
-                            You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                          items:
-                            enum:
-                            - bastion
-                            - controlplane
-                            - worker
-                            type: string
-                          type: array
-                      required:
-                      - direction
-                      - name
-                      type: object
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - name
-                    x-kubernetes-list-type: map
-                  allowAllInClusterTraffic:
-                    default: false
-                    description: AllowAllInClusterTraffic allows all ingress and egress
-                      traffic between cluster nodes when set to true.
-                    type: boolean
-                  controlPlaneNodesSecurityGroupRules:
-                    description: controlPlaneNodesSecurityGroupRules defines the rules
-                      that should be applied to control plane nodes.
-                    items:
-                      description: |-
-                        SecurityGroupRuleSpec represent the basic information of the associated OpenStack
-                        Security Group Role.
-                        For now this is only used for the allNodesSecurityGroupRules but when we add
-                        other security groups, we'll need to add a validation because
-                        Remote* fields are mutually exclusive.
-                      properties:
-                        description:
-                          description: description of the security group rule.
-                          type: string
-                        direction:
-                          description: |-
-                            direction in which the security group rule is applied. The only values
-                            allowed are "ingress" or "egress". For a compute instance, an ingress
-                            security group rule is applied to incoming (ingress) traffic for that
-                            instance. An egress rule is applied to traffic leaving the instance.
-                          type: string
-                        etherType:
-                          description: |-
-                            etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
-                            ingress or egress rules.
-                          type: string
-                        name:
-                          description: |-
-                            name of the security group rule.
-                            It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
-                          type: string
-                        portRangeMax:
-                          description: |-
-                            portRangeMax is a number in the range that is matched by the security group
-                            rule. The portRangeMin attribute constrains the portRangeMax attribute.
-                          type: integer
-                        portRangeMin:
-                          description: |-
-                            portRangeMin is a number in the range that is matched by the security group
-                            rule. If the protocol is TCP or UDP, this value must be less than or equal
-                            to the value of the portRangeMax attribute.
-                          type: integer
-                        protocol:
-                          description: protocol is the protocol that is matched by
-                            the security group rule.
-                          type: string
-                        remoteGroupID:
-                          description: |-
-                            remoteGroupID is the remote group ID to be associated with this security group rule.
-                            You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                          type: string
-                        remoteIPPrefix:
-                          description: |-
-                            remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
-                            You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                          type: string
-                        remoteManagedGroups:
-                          description: |-
-                            remoteManagedGroups is the remote managed groups to be associated with this security group rule.
-                            You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                          items:
-                            enum:
-                            - bastion
-                            - controlplane
-                            - worker
-                            type: string
-                          type: array
-                      required:
-                      - direction
-                      - name
-                      type: object
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - name
-                    x-kubernetes-list-type: map
-                  workerNodesSecurityGroupRules:
-                    description: workerNodesSecurityGroupRules defines the rules that
-                      should be applied to worker nodes.
-                    items:
-                      description: |-
-                        SecurityGroupRuleSpec represent the basic information of the associated OpenStack
-                        Security Group Role.
-                        For now this is only used for the allNodesSecurityGroupRules but when we add
-                        other security groups, we'll need to add a validation because
-                        Remote* fields are mutually exclusive.
-                      properties:
-                        description:
-                          description: description of the security group rule.
-                          type: string
-                        direction:
-                          description: |-
-                            direction in which the security group rule is applied. The only values
-                            allowed are "ingress" or "egress". For a compute instance, an ingress
-                            security group rule is applied to incoming (ingress) traffic for that
-                            instance. An egress rule is applied to traffic leaving the instance.
-                          type: string
-                        etherType:
-                          description: |-
-                            etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
-                            ingress or egress rules.
-                          type: string
-                        name:
-                          description: |-
-                            name of the security group rule.
-                            It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
-                          type: string
-                        portRangeMax:
-                          description: |-
-                            portRangeMax is a number in the range that is matched by the security group
-                            rule. The portRangeMin attribute constrains the portRangeMax attribute.
-                          type: integer
-                        portRangeMin:
-                          description: |-
-                            portRangeMin is a number in the range that is matched by the security group
-                            rule. If the protocol is TCP or UDP, this value must be less than or equal
-                            to the value of the portRangeMax attribute.
-                          type: integer
-                        protocol:
-                          description: protocol is the protocol that is matched by
-                            the security group rule.
-                          type: string
-                        remoteGroupID:
-                          description: |-
-                            remoteGroupID is the remote group ID to be associated with this security group rule.
-                            You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                          type: string
-                        remoteIPPrefix:
-                          description: |-
-                            remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
-                            You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                          type: string
-                        remoteManagedGroups:
-                          description: |-
-                            remoteManagedGroups is the remote managed groups to be associated with this security group rule.
-                            You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                          items:
-                            enum:
-                            - bastion
-                            - controlplane
-                            - worker
-                            type: string
-                          type: array
-                      required:
-                      - direction
-                      - name
-                      type: object
-                    type: array
-                    x-kubernetes-list-map-keys:
-                    - name
-                    x-kubernetes-list-type: map
-                required:
-                - allowAllInClusterTraffic
-                type: object
-              managedSubnets:
-                description: |-
-                  ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network,
-                  subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4
-                  subnet is supported. If you leave this empty, no network will be created.
-                items:
-                  properties:
-                    allocationPools:
-                      description: |-
-                        AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created.
-                        If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from
-                        outside of these ranges manually.
-                      items:
-                        properties:
-                          end:
-                            description: End represents the end of the AlloctionPool,
-                              that is the highest IP of the pool.
-                            type: string
-                          start:
-                            description: Start represents the start of the AllocationPool,
-                              that is the lowest IP of the pool.
-                            type: string
-                        required:
-                        - end
-                        - start
-                        type: object
-                      type: array
-                    cidr:
-                      description: |-
-                        CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24.
-                        This field is required when defining a subnet.
-                      type: string
-                    dnsNameservers:
-                      description: |-
-                        DNSNameservers holds a list of DNS server addresses that will be provided when creating
-                        the subnet. These addresses need to have the same IP version as CIDR.
-                      items:
-                        type: string
-                      type: array
-                  required:
-                  - cidr
-                  type: object
-                maxItems: 1
-                type: array
-                x-kubernetes-list-type: atomic
-              network:
-                description: |-
-                  Network specifies an existing network to use if no ManagedSubnets
-                  are specified.
-                maxProperties: 1
-                minProperties: 1
-                properties:
-                  filter:
-                    description: Filter specifies a filter to select an OpenStack
-                      network. If provided, cannot be empty.
-                    minProperties: 1
-                    properties:
-                      description:
-                        type: string
-                      name:
-                        type: string
-                      notTags:
-                        description: |-
-                          NotTags is a list of tags to filter by. If specified, resources which
-                          contain all of the given tags will be excluded from the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      notTagsAny:
-                        description: |-
-                          NotTagsAny is a list of tags to filter by. If specified, resources
-                          which contain any of the given tags will be excluded from the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      projectID:
-                        type: string
-                      tags:
-                        description: |-
-                          Tags is a list of tags to filter by. If specified, the resource must
-                          have all of the tags specified to be included in the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      tagsAny:
-                        description: |-
-                          TagsAny is a list of tags to filter by. If specified, the resource
-                          must have at least one of the tags specified to be included in the
-                          result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                    type: object
-                  id:
-                    description: ID is the ID of the network to use. If ID is provided,
-                      the other filters cannot be provided. Must be in UUID format.
-                    format: uuid
-                    type: string
-                type: object
-              networkMTU:
-                description: |-
-                  NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
-                  This value will be used only if the Cluster actuator creates the network.
-                  If left empty, the network will have the default MTU defined in Openstack network service.
-                  To use this field, the Openstack installation requires the net-mtu neutron API extension.
-                type: integer
-              router:
-                description: |-
-                  Router specifies an existing router to be used if ManagedSubnets are
-                  specified. If specified, no new router will be created.
-                maxProperties: 1
-                minProperties: 1
-                properties:
-                  filter:
-                    description: Filter specifies a filter to select an OpenStack
-                      router. If provided, cannot be empty.
-                    minProperties: 1
-                    properties:
-                      description:
-                        type: string
-                      name:
-                        type: string
-                      notTags:
-                        description: |-
-                          NotTags is a list of tags to filter by. If specified, resources which
-                          contain all of the given tags will be excluded from the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      notTagsAny:
-                        description: |-
-                          NotTagsAny is a list of tags to filter by. If specified, resources
-                          which contain any of the given tags will be excluded from the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      projectID:
-                        type: string
-                      tags:
-                        description: |-
-                          Tags is a list of tags to filter by. If specified, the resource must
-                          have all of the tags specified to be included in the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      tagsAny:
-                        description: |-
-                          TagsAny is a list of tags to filter by. If specified, the resource
-                          must have at least one of the tags specified to be included in the
-                          result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                    type: object
-                  id:
-                    description: ID is the ID of the router to use. If ID is provided,
-                      the other filters cannot be provided. Must be in UUID format.
-                    format: uuid
-                    type: string
-                type: object
-              subnets:
-                description: |-
-                  Subnets specifies existing subnets to use if not ManagedSubnets are
-                  specified. All subnets must be in the network specified by Network.
-                  There can be zero, one, or two subnets. If no subnets are specified,
-                  all subnets in Network will be used. If 2 subnets are specified, one
-                  must be IPv4 and the other IPv6.
-                items:
-                  description: SubnetParam specifies an OpenStack subnet to use. It
-                    may be specified by either ID or filter, but not both.
-                  maxProperties: 1
-                  minProperties: 1
-                  properties:
-                    filter:
-                      description: Filter specifies a filter to select the subnet.
-                        It must match exactly one subnet.
-                      minProperties: 1
-                      properties:
-                        cidr:
-                          type: string
-                        description:
-                          type: string
-                        gatewayIP:
-                          type: string
-                        ipVersion:
-                          type: integer
-                        ipv6AddressMode:
-                          type: string
-                        ipv6RAMode:
-                          type: string
-                        name:
-                          type: string
-                        notTags:
-                          description: |-
-                            NotTags is a list of tags to filter by. If specified, resources which
-                            contain all of the given tags will be excluded from the result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        notTagsAny:
-                          description: |-
-                            NotTagsAny is a list of tags to filter by. If specified, resources
-                            which contain any of the given tags will be excluded from the result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        projectID:
-                          type: string
-                        tags:
-                          description: |-
-                            Tags is a list of tags to filter by. If specified, the resource must
-                            have all of the tags specified to be included in the result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        tagsAny:
-                          description: |-
-                            TagsAny is a list of tags to filter by. If specified, the resource
-                            must have at least one of the tags specified to be included in the
-                            result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                      type: object
-                    id:
-                      description: ID is the uuid of the subnet. It will not be validated.
-                      format: uuid
-                      type: string
-                  type: object
-                maxItems: 2
-                type: array
-                x-kubernetes-list-type: atomic
-              tags:
-                description: Tags to set on all resources in cluster which support
-                  tags
-                items:
-                  type: string
-                type: array
-                x-kubernetes-list-type: set
-            required:
-            - identityRef
-            type: object
-            x-kubernetes-validations:
-            - message: bastion floating IP cannot be set when disableExternalNetwork
-                is true
-              rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
-                ? !has(self.bastion) || !has(self.bastion.floatingIP) : true'
-            - message: disableAPIServerFloatingIP cannot be false when disableExternalNetwork
-                is true
-              rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
-                ? has(self.disableAPIServerFloatingIP) && self.disableAPIServerFloatingIP
-                : true'
-          status:
-            description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
-            properties:
-              apiServerLoadBalancer:
-                description: APIServerLoadBalancer describes the api server load balancer
-                  if one exists
-                properties:
-                  allowedCIDRs:
-                    items:
-                      type: string
-                    type: array
-                  id:
-                    type: string
-                  internalIP:
-                    type: string
-                  ip:
-                    type: string
-                  loadBalancerNetwork:
-                    description: |-
-                      LoadBalancerNetwork contains information about network and/or subnets which the
-                      loadbalancer is allocated on.
-                      If subnets are specified within the LoadBalancerNetwork currently only the first
-                      subnet in the list is taken into account.
-                    properties:
-                      id:
-                        type: string
-                      name:
-                        type: string
-                      subnets:
-                        description: Subnets is a list of subnets associated with
-                          the default cluster network. Machines which use the default
-                          cluster network will get an address from all of these subnets.
-                        items:
-                          description: Subnet represents basic information about the
-                            associated OpenStack Neutron Subnet.
-                          properties:
-                            cidr:
-                              type: string
-                            id:
-                              type: string
-                            name:
-                              type: string
-                            tags:
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - cidr
-                          - id
-                          - name
-                          type: object
-                        type: array
-                      tags:
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - id
-                    - name
-                    type: object
-                  name:
-                    type: string
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - id
-                - internalIP
-                - ip
-                - name
-                type: object
-              bastion:
-                description: Bastion contains the information about the deployed bastion
-                  host
-                properties:
-                  floatingIP:
-                    type: string
-                  id:
-                    type: string
-                  ip:
-                    type: string
-                  name:
-                    type: string
-                  resolved:
-                    description: |-
-                      Resolved contains parts of the bastion's machine spec with all
-                      external references fully resolved.
-                    properties:
-                      flavorID:
-                        description: FlavorID is the ID of the flavor to use.
-                        type: string
-                      imageID:
-                        description: ImageID is the ID of the image to use for the
-                          machine and is calculated based on ImageFilter.
-                        type: string
-                      ports:
-                        description: Ports is the fully resolved list of ports to
-                          create for the machine.
-                        items:
-                          description: ResolvedPortSpec is a PortOpts with all contained
-                            references fully resolved.
-                          properties:
-                            adminStateUp:
-                              description: AdminStateUp specifies whether the port
-                                should be created in the up (true) or down (false)
-                                state. The default is up.
-                              type: boolean
-                            allowedAddressPairs:
-                              description: |-
-                                AllowedAddressPairs is a list of address pairs which Neutron will
-                                allow the port to send traffic from in addition to the port's
-                                addresses. If not specified, the MAC Address will be the MAC Address
-                                of the port. Depending on the configuration of Neutron, it may be
-                                supported to specify a CIDR instead of a specific IP address.
-                              items:
-                                properties:
-                                  ipAddress:
-                                    description: |-
-                                      IPAddress is the IP address of the allowed address pair. Depending on
-                                      the configuration of Neutron, it may be supported to specify a CIDR
-                                      instead of a specific IP address.
-                                    type: string
-                                  macAddress:
-                                    description: |-
-                                      MACAddress is the MAC address of the allowed address pair. If not
-                                      specified, the MAC address will be the MAC address of the port.
-                                    type: string
-                                required:
-                                - ipAddress
-                                type: object
-                              type: array
-                            description:
-                              description: Description is a human-readable description
-                                for the port.
-                              type: string
-                            disablePortSecurity:
-                              description: |-
-                                DisablePortSecurity enables or disables the port security when set.
-                                When not set, it takes the value of the corresponding field at the network level.
-                              type: boolean
-                            fixedIPs:
-                              description: FixedIPs is a list of pairs of subnet and/or
-                                IP address to assign to the port. If specified, these
-                                must be subnets of the port's network.
-                              items:
-                                description: ResolvedFixedIP is a FixedIP with the
-                                  Subnet resolved to an ID.
-                                properties:
-                                  ipAddress:
-                                    description: |-
-                                      IPAddress is a specific IP address to assign to the port. If SubnetID
-                                      is also specified, IPAddress must be a valid IP address in the
-                                      subnet. If Subnet is not specified, IPAddress must be a valid IP
-                                      address in any subnet of the port's network.
-                                    type: string
-                                  subnet:
-                                    description: SubnetID is the id of a subnet to
-                                      create the fixed IP of a port in.
-                                    type: string
-                                type: object
-                              type: array
-                              x-kubernetes-list-type: atomic
-                            hostID:
-                              description: HostID specifies the ID of the host where
-                                the port resides.
-                              type: string
-                            macAddress:
-                              description: MACAddress specifies the MAC address of
-                                the port. If not specified, the MAC address will be
-                                generated.
-                              type: string
-                            name:
-                              description: Name is the name of the port.
-                              type: string
-                            networkID:
-                              description: NetworkID is the ID of the network the
-                                port will be created in.
-                              type: string
-                            profile:
-                              description: |-
-                                Profile is a set of key-value pairs that are used for binding
-                                details. We intentionally don't expose this as a map[string]string
-                                because we only want to enable the users to set the values of the
-                                keys that are known to work in OpenStack Networking API.  See
-                                https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                                To set profiles, your tenant needs permissions rule:create_port, and
-                                rule:create_port:binding:profile
-                              properties:
-                                ovsHWOffload:
-                                  description: |-
-                                    OVSHWOffload enables or disables the OVS hardware offload feature.
-                                    This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
-                                    See: https://bugs.launchpad.net/nova/+bug/2020813
-                                  type: boolean
-                                trustedVF:
-                                  description: TrustedVF enables or disables the “trusted
-                                    mode” for the VF.
-                                  type: boolean
-                              type: object
-                            propagateUplinkStatus:
-                              description: PropageteUplinkStatus enables or disables
-                                the propagate uplink status on the port.
-                              type: boolean
-                            securityGroups:
-                              description: SecurityGroups is a list of security group
-                                IDs to assign to the port.
-                              items:
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: atomic
-                            tags:
-                              description: Tags applied to the port (and corresponding
-                                trunk, if a trunk is configured.)
-                              items:
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            trunk:
-                              description: Trunk specifies whether trunking is enabled
-                                at the port level.
-                              type: boolean
-                            valueSpecs:
-                              description: |-
-                                Value specs are extra parameters to include in the API request with OpenStack.
-                                This is an extension point for the API, so what they do and if they are supported,
-                                depends on the specific OpenStack implementation.
-                              items:
-                                description: ValueSpec represents a single value_spec
-                                  key-value pair.
-                                properties:
-                                  key:
-                                    description: Key is the key in the key-value pair.
-                                    type: string
-                                  name:
-                                    description: |-
-                                      Name is the name of the key-value pair.
-                                      This is just for identifying the pair and will not be sent to the OpenStack API.
-                                    type: string
-                                  value:
-                                    description: Value is the value in the key-value
-                                      pair.
-                                    type: string
-                                required:
-                                - key
-                                - name
-                                - value
-                                type: object
-                              type: array
-                              x-kubernetes-list-map-keys:
-                              - name
-                              x-kubernetes-list-type: map
-                            vnicType:
-                              description: |-
-                                VNICType specifies the type of vNIC which this port should be
-                                attached to. This is used to determine which mechanism driver(s) to
-                                be used to bind the port. The valid values are normal, macvtap,
-                                direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
-                                remote-managed, although these values will not be validated in this
-                                API to ensure compatibility with future neutron changes or custom
-                                implementations. What type of vNIC is actually available depends on
-                                deployments. If not specified, the Neutron default value is used.
-                              type: string
-                          required:
-                          - description
-                          - name
-                          - networkID
-                          type: object
-                        type: array
-                      serverGroupID:
-                        description: ServerGroupID is the ID of the server group the
-                          machine should be added to and is calculated based on ServerGroupFilter.
-                        type: string
-                    type: object
-                  resources:
-                    description: Resources contains references to OpenStack resources
-                      created for the bastion.
-                    properties:
-                      ports:
-                        description: Ports is the status of the ports created for
-                          the machine.
-                        items:
-                          properties:
-                            id:
-                              description: ID is the unique identifier of the port.
-                              type: string
-                          required:
-                          - id
-                          type: object
-                        type: array
-                    type: object
-                  sshKeyName:
-                    type: string
-                  state:
-                    description: InstanceState describes the state of an OpenStack
-                      instance.
-                    type: string
-                type: object
-              bastionSecurityGroup:
-                description: |-
-                  BastionSecurityGroup contains the information about the OpenStack
-                  Security Group that needs to be applied to worker nodes.
-                properties:
-                  id:
-                    description: id of the security group
-                    type: string
-                  name:
-                    description: name of the security group
-                    type: string
-                required:
-                - id
-                - name
-                type: object
-              controlPlaneSecurityGroup:
-                description: |-
-                  ControlPlaneSecurityGroup contains the information about the
-                  OpenStack Security Group that needs to be applied to control plane
-                  nodes.
-                properties:
-                  id:
-                    description: id of the security group
-                    type: string
-                  name:
-                    description: name of the security group
-                    type: string
-                required:
-                - id
-                - name
-                type: object
-              externalNetwork:
-                description: ExternalNetwork contains information about the external
-                  network used for default ingress and egress traffic.
-                properties:
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-              failureDomains:
-                additionalProperties:
-                  description: |-
-                    FailureDomainSpec is the Schema for Cluster API failure domains.
-                    It allows controllers to understand how many failure domains a cluster can optionally span across.
-                  properties:
-                    attributes:
-                      additionalProperties:
-                        type: string
-                      description: attributes is a free form map of attributes an
-                        infrastructure provider might use or require.
-                      type: object
-                    controlPlane:
-                      description: controlPlane determines if this failure domain
-                        is suitable for use by control plane machines.
-                      type: boolean
-                  type: object
-                description: FailureDomains represent OpenStack availability zones
-                type: object
-              failureMessage:
-                description: |-
-                  FailureMessage will be set in the event that there is a terminal problem
-                  reconciling the OpenStackCluster and will contain a more verbose string suitable
-                  for logging and human consumption.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the OpenStackCluster's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of
-                  OpenStackClusters can be added as events to the OpenStackCluster object
-                  and/or logged in the controller's output.
-                type: string
-              failureReason:
-                description: |-
-                  FailureReason will be set in the event that there is a terminal problem
-                  reconciling the OpenStackCluster and will contain a succinct value suitable
-                  for machine interpretation.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the OpenStackCluster's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of
-                  OpenStackClusters can be added as events to the OpenStackCluster object
-                  and/or logged in the controller's output.
-                type: string
-              network:
-                description: Network contains information about the created OpenStack
-                  Network.
-                properties:
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  subnets:
-                    description: Subnets is a list of subnets associated with the
-                      default cluster network. Machines which use the default cluster
-                      network will get an address from all of these subnets.
-                    items:
-                      description: Subnet represents basic information about the associated
-                        OpenStack Neutron Subnet.
-                      properties:
-                        cidr:
-                          type: string
-                        id:
-                          type: string
-                        name:
-                          type: string
-                        tags:
-                          items:
-                            type: string
-                          type: array
-                      required:
-                      - cidr
-                      - id
-                      - name
-                      type: object
-                    type: array
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-              ready:
-                default: false
-                description: Ready is true when the cluster infrastructure is ready.
-                type: boolean
-              router:
-                description: Router describes the default cluster router
-                properties:
-                  id:
-                    type: string
-                  ips:
-                    items:
-                      type: string
-                    type: array
-                  name:
-                    type: string
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-              workerSecurityGroup:
-                description: |-
-                  WorkerSecurityGroup contains the information about the OpenStack
-                  Security Group that needs to be applied to worker nodes.
-                properties:
-                  id:
-                    description: id of the security group
-                    type: string
-                  name:
-                    description: name of the security group
-                    type: string
-                required:
-                - id
-                - name
-                type: object
-            required:
-            - ready
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.5
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: openstackclustertemplates.infrastructure.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capo-webhook-service
-          namespace: capo-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: infrastructure.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: OpenStackClusterTemplate
-    listKind: OpenStackClusterTemplateList
-    plural: openstackclustertemplates
-    shortNames:
-    - osct
-    singular: openstackclustertemplate
-  scope: Namespaced
-  versions:
-  - deprecated: true
-    deprecationWarning: The v1alpha7 version of OpenStackClusterTemplate has been
-      deprecated and will be removed in a future release.
-    name: v1alpha7
-    schema:
-      openAPIV3Schema:
-        description: |-
-          OpenStackClusterTemplate is the Schema for the openstackclustertemplates API.
-
-          Deprecated: v1alpha7.OpenStackClusterTemplate has been replaced by v1beta1.OpenStackClusterTemplate.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackClusterTemplateSpec defines the desired state of
-              OpenStackClusterTemplate.
-            properties:
-              template:
-                description: OpenStackClusterTemplateResource describes the data needed
-                  to create a OpenStackCluster from a template.
-                properties:
-                  spec:
-                    description: OpenStackClusterSpec defines the desired state of
-                      OpenStackCluster.
-                    properties:
-                      allowAllInClusterTraffic:
-                        description: |-
-                          AllowAllInClusterTraffic is only used when managed security groups are in use.
-                          If set to true, the rules for the managed security groups are configured so that all
-                          ingress and egress between cluster nodes is permitted, allowing CNIs other than
-                          Calico to be used.
-                        type: boolean
-                      apiServerFixedIP:
-                        description: |-
-                          APIServerFixedIP is the fixed IP which will be associated with the API server.
-                          In the case where the API server has a floating IP but not a managed load balancer,
-                          this field is not used.
-                          If a managed load balancer is used and this field is not specified, a fixed IP will
-                          be dynamically allocated for the load balancer.
-                          If a managed load balancer is not used AND the API server floating IP is disabled,
-                          this field MUST be specified and should correspond to a pre-allocated port that
-                          holds the fixed IP to be used as a VIP.
-                        type: string
-                      apiServerFloatingIP:
-                        description: |-
-                          APIServerFloatingIP is the floatingIP which will be associated with the API server.
-                          The floatingIP will be created if it does not already exist.
-                          If not specified, a new floatingIP is allocated.
-                          This field is not used if DisableAPIServerFloatingIP is set to true.
-                        type: string
-                      apiServerLoadBalancer:
-                        description: |-
-                          APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
-                          It must be activated by setting `enabled: true`.
-                        properties:
-                          additionalPorts:
-                            description: AdditionalPorts adds additional tcp ports
-                              to the load balancer.
-                            items:
-                              type: integer
-                            type: array
-                          allowedCidrs:
-                            description: AllowedCIDRs restrict access to all API-Server
-                              listeners to the given address CIDRs.
-                            items:
-                              type: string
-                            type: array
-                          enabled:
-                            description: Enabled defines whether a load balancer should
-                              be created.
-                            type: boolean
-                          provider:
-                            description: Octavia Provider Used to create load balancer
-                            type: string
-                        type: object
-                      apiServerPort:
-                        description: |-
-                          APIServerPort is the port on which the listener on the APIServer
-                          will be created
-                        type: integer
-                      bastion:
-                        description: |-
-                          Bastion is the OpenStack instance to login the nodes
-
-                          As a rolling update is not ideal during a bastion host session, we
-                          prevent changes to a running bastion configuration. Set `enabled: false` to
-                          make changes.
-                        properties:
-                          availabilityZone:
-                            type: string
-                          enabled:
-                            type: boolean
-                          instance:
-                            description: Instance for the bastion itself
-                            properties:
-                              additionalBlockDevices:
-                                description: AdditionalBlockDevices is a list of specifications
-                                  for additional block devices to attach to the server
-                                  instance
-                                items:
-                                  description: AdditionalBlockDevice is a block device
-                                    to attach to the server.
-                                  properties:
-                                    name:
-                                      description: |-
-                                        Name of the block device in the context of a machine.
-                                        If the block device is a volume, the Cinder volume will be named
-                                        as a combination of the machine name and this name.
-                                        Also, this name will be used for tagging the block device.
-                                        Information about the block device tag can be obtained from the OpenStack
-                                        metadata API or the config drive.
-                                      type: string
-                                    sizeGiB:
-                                      description: SizeGiB is the size of the block
-                                        device in gibibytes (GiB).
-                                      type: integer
-                                    storage:
-                                      description: |-
-                                        Storage specifies the storage type of the block device and
-                                        additional storage options.
-                                      properties:
-                                        type:
-                                          description: |-
-                                            Type is the type of block device to create.
-                                            This can be either "Volume" or "Local".
-                                          type: string
-                                        volume:
-                                          description: Volume contains additional
-                                            storage options for a volume block device.
-                                          properties:
-                                            availabilityZone:
-                                              description: |-
-                                                AvailabilityZone is the volume availability zone to create the volume in.
-                                                If omitted, the availability zone of the server will be used.
-                                                The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
-                                                to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
-                                                further information.
-                                              type: string
-                                            type:
-                                              description: |-
-                                                Type is the Cinder volume type of the volume.
-                                                If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                                will be used.
-                                              type: string
-                                          type: object
-                                      required:
-                                      - type
-                                      type: object
-                                  required:
-                                  - name
-                                  - sizeGiB
-                                  - storage
-                                  type: object
-                                type: array
-                                x-kubernetes-list-map-keys:
-                                - name
-                                x-kubernetes-list-type: map
-                              cloudName:
-                                description: The name of the cloud to use from the
-                                  clouds secret
-                                type: string
-                              configDrive:
-                                description: Config Drive support
-                                type: boolean
-                              flavor:
-                                description: The flavor reference for the flavor for
-                                  your server instance.
-                                minLength: 1
-                                type: string
-                              flavorID:
-                                description: |-
-                                  FlavorID allows flavors to be specified by ID.  This field takes precedence
-                                  over Flavor.
-                                minLength: 1
-                                type: string
-                              floatingIP:
-                                description: |-
-                                  The floatingIP which will be associated to the machine, only used for master.
-                                  The floatingIP should have been created and haven't been associated.
-                                type: string
-                              identityRef:
-                                description: |-
-                                  IdentityRef is a reference to a identity to be used when reconciling this cluster.
-                                  If not specified, the identity ref of the cluster will be used instead.
-                                properties:
-                                  kind:
-                                    description: |-
-                                      Kind of the identity. Must be supported by the infrastructure
-                                      provider and may be either cluster or namespace-scoped.
-                                    minLength: 1
-                                    type: string
-                                  name:
-                                    description: |-
-                                      Name of the infrastructure identity to be used.
-                                      Must be either a cluster-scoped resource, or namespaced-scoped
-                                      resource the same namespace as the resource(s) being provisioned.
-                                    type: string
-                                required:
-                                - kind
-                                - name
-                                type: object
-                              image:
-                                description: |-
-                                  The name of the image to use for your server instance.
-                                  If the RootVolume is specified, this will be ignored and use rootVolume directly.
-                                type: string
-                              imageUUID:
-                                description: |-
-                                  The uuid of the image to use for your server instance.
-                                  if it's empty, Image name will be used
-                                type: string
-                              instanceID:
-                                description: InstanceID is the OpenStack instance
-                                  ID for this machine.
-                                type: string
-                              ports:
-                                description: |-
-                                  Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
-                                  If not specified a default port will be added for the default cluster network.
-                                items:
-                                  properties:
-                                    adminStateUp:
-                                      type: boolean
-                                    allowedAddressPairs:
-                                      items:
-                                        properties:
-                                          ipAddress:
-                                            type: string
-                                          macAddress:
-                                            type: string
-                                        type: object
-                                      type: array
-                                    description:
-                                      type: string
-                                    disablePortSecurity:
-                                      description: |-
-                                        DisablePortSecurity enables or disables the port security when set.
-                                        When not set, it takes the value of the corresponding field at the network level.
-                                      type: boolean
-                                    fixedIPs:
-                                      description: Specify pairs of subnet and/or
-                                        IP address. These should be subnets of the
-                                        network with the given NetworkID.
-                                      items:
-                                        properties:
-                                          ipAddress:
-                                            type: string
-                                          subnet:
-                                            description: |-
-                                              Subnet is an openstack subnet query that will return the id of a subnet to create
-                                              the fixed IP of a port in. This query must not return more than one subnet.
-                                            properties:
-                                              cidr:
-                                                type: string
-                                              description:
-                                                type: string
-                                              gateway_ip:
-                                                type: string
-                                              id:
-                                                type: string
-                                              ipVersion:
-                                                type: integer
-                                              ipv6AddressMode:
-                                                type: string
-                                              ipv6RaMode:
-                                                type: string
-                                              name:
-                                                type: string
-                                              notTags:
-                                                type: string
-                                              notTagsAny:
-                                                type: string
-                                              projectId:
-                                                type: string
-                                              tags:
-                                                type: string
-                                              tagsAny:
-                                                type: string
-                                            type: object
-                                        required:
-                                        - subnet
-                                        type: object
-                                      type: array
-                                    hostId:
-                                      description: The ID of the host where the port
-                                        is allocated
-                                      type: string
-                                    macAddress:
-                                      type: string
-                                    nameSuffix:
-                                      description: Used to make the name of the port
-                                        unique. If unspecified, instead the 0-based
-                                        index of the port in the list is used.
-                                      type: string
-                                    network:
-                                      description: |-
-                                        Network is a query for an openstack network that the port will be created or discovered on.
-                                        This will fail if the query returns more than one network.
-                                      properties:
-                                        description:
-                                          type: string
-                                        id:
-                                          type: string
-                                        name:
-                                          type: string
-                                        notTags:
-                                          type: string
-                                        notTagsAny:
-                                          type: string
-                                        projectId:
-                                          type: string
-                                        tags:
-                                          type: string
-                                        tagsAny:
-                                          type: string
-                                      type: object
-                                    profile:
-                                      description: |-
-                                        Profile is a set of key-value pairs that are used for binding details.
-                                        We intentionally don't expose this as a map[string]string because we only want to enable
-                                        the users to set the values of the keys that are known to work in OpenStack Networking API.
-                                        See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                                      properties:
-                                        ovsHWOffload:
-                                          description: OVSHWOffload enables or disables
-                                            the OVS hardware offload feature.
-                                          type: boolean
-                                        trustedVF:
-                                          description: TrustedVF enables or disables
-                                            the “trusted mode” for the VF.
-                                          type: boolean
-                                      type: object
-                                    propagateUplinkStatus:
-                                      description: PropageteUplinkStatus enables or
-                                        disables the propagate uplink status on the
-                                        port.
-                                      type: boolean
-                                    securityGroupFilters:
-                                      description: The names, uuids, filters or any
-                                        combination these of the security groups to
-                                        assign to the instance
-                                      items:
-                                        properties:
-                                          description:
-                                            type: string
-                                          id:
-                                            type: string
-                                          name:
-                                            type: string
-                                          notTags:
-                                            type: string
-                                          notTagsAny:
-                                            type: string
-                                          projectId:
-                                            type: string
-                                          tags:
-                                            type: string
-                                          tagsAny:
-                                            type: string
-                                        type: object
-                                      type: array
-                                    tags:
-                                      description: |-
-                                        Tags applied to the port (and corresponding trunk, if a trunk is configured.)
-                                        These tags are applied in addition to the instance's tags, which will also be applied to the port.
-                                      items:
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    trunk:
-                                      description: Enables and disables trunk at port
-                                        level. If not provided, openStackMachine.Spec.Trunk
-                                        is inherited.
-                                      type: boolean
-                                    valueSpecs:
-                                      description: |-
-                                        Value specs are extra parameters to include in the API request with OpenStack.
-                                        This is an extension point for the API, so what they do and if they are supported,
-                                        depends on the specific OpenStack implementation.
-                                      items:
-                                        description: ValueSpec represents a single
-                                          value_spec key-value pair.
-                                        properties:
-                                          key:
-                                            description: Key is the key in the key-value
-                                              pair.
-                                            type: string
-                                          name:
-                                            description: |-
-                                              Name is the name of the key-value pair.
-                                              This is just for identifying the pair and will not be sent to the OpenStack API.
-                                            type: string
-                                          value:
-                                            description: Value is the value in the
-                                              key-value pair.
-                                            type: string
-                                        required:
-                                        - key
-                                        - name
-                                        - value
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-map-keys:
-                                      - name
-                                      x-kubernetes-list-type: map
-                                    vnicType:
-                                      description: The virtual network interface card
-                                        (vNIC) type that is bound to the neutron port.
-                                      type: string
-                                  type: object
-                                type: array
-                              providerID:
-                                description: ProviderID is the unique identifier as
-                                  specified by the cloud provider.
-                                type: string
-                              rootVolume:
-                                description: The volume metadata to boot from
-                                properties:
-                                  availabilityZone:
-                                    type: string
-                                  diskSize:
-                                    type: integer
-                                  volumeType:
-                                    type: string
-                                type: object
-                              securityGroups:
-                                description: The names of the security groups to assign
-                                  to the instance
-                                items:
-                                  properties:
-                                    description:
-                                      type: string
-                                    id:
-                                      type: string
-                                    name:
-                                      type: string
-                                    notTags:
-                                      type: string
-                                    notTagsAny:
-                                      type: string
-                                    projectId:
-                                      type: string
-                                    tags:
-                                      type: string
-                                    tagsAny:
-                                      type: string
-                                  type: object
-                                type: array
-                              serverGroupID:
-                                description: The server group to assign the machine
-                                  to
-                                type: string
-                              serverMetadata:
-                                additionalProperties:
-                                  type: string
-                                description: Metadata mapping. Allows you to create
-                                  a map of key value pairs to add to the server instance.
-                                type: object
-                              sshKeyName:
-                                description: The ssh key to inject in the instance
-                                type: string
-                              tags:
-                                description: |-
-                                  Machine tags
-                                  Requires Nova api 2.52 minimum!
-                                items:
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              trunk:
-                                description: Whether the server instance is created
-                                  on a trunk port or not.
-                                type: boolean
-                            type: object
-                        type: object
-                      cloudName:
-                        description: The name of the cloud to use from the clouds
-                          secret
-                        type: string
-                      controlPlaneAvailabilityZones:
-                        description: ControlPlaneAvailabilityZones is the az to deploy
-                          control plane to
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      controlPlaneEndpoint:
-                        description: ControlPlaneEndpoint represents the endpoint
-                          used to communicate with the control plane.
-                        properties:
-                          host:
-                            description: The hostname on which the API server is serving.
-                            type: string
-                          port:
-                            description: The port on which the API server is serving.
-                            format: int32
-                            type: integer
-                        required:
-                        - host
-                        - port
-                        type: object
-                      controlPlaneOmitAvailabilityZone:
-                        description: |-
-                          Indicates whether to omit the az for control plane nodes, allowing the Nova scheduler
-                          to make a decision on which az to use based on other scheduling constraints
-                        type: boolean
-                      disableAPIServerFloatingIP:
-                        description: |-
-                          DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
-                          IP to the API server. This allows for the creation of clusters when attaching a floating
-                          IP to the API server (and hence, in many cases, exposing the API server to the internet)
-                          is not possible or desirable, e.g. if using a shared VLAN for communication between
-                          management and workload clusters or when the management cluster is inside the
-                          project network.
-                          This option requires that the API server use a VIP on the cluster network so that the
-                          underlying machines can change without changing ControlPlaneEndpoint.Host.
-                          When using a managed load balancer, this VIP will be managed automatically.
-                          If not using a managed load balancer, cluster configuration will fail without additional
-                          configuration to manage the VIP on the control plane machines, which falls outside of
-                          the scope of this controller.
-                        type: boolean
-                      disablePortSecurity:
-                        description: |-
-                          DisablePortSecurity disables the port security of the network created for the
-                          Kubernetes cluster, which also disables SecurityGroups
-                        type: boolean
-                      dnsNameservers:
-                        description: |-
-                          DNSNameservers is the list of nameservers for OpenStack Subnet being created.
-                          Set this value when you need create a new network/subnet while the access
-                          through DNS is required.
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      externalNetworkId:
-                        description: |-
-                          ExternalNetworkID is the ID of an external OpenStack Network. This is necessary
-                          to get public internet to the VMs.
-                        type: string
-                      externalRouterIPs:
-                        description: |-
-                          ExternalRouterIPs is an array of externalIPs on the respective subnets.
-                          This is necessary if the router needs a fixed ip in a specific subnet.
-                        items:
-                          properties:
-                            fixedIP:
-                              description: The FixedIP in the corresponding subnet
-                              type: string
-                            subnet:
-                              description: The subnet in which the FixedIP is used
-                                for the Gateway of this router
-                              properties:
-                                cidr:
-                                  type: string
-                                description:
-                                  type: string
-                                gateway_ip:
-                                  type: string
-                                id:
-                                  type: string
-                                ipVersion:
-                                  type: integer
-                                ipv6AddressMode:
-                                  type: string
-                                ipv6RaMode:
-                                  type: string
-                                name:
-                                  type: string
-                                notTags:
-                                  type: string
-                                notTagsAny:
-                                  type: string
-                                projectId:
-                                  type: string
-                                tags:
-                                  type: string
-                                tagsAny:
-                                  type: string
-                              type: object
-                          required:
-                          - subnet
-                          type: object
-                        type: array
-                      identityRef:
-                        description: IdentityRef is a reference to a identity to be
-                          used when reconciling this cluster
-                        properties:
-                          kind:
-                            description: |-
-                              Kind of the identity. Must be supported by the infrastructure
-                              provider and may be either cluster or namespace-scoped.
-                            minLength: 1
-                            type: string
-                          name:
-                            description: |-
-                              Name of the infrastructure identity to be used.
-                              Must be either a cluster-scoped resource, or namespaced-scoped
-                              resource the same namespace as the resource(s) being provisioned.
-                            type: string
-                        required:
-                        - kind
-                        - name
-                        type: object
-                      managedSecurityGroups:
-                        description: |-
-                          ManagedSecurityGroups determines whether OpenStack security groups for the cluster
-                          will be managed by the OpenStack provider or whether pre-existing security groups will
-                          be specified as part of the configuration.
-                          By default, the managed security groups have rules that allow the Kubelet, etcd, the
-                          Kubernetes API server and the Calico CNI plugin to function correctly.
-                        type: boolean
-                      network:
-                        description: If NodeCIDR cannot be set this can be used to
-                          detect an existing network.
-                        properties:
-                          description:
-                            type: string
-                          id:
-                            type: string
-                          name:
-                            type: string
-                          notTags:
-                            type: string
-                          notTagsAny:
-                            type: string
-                          projectId:
-                            type: string
-                          tags:
-                            type: string
-                          tagsAny:
-                            type: string
-                        type: object
-                      networkMtu:
-                        description: |-
-                          NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
-                          This value will be used only if the Cluster actuator creates the network.
-                          If leaved empty, the network will have the default MTU defined in Openstack network service.
-                          To use this field, the Openstack installation requires the net-mtu neutron API extension.
-                        type: integer
-                      nodeCidr:
-                        description: |-
-                          NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a
-                          network, a subnet with NodeCIDR, and a router connected to this subnet.
-                          If you leave this empty, no network will be created.
-                        type: string
-                      router:
-                        description: |-
-                          If NodeCIDR is set this option can be used to detect an existing router.
-                          If specified, no new router will be created.
-                        properties:
-                          description:
-                            type: string
-                          id:
-                            type: string
-                          name:
-                            type: string
-                          notTags:
-                            type: string
-                          notTagsAny:
-                            type: string
-                          projectId:
-                            type: string
-                          tags:
-                            type: string
-                          tagsAny:
-                            type: string
-                        type: object
-                      subnet:
-                        description: If NodeCIDR cannot be set this can be used to
-                          detect an existing subnet.
-                        properties:
-                          cidr:
-                            type: string
-                          description:
-                            type: string
-                          gateway_ip:
-                            type: string
-                          id:
-                            type: string
-                          ipVersion:
-                            type: integer
-                          ipv6AddressMode:
-                            type: string
-                          ipv6RaMode:
-                            type: string
-                          name:
-                            type: string
-                          notTags:
-                            type: string
-                          notTagsAny:
-                            type: string
-                          projectId:
-                            type: string
-                          tags:
-                            type: string
-                          tagsAny:
-                            type: string
-                        type: object
-                      tags:
-                        description: Tags for all resources in cluster
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                    type: object
-                required:
-                - spec
-                type: object
-            required:
-            - template
-            type: object
-        type: object
-    served: false
-    storage: false
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates
-          API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackClusterTemplateSpec defines the desired state of
-              OpenStackClusterTemplate.
-            properties:
-              template:
-                description: OpenStackClusterTemplateResource describes the data needed
-                  to create a OpenStackCluster from a template.
-                properties:
-                  spec:
-                    description: OpenStackClusterSpec defines the desired state of
-                      OpenStackCluster.
-                    properties:
-                      apiServerFixedIP:
-                        description: |-
-                          APIServerFixedIP is the fixed IP which will be associated with the API server.
-                          In the case where the API server has a floating IP but not a managed load balancer,
-                          this field is not used.
-                          If a managed load balancer is used and this field is not specified, a fixed IP will
-                          be dynamically allocated for the load balancer.
-                          If a managed load balancer is not used AND the API server floating IP is disabled,
-                          this field MUST be specified and should correspond to a pre-allocated port that
-                          holds the fixed IP to be used as a VIP.
-                        type: string
-                      apiServerFloatingIP:
-                        description: |-
-                          APIServerFloatingIP is the floatingIP which will be associated with the API server.
-                          The floatingIP will be created if it does not already exist.
-                          If not specified, a new floatingIP is allocated.
-                          This field is not used if DisableAPIServerFloatingIP is set to true.
-                        type: string
-                      apiServerLoadBalancer:
-                        description: |-
-                          APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
-                          If not specified, no load balancer will be created for the API server.
-                        properties:
-                          additionalPorts:
-                            description: AdditionalPorts adds additional tcp ports
-                              to the load balancer.
-                            items:
-                              type: integer
-                            type: array
-                            x-kubernetes-list-type: set
-                          allowedCIDRs:
-                            description: AllowedCIDRs restrict access to all API-Server
-                              listeners to the given address CIDRs.
-                            items:
-                              type: string
-                            type: array
-                            x-kubernetes-list-type: set
-                          availabilityZone:
-                            description: AvailabilityZone is the failure domain that
-                              will be used to create the APIServerLoadBalancer Spec.
-                            type: string
-                          enabled:
-                            default: true
-                            description: |-
-                              Enabled defines whether a load balancer should be created. This value
-                              defaults to true if an APIServerLoadBalancer is given.
-
-                              There is no reason to set this to false. To disable creation of the
-                              API server loadbalancer, omit the APIServerLoadBalancer field in the
-                              cluster spec instead.
-                            type: boolean
-                          flavor:
-                            description: Flavor is the flavor name that will be used
-                              to create the APIServerLoadBalancer Spec.
-                            type: string
-                          network:
-                            description: Network defines which network should the
-                              load balancer be allocated on.
-                            maxProperties: 1
-                            minProperties: 1
-                            properties:
-                              filter:
-                                description: Filter specifies a filter to select an
-                                  OpenStack network. If provided, cannot be empty.
-                                minProperties: 1
-                                properties:
-                                  description:
-                                    type: string
-                                  name:
-                                    type: string
-                                  notTags:
-                                    description: |-
-                                      NotTags is a list of tags to filter by. If specified, resources which
-                                      contain all of the given tags will be excluded from the result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                  notTagsAny:
-                                    description: |-
-                                      NotTagsAny is a list of tags to filter by. If specified, resources
-                                      which contain any of the given tags will be excluded from the result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                  projectID:
-                                    type: string
-                                  tags:
-                                    description: |-
-                                      Tags is a list of tags to filter by. If specified, the resource must
-                                      have all of the tags specified to be included in the result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                  tagsAny:
-                                    description: |-
-                                      TagsAny is a list of tags to filter by. If specified, the resource
-                                      must have at least one of the tags specified to be included in the
-                                      result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                type: object
-                              id:
-                                description: ID is the ID of the network to use. If
-                                  ID is provided, the other filters cannot be provided.
-                                  Must be in UUID format.
-                                format: uuid
-                                type: string
-                            type: object
-                          provider:
-                            description: |-
-                              Provider specifies name of a specific Octavia provider to use for the
-                              API load balancer. The Octavia default will be used if it is not
-                              specified.
-                            type: string
-                          subnets:
-                            description: |-
-                              Subnets define which subnets should the load balancer be allocated on.
-                              It is expected that subnets are located on the network specified in this resource.
-                              Only the first element is taken into account.
-                              kubebuilder:validation:MaxLength:=2
-                            items:
-                              description: SubnetParam specifies an OpenStack subnet
-                                to use. It may be specified by either ID or filter,
-                                but not both.
-                              maxProperties: 1
-                              minProperties: 1
-                              properties:
-                                filter:
-                                  description: Filter specifies a filter to select
-                                    the subnet. It must match exactly one subnet.
-                                  minProperties: 1
-                                  properties:
-                                    cidr:
-                                      type: string
-                                    description:
-                                      type: string
-                                    gatewayIP:
-                                      type: string
-                                    ipVersion:
-                                      type: integer
-                                    ipv6AddressMode:
-                                      type: string
-                                    ipv6RAMode:
-                                      type: string
-                                    name:
-                                      type: string
-                                    notTags:
-                                      description: |-
-                                        NotTags is a list of tags to filter by. If specified, resources which
-                                        contain all of the given tags will be excluded from the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    notTagsAny:
-                                      description: |-
-                                        NotTagsAny is a list of tags to filter by. If specified, resources
-                                        which contain any of the given tags will be excluded from the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    projectID:
-                                      type: string
-                                    tags:
-                                      description: |-
-                                        Tags is a list of tags to filter by. If specified, the resource must
-                                        have all of the tags specified to be included in the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    tagsAny:
-                                      description: |-
-                                        TagsAny is a list of tags to filter by. If specified, the resource
-                                        must have at least one of the tags specified to be included in the
-                                        result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                  type: object
-                                id:
-                                  description: ID is the uuid of the subnet. It will
-                                    not be validated.
-                                  format: uuid
-                                  type: string
-                              type: object
-                            type: array
-                            x-kubernetes-list-type: atomic
-                        required:
-                        - enabled
-                        type: object
-                      apiServerPort:
-                        description: |-
-                          APIServerPort is the port on which the listener on the APIServer
-                          will be created. If specified, it must be an integer between 0 and 65535.
-                        maximum: 65535
-                        minimum: 0
-                        type: integer
-                      bastion:
-                        description: |-
-                          Bastion is the OpenStack instance to login the nodes
-
-                          As a rolling update is not ideal during a bastion host session, we
-                          prevent changes to a running bastion configuration. To make changes, it's required
-                          to first set `enabled: false` which will remove the bastion and then changes can be made.
-                        properties:
-                          availabilityZone:
-                            description: AvailabilityZone is the failure domain that
-                              will be used to create the Bastion Spec.
-                            type: string
-                          enabled:
-                            default: true
-                            description: |-
-                              Enabled means that bastion is enabled. The bastion is enabled by
-                              default if this field is not specified. Set this field to false to disable the
-                              bastion.
-
-                              It is not currently possible to remove the bastion from the cluster
-                              spec without first disabling it by setting this field to false and
-                              waiting until the bastion has been deleted.
-                            type: boolean
-                          floatingIP:
-                            description: |-
-                              FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID.
-                              The floating IP should already exist and should not be associated with a port. If FIP of this address does not
-                              exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so.
-                            format: ipv4
-                            type: string
-                          spec:
-                            description: Spec for the bastion itself
-                            properties:
-                              additionalBlockDevices:
-                                description: AdditionalBlockDevices is a list of specifications
-                                  for additional block devices to attach to the server
-                                  instance
-                                items:
-                                  description: AdditionalBlockDevice is a block device
-                                    to attach to the server.
-                                  properties:
-                                    name:
-                                      description: |-
-                                        Name of the block device in the context of a machine.
-                                        If the block device is a volume, the Cinder volume will be named
-                                        as a combination of the machine name and this name.
-                                        Also, this name will be used for tagging the block device.
-                                        Information about the block device tag can be obtained from the OpenStack
-                                        metadata API or the config drive.
-                                        Name cannot be 'root', which is reserved for the root volume.
-                                      type: string
-                                    sizeGiB:
-                                      description: SizeGiB is the size of the block
-                                        device in gibibytes (GiB).
-                                      minimum: 1
-                                      type: integer
-                                    storage:
-                                      description: |-
-                                        Storage specifies the storage type of the block device and
-                                        additional storage options.
-                                      properties:
-                                        type:
-                                          description: |-
-                                            Type is the type of block device to create.
-                                            This can be either "Volume" or "Local".
-                                          type: string
-                                        volume:
-                                          description: Volume contains additional
-                                            storage options for a volume block device.
-                                          properties:
-                                            availabilityZone:
-                                              description: |-
-                                                AvailabilityZone is the volume availability zone to create the volume
-                                                in. If not specified, the volume will be created without an explicit
-                                                availability zone.
-                                              properties:
-                                                from:
-                                                  default: Name
-                                                  description: |-
-                                                    From specifies where we will obtain the availability zone for the
-                                                    volume. The options are "Name" and "Machine". If "Name" is specified
-                                                    then the Name field must also be specified. If "Machine" is specified
-                                                    the volume will use the value of FailureDomain, if any, from the
-                                                    associated Machine.
-                                                  enum:
-                                                  - Name
-                                                  - Machine
-                                                  type: string
-                                                name:
-                                                  description: |-
-                                                    Name is the name of a volume availability zone to use. It is required
-                                                    if From is "Name". The volume availability zone name may not contain
-                                                    spaces.
-                                                  minLength: 1
-                                                  pattern: ^[^ ]+$
-                                                  type: string
-                                              type: object
-                                              x-kubernetes-validations:
-                                              - message: name is required when from
-                                                  is 'Name' or default
-                                                rule: '!has(self.from) || self.from
-                                                  == ''Name'' ? has(self.name) : !has(self.name)'
-                                            type:
-                                              description: |-
-                                                Type is the Cinder volume type of the volume.
-                                                If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                                will be used.
-                                              type: string
-                                          type: object
-                                      required:
-                                      - type
-                                      type: object
-                                  required:
-                                  - name
-                                  - sizeGiB
-                                  - storage
-                                  type: object
-                                type: array
-                                x-kubernetes-list-map-keys:
-                                - name
-                                x-kubernetes-list-type: map
-                              configDrive:
-                                description: Config Drive support
-                                type: boolean
-                              flavor:
-                                description: The flavor reference for the flavor for
-                                  your server instance.
-                                minLength: 1
-                                type: string
-                              flavorID:
-                                description: |-
-                                  FlavorID allows flavors to be specified by ID.  This field takes precedence
-                                  over Flavor.
-                                minLength: 1
-                                type: string
-                              floatingIPPoolRef:
-                                description: |-
-                                  floatingIPPoolRef is a reference to a IPPool that will be assigned
-                                  to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
-                                  will be assigned to the OpenStackMachine.
-                                properties:
-                                  apiGroup:
-                                    description: |-
-                                      APIGroup is the group for the resource being referenced.
-                                      If APIGroup is not specified, the specified Kind must be in the core API group.
-                                      For any other third-party types, APIGroup is required.
-                                    type: string
-                                  kind:
-                                    description: Kind is the type of resource being
-                                      referenced
-                                    type: string
-                                  name:
-                                    description: Name is the name of resource being
-                                      referenced
-                                    type: string
-                                required:
-                                - kind
-                                - name
-                                type: object
-                                x-kubernetes-map-type: atomic
-                              identityRef:
-                                description: |-
-                                  IdentityRef is a reference to a secret holding OpenStack credentials
-                                  to be used when reconciling this machine. If not specified, the
-                                  credentials specified in the cluster will be used.
-                                properties:
-                                  cloudName:
-                                    description: CloudName specifies the name of the
-                                      entry in the clouds.yaml file to use.
-                                    type: string
-                                  name:
-                                    description: |-
-                                      Name is the name of a secret in the same namespace as the resource being provisioned.
-                                      The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
-                                      The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
-                                    type: string
-                                  region:
-                                    description: |-
-                                      Region specifies an OpenStack region to use. If specified, it overrides
-                                      any value in clouds.yaml. If specified for an OpenStackMachine, its
-                                      value will be included in providerID.
-                                    type: string
-                                required:
-                                - cloudName
-                                - name
-                                type: object
-                                x-kubernetes-validations:
-                                - message: region is immutable
-                                  rule: (!has(self.region) && !has(oldSelf.region))
-                                    || self.region == oldSelf.region
-                              image:
-                                description: |-
-                                  The image to use for your server instance.
-                                  If the rootVolume is specified, this will be used when creating the root volume.
-                                maxProperties: 1
-                                minProperties: 1
-                                properties:
-                                  filter:
-                                    description: |-
-                                      Filter describes a query for an image. If specified, the combination
-                                      of name and tags must return a single matching image or an error will
-                                      be raised.
-                                    minProperties: 1
-                                    properties:
-                                      name:
-                                        description: The name of the desired image.
-                                          If specified, the combination of name and
-                                          tags must return a single matching image
-                                          or an error will be raised.
-                                        type: string
-                                      tags:
-                                        description: The tags associated with the
-                                          desired image. If specified, the combination
-                                          of name and tags must return a single matching
-                                          image or an error will be raised.
-                                        items:
-                                          type: string
-                                        type: array
-                                        x-kubernetes-list-type: set
-                                    type: object
-                                  id:
-                                    description: ID is the uuid of the image. ID will
-                                      not be validated before use.
-                                    format: uuid
-                                    type: string
-                                  imageRef:
-                                    description: |-
-                                      ImageRef is a reference to an ORC Image in the same namespace as the
-                                      referring object.
-                                    properties:
-                                      name:
-                                        description: Name is the name of the referenced
-                                          resource
-                                        type: string
-                                    required:
-                                    - name
-                                    type: object
-                                type: object
-                              ports:
-                                description: |-
-                                  Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
-                                  If not specified a default port will be added for the default cluster network.
-                                items:
-                                  properties:
-                                    adminStateUp:
-                                      description: AdminStateUp specifies whether
-                                        the port should be created in the up (true)
-                                        or down (false) state. The default is up.
-                                      type: boolean
-                                    allowedAddressPairs:
-                                      description: |-
-                                        AllowedAddressPairs is a list of address pairs which Neutron will
-                                        allow the port to send traffic from in addition to the port's
-                                        addresses. If not specified, the MAC Address will be the MAC Address
-                                        of the port. Depending on the configuration of Neutron, it may be
-                                        supported to specify a CIDR instead of a specific IP address.
-                                      items:
-                                        properties:
-                                          ipAddress:
-                                            description: |-
-                                              IPAddress is the IP address of the allowed address pair. Depending on
-                                              the configuration of Neutron, it may be supported to specify a CIDR
-                                              instead of a specific IP address.
-                                            type: string
-                                          macAddress:
-                                            description: |-
-                                              MACAddress is the MAC address of the allowed address pair. If not
-                                              specified, the MAC address will be the MAC address of the port.
-                                            type: string
-                                        required:
-                                        - ipAddress
-                                        type: object
-                                      type: array
-                                    description:
-                                      description: Description is a human-readable
-                                        description for the port.
-                                      type: string
-                                    disablePortSecurity:
-                                      description: |-
-                                        DisablePortSecurity enables or disables the port security when set.
-                                        When not set, it takes the value of the corresponding field at the network level.
-                                      type: boolean
-                                    fixedIPs:
-                                      description: FixedIPs is a list of pairs of
-                                        subnet and/or IP address to assign to the
-                                        port. If specified, these must be subnets
-                                        of the port's network.
-                                      items:
-                                        properties:
-                                          ipAddress:
-                                            description: |-
-                                              IPAddress is a specific IP address to assign to the port. If Subnet
-                                              is also specified, IPAddress must be a valid IP address in the
-                                              subnet. If Subnet is not specified, IPAddress must be a valid IP
-                                              address in any subnet of the port's network.
-                                            type: string
-                                          subnet:
-                                            description: |-
-                                              Subnet is an openstack subnet query that will return the id of a subnet to create
-                                              the fixed IP of a port in. This query must not return more than one subnet.
-                                            maxProperties: 1
-                                            minProperties: 1
-                                            properties:
-                                              filter:
-                                                description: Filter specifies a filter
-                                                  to select the subnet. It must match
-                                                  exactly one subnet.
-                                                minProperties: 1
-                                                properties:
-                                                  cidr:
-                                                    type: string
-                                                  description:
-                                                    type: string
-                                                  gatewayIP:
-                                                    type: string
-                                                  ipVersion:
-                                                    type: integer
-                                                  ipv6AddressMode:
-                                                    type: string
-                                                  ipv6RAMode:
-                                                    type: string
-                                                  name:
-                                                    type: string
-                                                  notTags:
-                                                    description: |-
-                                                      NotTags is a list of tags to filter by. If specified, resources which
-                                                      contain all of the given tags will be excluded from the result.
-                                                    items:
-                                                      description: |-
-                                                        NeutronTag represents a tag on a Neutron resource.
-                                                        It may not be empty and may not contain commas.
-                                                      minLength: 1
-                                                      pattern: ^[^,]+$
-                                                      type: string
-                                                    type: array
-                                                    x-kubernetes-list-type: set
-                                                  notTagsAny:
-                                                    description: |-
-                                                      NotTagsAny is a list of tags to filter by. If specified, resources
-                                                      which contain any of the given tags will be excluded from the result.
-                                                    items:
-                                                      description: |-
-                                                        NeutronTag represents a tag on a Neutron resource.
-                                                        It may not be empty and may not contain commas.
-                                                      minLength: 1
-                                                      pattern: ^[^,]+$
-                                                      type: string
-                                                    type: array
-                                                    x-kubernetes-list-type: set
-                                                  projectID:
-                                                    type: string
-                                                  tags:
-                                                    description: |-
-                                                      Tags is a list of tags to filter by. If specified, the resource must
-                                                      have all of the tags specified to be included in the result.
-                                                    items:
-                                                      description: |-
-                                                        NeutronTag represents a tag on a Neutron resource.
-                                                        It may not be empty and may not contain commas.
-                                                      minLength: 1
-                                                      pattern: ^[^,]+$
-                                                      type: string
-                                                    type: array
-                                                    x-kubernetes-list-type: set
-                                                  tagsAny:
-                                                    description: |-
-                                                      TagsAny is a list of tags to filter by. If specified, the resource
-                                                      must have at least one of the tags specified to be included in the
-                                                      result.
-                                                    items:
-                                                      description: |-
-                                                        NeutronTag represents a tag on a Neutron resource.
-                                                        It may not be empty and may not contain commas.
-                                                      minLength: 1
-                                                      pattern: ^[^,]+$
-                                                      type: string
-                                                    type: array
-                                                    x-kubernetes-list-type: set
-                                                type: object
-                                              id:
-                                                description: ID is the uuid of the
-                                                  subnet. It will not be validated.
-                                                format: uuid
-                                                type: string
-                                            type: object
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-type: atomic
-                                    hostID:
-                                      description: HostID specifies the ID of the
-                                        host where the port resides.
-                                      type: string
-                                    macAddress:
-                                      description: MACAddress specifies the MAC address
-                                        of the port. If not specified, the MAC address
-                                        will be generated.
-                                      type: string
-                                    nameSuffix:
-                                      description: NameSuffix will be appended to
-                                        the name of the port if specified. If unspecified,
-                                        instead the 0-based index of the port in the
-                                        list is used.
-                                      type: string
-                                    network:
-                                      description: |-
-                                        Network is a query for an openstack network that the port will be created or discovered on.
-                                        This will fail if the query returns more than one network.
-                                      maxProperties: 1
-                                      minProperties: 1
-                                      properties:
-                                        filter:
-                                          description: Filter specifies a filter to
-                                            select an OpenStack network. If provided,
-                                            cannot be empty.
-                                          minProperties: 1
-                                          properties:
-                                            description:
-                                              type: string
-                                            name:
-                                              type: string
-                                            notTags:
-                                              description: |-
-                                                NotTags is a list of tags to filter by. If specified, resources which
-                                                contain all of the given tags will be excluded from the result.
-                                              items:
-                                                description: |-
-                                                  NeutronTag represents a tag on a Neutron resource.
-                                                  It may not be empty and may not contain commas.
-                                                minLength: 1
-                                                pattern: ^[^,]+$
-                                                type: string
-                                              type: array
-                                              x-kubernetes-list-type: set
-                                            notTagsAny:
-                                              description: |-
-                                                NotTagsAny is a list of tags to filter by. If specified, resources
-                                                which contain any of the given tags will be excluded from the result.
-                                              items:
-                                                description: |-
-                                                  NeutronTag represents a tag on a Neutron resource.
-                                                  It may not be empty and may not contain commas.
-                                                minLength: 1
-                                                pattern: ^[^,]+$
-                                                type: string
-                                              type: array
-                                              x-kubernetes-list-type: set
-                                            projectID:
-                                              type: string
-                                            tags:
-                                              description: |-
-                                                Tags is a list of tags to filter by. If specified, the resource must
-                                                have all of the tags specified to be included in the result.
-                                              items:
-                                                description: |-
-                                                  NeutronTag represents a tag on a Neutron resource.
-                                                  It may not be empty and may not contain commas.
-                                                minLength: 1
-                                                pattern: ^[^,]+$
-                                                type: string
-                                              type: array
-                                              x-kubernetes-list-type: set
-                                            tagsAny:
-                                              description: |-
-                                                TagsAny is a list of tags to filter by. If specified, the resource
-                                                must have at least one of the tags specified to be included in the
-                                                result.
-                                              items:
-                                                description: |-
-                                                  NeutronTag represents a tag on a Neutron resource.
-                                                  It may not be empty and may not contain commas.
-                                                minLength: 1
-                                                pattern: ^[^,]+$
-                                                type: string
-                                              type: array
-                                              x-kubernetes-list-type: set
-                                          type: object
-                                        id:
-                                          description: ID is the ID of the network
-                                            to use. If ID is provided, the other filters
-                                            cannot be provided. Must be in UUID format.
-                                          format: uuid
-                                          type: string
-                                      type: object
-                                    profile:
-                                      description: |-
-                                        Profile is a set of key-value pairs that are used for binding
-                                        details. We intentionally don't expose this as a map[string]string
-                                        because we only want to enable the users to set the values of the
-                                        keys that are known to work in OpenStack Networking API.  See
-                                        https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                                        To set profiles, your tenant needs permissions rule:create_port, and
-                                        rule:create_port:binding:profile
-                                      properties:
-                                        ovsHWOffload:
-                                          description: |-
-                                            OVSHWOffload enables or disables the OVS hardware offload feature.
-                                            This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
-                                            See: https://bugs.launchpad.net/nova/+bug/2020813
-                                          type: boolean
-                                        trustedVF:
-                                          description: TrustedVF enables or disables
-                                            the “trusted mode” for the VF.
-                                          type: boolean
-                                      type: object
-                                    propagateUplinkStatus:
-                                      description: PropageteUplinkStatus enables or
-                                        disables the propagate uplink status on the
-                                        port.
-                                      type: boolean
-                                    securityGroups:
-                                      description: SecurityGroups is a list of the
-                                        names, uuids, filters or any combination these
-                                        of the security groups to assign to the instance.
-                                      items:
-                                        description: SecurityGroupParam specifies
-                                          an OpenStack security group. It may be specified
-                                          by ID or filter, but not both.
-                                        maxProperties: 1
-                                        minProperties: 1
-                                        properties:
-                                          filter:
-                                            description: Filter specifies a query
-                                              to select an OpenStack security group.
-                                              If provided, cannot be empty.
-                                            minProperties: 1
-                                            properties:
-                                              description:
-                                                type: string
-                                              name:
-                                                type: string
-                                              notTags:
-                                                description: |-
-                                                  NotTags is a list of tags to filter by. If specified, resources which
-                                                  contain all of the given tags will be excluded from the result.
-                                                items:
-                                                  description: |-
-                                                    NeutronTag represents a tag on a Neutron resource.
-                                                    It may not be empty and may not contain commas.
-                                                  minLength: 1
-                                                  pattern: ^[^,]+$
-                                                  type: string
-                                                type: array
-                                                x-kubernetes-list-type: set
-                                              notTagsAny:
-                                                description: |-
-                                                  NotTagsAny is a list of tags to filter by. If specified, resources
-                                                  which contain any of the given tags will be excluded from the result.
-                                                items:
-                                                  description: |-
-                                                    NeutronTag represents a tag on a Neutron resource.
-                                                    It may not be empty and may not contain commas.
-                                                  minLength: 1
-                                                  pattern: ^[^,]+$
-                                                  type: string
-                                                type: array
-                                                x-kubernetes-list-type: set
-                                              projectID:
-                                                type: string
-                                              tags:
-                                                description: |-
-                                                  Tags is a list of tags to filter by. If specified, the resource must
-                                                  have all of the tags specified to be included in the result.
-                                                items:
-                                                  description: |-
-                                                    NeutronTag represents a tag on a Neutron resource.
-                                                    It may not be empty and may not contain commas.
-                                                  minLength: 1
-                                                  pattern: ^[^,]+$
-                                                  type: string
-                                                type: array
-                                                x-kubernetes-list-type: set
-                                              tagsAny:
-                                                description: |-
-                                                  TagsAny is a list of tags to filter by. If specified, the resource
-                                                  must have at least one of the tags specified to be included in the
-                                                  result.
-                                                items:
-                                                  description: |-
-                                                    NeutronTag represents a tag on a Neutron resource.
-                                                    It may not be empty and may not contain commas.
-                                                  minLength: 1
-                                                  pattern: ^[^,]+$
-                                                  type: string
-                                                type: array
-                                                x-kubernetes-list-type: set
-                                            type: object
-                                          id:
-                                            description: ID is the ID of the security
-                                              group to use. If ID is provided, the
-                                              other filters cannot be provided. Must
-                                              be in UUID format.
-                                            format: uuid
-                                            type: string
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-type: atomic
-                                    tags:
-                                      description: |-
-                                        Tags applied to the port (and corresponding trunk, if a trunk is configured.)
-                                        These tags are applied in addition to the instance's tags, which will also be applied to the port.
-                                      items:
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    trunk:
-                                      description: |-
-                                        Trunk specifies whether trunking is enabled at the port level. If not
-                                        provided the value is inherited from the machine, or false for a
-                                        bastion host.
-                                      type: boolean
-                                    valueSpecs:
-                                      description: |-
-                                        Value specs are extra parameters to include in the API request with OpenStack.
-                                        This is an extension point for the API, so what they do and if they are supported,
-                                        depends on the specific OpenStack implementation.
-                                      items:
-                                        description: ValueSpec represents a single
-                                          value_spec key-value pair.
-                                        properties:
-                                          key:
-                                            description: Key is the key in the key-value
-                                              pair.
-                                            type: string
-                                          name:
-                                            description: |-
-                                              Name is the name of the key-value pair.
-                                              This is just for identifying the pair and will not be sent to the OpenStack API.
-                                            type: string
-                                          value:
-                                            description: Value is the value in the
-                                              key-value pair.
-                                            type: string
-                                        required:
-                                        - key
-                                        - name
-                                        - value
-                                        type: object
-                                      type: array
-                                      x-kubernetes-list-map-keys:
-                                      - name
-                                      x-kubernetes-list-type: map
-                                    vnicType:
-                                      description: |-
-                                        VNICType specifies the type of vNIC which this port should be
-                                        attached to. This is used to determine which mechanism driver(s) to
-                                        be used to bind the port. The valid values are normal, macvtap,
-                                        direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
-                                        remote-managed, although these values will not be validated in this
-                                        API to ensure compatibility with future neutron changes or custom
-                                        implementations. What type of vNIC is actually available depends on
-                                        deployments. If not specified, the Neutron default value is used.
-                                      type: string
-                                  type: object
-                                type: array
-                              providerID:
-                                description: ProviderID is the unique identifier as
-                                  specified by the cloud provider.
-                                type: string
-                              rootVolume:
-                                description: The volume metadata to boot from
-                                properties:
-                                  availabilityZone:
-                                    description: |-
-                                      AvailabilityZone is the volume availability zone to create the volume
-                                      in. If not specified, the volume will be created without an explicit
-                                      availability zone.
-                                    properties:
-                                      from:
-                                        default: Name
-                                        description: |-
-                                          From specifies where we will obtain the availability zone for the
-                                          volume. The options are "Name" and "Machine". If "Name" is specified
-                                          then the Name field must also be specified. If "Machine" is specified
-                                          the volume will use the value of FailureDomain, if any, from the
-                                          associated Machine.
-                                        enum:
-                                        - Name
-                                        - Machine
-                                        type: string
-                                      name:
-                                        description: |-
-                                          Name is the name of a volume availability zone to use. It is required
-                                          if From is "Name". The volume availability zone name may not contain
-                                          spaces.
-                                        minLength: 1
-                                        pattern: ^[^ ]+$
-                                        type: string
-                                    type: object
-                                    x-kubernetes-validations:
-                                    - message: name is required when from is 'Name'
-                                        or default
-                                      rule: '!has(self.from) || self.from == ''Name''
-                                        ? has(self.name) : !has(self.name)'
-                                  sizeGiB:
-                                    description: SizeGiB is the size of the block
-                                      device in gibibytes (GiB).
-                                    minimum: 1
-                                    type: integer
-                                  type:
-                                    description: |-
-                                      Type is the Cinder volume type of the volume.
-                                      If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                      will be used.
-                                    type: string
-                                required:
-                                - sizeGiB
-                                type: object
-                              schedulerHintAdditionalProperties:
-                                description: |-
-                                  SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
-                                  to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
-                                  such as specifying certain host aggregates or availability zones.
-                                items:
-                                  description: |-
-                                    SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
-                                    It includes a Name to identify the property and a Value that can be of various types.
-                                  properties:
-                                    name:
-                                      description: |-
-                                        Name is the name of the scheduler hint property.
-                                        It is a unique identifier for the property.
-                                      minLength: 1
-                                      type: string
-                                    value:
-                                      description: |-
-                                        Value is the value of the scheduler hint property, which can be of various types
-                                        (e.g., bool, string, int). The type is indicated by the Value.Type field.
-                                      properties:
-                                        bool:
-                                          description: |-
-                                            Bool is the boolean value of the scheduler hint, used when Type is "Bool".
-                                            This field is required if type is 'Bool', and must not be set otherwise.
-                                          type: boolean
-                                        number:
-                                          description: |-
-                                            Number is the integer value of the scheduler hint, used when Type is "Number".
-                                            This field is required if type is 'Number', and must not be set otherwise.
-                                          type: integer
-                                        string:
-                                          description: |-
-                                            String is the string value of the scheduler hint, used when Type is "String".
-                                            This field is required if type is 'String', and must not be set otherwise.
-                                          maxLength: 255
-                                          minLength: 1
-                                          type: string
-                                        type:
-                                          description: |-
-                                            Type represents the type of the value.
-                                            Valid values are Bool, String, and Number.
-                                          enum:
-                                          - Bool
-                                          - String
-                                          - Number
-                                          type: string
-                                      required:
-                                      - type
-                                      type: object
-                                      x-kubernetes-validations:
-                                      - message: bool is required when type is Bool,
-                                          and forbidden otherwise
-                                        rule: 'has(self.type) && self.type == ''Bool''
-                                          ? has(self.bool) : !has(self.bool)'
-                                      - message: number is required when type is Number,
-                                          and forbidden otherwise
-                                        rule: 'has(self.type) && self.type == ''Number''
-                                          ? has(self.number) : !has(self.number)'
-                                      - message: string is required when type is String,
-                                          and forbidden otherwise
-                                        rule: 'has(self.type) && self.type == ''String''
-                                          ? has(self.string) : !has(self.string)'
-                                  required:
-                                  - name
-                                  - value
-                                  type: object
-                                type: array
-                                x-kubernetes-list-map-keys:
-                                - name
-                                x-kubernetes-list-type: map
-                              securityGroups:
-                                description: The names of the security groups to assign
-                                  to the instance
-                                items:
-                                  description: SecurityGroupParam specifies an OpenStack
-                                    security group. It may be specified by ID or filter,
-                                    but not both.
-                                  maxProperties: 1
-                                  minProperties: 1
-                                  properties:
-                                    filter:
-                                      description: Filter specifies a query to select
-                                        an OpenStack security group. If provided,
-                                        cannot be empty.
-                                      minProperties: 1
-                                      properties:
-                                        description:
-                                          type: string
-                                        name:
-                                          type: string
-                                        notTags:
-                                          description: |-
-                                            NotTags is a list of tags to filter by. If specified, resources which
-                                            contain all of the given tags will be excluded from the result.
-                                          items:
-                                            description: |-
-                                              NeutronTag represents a tag on a Neutron resource.
-                                              It may not be empty and may not contain commas.
-                                            minLength: 1
-                                            pattern: ^[^,]+$
-                                            type: string
-                                          type: array
-                                          x-kubernetes-list-type: set
-                                        notTagsAny:
-                                          description: |-
-                                            NotTagsAny is a list of tags to filter by. If specified, resources
-                                            which contain any of the given tags will be excluded from the result.
-                                          items:
-                                            description: |-
-                                              NeutronTag represents a tag on a Neutron resource.
-                                              It may not be empty and may not contain commas.
-                                            minLength: 1
-                                            pattern: ^[^,]+$
-                                            type: string
-                                          type: array
-                                          x-kubernetes-list-type: set
-                                        projectID:
-                                          type: string
-                                        tags:
-                                          description: |-
-                                            Tags is a list of tags to filter by. If specified, the resource must
-                                            have all of the tags specified to be included in the result.
-                                          items:
-                                            description: |-
-                                              NeutronTag represents a tag on a Neutron resource.
-                                              It may not be empty and may not contain commas.
-                                            minLength: 1
-                                            pattern: ^[^,]+$
-                                            type: string
-                                          type: array
-                                          x-kubernetes-list-type: set
-                                        tagsAny:
-                                          description: |-
-                                            TagsAny is a list of tags to filter by. If specified, the resource
-                                            must have at least one of the tags specified to be included in the
-                                            result.
-                                          items:
-                                            description: |-
-                                              NeutronTag represents a tag on a Neutron resource.
-                                              It may not be empty and may not contain commas.
-                                            minLength: 1
-                                            pattern: ^[^,]+$
-                                            type: string
-                                          type: array
-                                          x-kubernetes-list-type: set
-                                      type: object
-                                    id:
-                                      description: ID is the ID of the security group
-                                        to use. If ID is provided, the other filters
-                                        cannot be provided. Must be in UUID format.
-                                      format: uuid
-                                      type: string
-                                  type: object
-                                type: array
-                              serverGroup:
-                                description: The server group to assign the machine
-                                  to.
-                                maxProperties: 1
-                                minProperties: 1
-                                properties:
-                                  filter:
-                                    description: Filter specifies a query to select
-                                      an OpenStack server group. If provided, it cannot
-                                      be empty.
-                                    minProperties: 1
-                                    properties:
-                                      name:
-                                        description: Name is the name of a server
-                                          group to look for.
-                                        type: string
-                                    type: object
-                                  id:
-                                    description: ID is the ID of the server group
-                                      to use.
-                                    format: uuid
-                                    type: string
-                                type: object
-                              serverMetadata:
-                                description: Metadata mapping. Allows you to create
-                                  a map of key value pairs to add to the server instance.
-                                items:
-                                  properties:
-                                    key:
-                                      description: Key is the server metadata key
-                                      maxLength: 255
-                                      type: string
-                                    value:
-                                      description: Value is the server metadata value
-                                      maxLength: 255
-                                      type: string
-                                  required:
-                                  - key
-                                  - value
-                                  type: object
-                                type: array
-                                x-kubernetes-list-map-keys:
-                                - key
-                                x-kubernetes-list-type: map
-                              sshKeyName:
-                                description: The ssh key to inject in the instance
-                                type: string
-                              tags:
-                                description: |-
-                                  Tags which will be added to the machine and all dependent resources
-                                  which support them. These are in addition to Tags defined on the
-                                  cluster.
-                                  Requires Nova api 2.52 minimum!
-                                items:
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              trunk:
-                                description: Whether the server instance is created
-                                  on a trunk port or not.
-                                type: boolean
-                            required:
-                            - image
-                            type: object
-                            x-kubernetes-validations:
-                            - message: at least one of flavor or flavorID must be
-                                set
-                              rule: (has(self.flavor) || has(self.flavorID))
-                        type: object
-                        x-kubernetes-validations:
-                        - message: spec is required if bastion is enabled
-                          rule: '!self.enabled || has(self.spec)'
-                      controlPlaneAvailabilityZones:
-                        description: |-
-                          ControlPlaneAvailabilityZones is the set of availability zones which
-                          control plane machines may be deployed to.
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      controlPlaneEndpoint:
-                        description: |-
-                          ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
-                          It is normally populated automatically by the OpenStackCluster
-                          controller during cluster provisioning. If it is set on creation the
-                          control plane endpoint will use the values set here in preference to
-                          values set elsewhere.
-                          ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set.
-                        properties:
-                          host:
-                            description: The hostname on which the API server is serving.
-                            type: string
-                          port:
-                            description: The port on which the API server is serving.
-                            format: int32
-                            type: integer
-                        required:
-                        - host
-                        - port
-                        type: object
-                      controlPlaneOmitAvailabilityZone:
-                        description: |-
-                          ControlPlaneOmitAvailabilityZone causes availability zone to be
-                          omitted when creating control plane nodes, allowing the Nova
-                          scheduler to make a decision on which availability zone to use based
-                          on other scheduling constraints
-                        type: boolean
-                      disableAPIServerFloatingIP:
-                        description: |-
-                          DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
-                          IP to the API server. This allows for the creation of clusters when attaching a floating
-                          IP to the API server (and hence, in many cases, exposing the API server to the internet)
-                          is not possible or desirable, e.g. if using a shared VLAN for communication between
-                          management and workload clusters or when the management cluster is inside the
-                          project network.
-                          This option requires that the API server use a VIP on the cluster network so that the
-                          underlying machines can change without changing ControlPlaneEndpoint.Host.
-                          When using a managed load balancer, this VIP will be managed automatically.
-                          If not using a managed load balancer, cluster configuration will fail without additional
-                          configuration to manage the VIP on the control plane machines, which falls outside of
-                          the scope of this controller.
-                        type: boolean
-                      disableExternalNetwork:
-                        description: |-
-                          DisableExternalNetwork specifies whether or not to attempt to connect the cluster
-                          to an external network. This allows for the creation of clusters when connecting
-                          to an external network is not possible or desirable, e.g. if using a provider network.
-                        type: boolean
-                      disablePortSecurity:
-                        description: |-
-                          DisablePortSecurity disables the port security of the network created for the
-                          Kubernetes cluster, which also disables SecurityGroups
-                        type: boolean
-                      externalNetwork:
-                        description: |-
-                          ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs.
-                          This option is ignored if DisableExternalNetwork is set to true.
-
-                          If ExternalNetwork is defined it must refer to exactly one external network.
-
-                          If ExternalNetwork is not defined or is empty the controller will use any
-                          existing external network as long as there is only one. It is an
-                          error if ExternalNetwork is not defined and there are multiple
-                          external networks unless DisableExternalNetwork is also set.
-
-                          If ExternalNetwork is not defined and there are no external networks
-                          the controller will proceed as though DisableExternalNetwork was set.
-                        maxProperties: 1
-                        minProperties: 1
-                        properties:
-                          filter:
-                            description: Filter specifies a filter to select an OpenStack
-                              network. If provided, cannot be empty.
-                            minProperties: 1
-                            properties:
-                              description:
-                                type: string
-                              name:
-                                type: string
-                              notTags:
-                                description: |-
-                                  NotTags is a list of tags to filter by. If specified, resources which
-                                  contain all of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              notTagsAny:
-                                description: |-
-                                  NotTagsAny is a list of tags to filter by. If specified, resources
-                                  which contain any of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              projectID:
-                                type: string
-                              tags:
-                                description: |-
-                                  Tags is a list of tags to filter by. If specified, the resource must
-                                  have all of the tags specified to be included in the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              tagsAny:
-                                description: |-
-                                  TagsAny is a list of tags to filter by. If specified, the resource
-                                  must have at least one of the tags specified to be included in the
-                                  result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                            type: object
-                          id:
-                            description: ID is the ID of the network to use. If ID
-                              is provided, the other filters cannot be provided. Must
-                              be in UUID format.
-                            format: uuid
-                            type: string
-                        type: object
-                      externalRouterIPs:
-                        description: |-
-                          ExternalRouterIPs is an array of externalIPs on the respective subnets.
-                          This is necessary if the router needs a fixed ip in a specific subnet.
-                        items:
-                          properties:
-                            fixedIP:
-                              description: The FixedIP in the corresponding subnet
-                              type: string
-                            subnet:
-                              description: The subnet in which the FixedIP is used
-                                for the Gateway of this router
-                              maxProperties: 1
-                              minProperties: 1
-                              properties:
-                                filter:
-                                  description: Filter specifies a filter to select
-                                    the subnet. It must match exactly one subnet.
-                                  minProperties: 1
-                                  properties:
-                                    cidr:
-                                      type: string
-                                    description:
-                                      type: string
-                                    gatewayIP:
-                                      type: string
-                                    ipVersion:
-                                      type: integer
-                                    ipv6AddressMode:
-                                      type: string
-                                    ipv6RAMode:
-                                      type: string
-                                    name:
-                                      type: string
-                                    notTags:
-                                      description: |-
-                                        NotTags is a list of tags to filter by. If specified, resources which
-                                        contain all of the given tags will be excluded from the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    notTagsAny:
-                                      description: |-
-                                        NotTagsAny is a list of tags to filter by. If specified, resources
-                                        which contain any of the given tags will be excluded from the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    projectID:
-                                      type: string
-                                    tags:
-                                      description: |-
-                                        Tags is a list of tags to filter by. If specified, the resource must
-                                        have all of the tags specified to be included in the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    tagsAny:
-                                      description: |-
-                                        TagsAny is a list of tags to filter by. If specified, the resource
-                                        must have at least one of the tags specified to be included in the
-                                        result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                  type: object
-                                id:
-                                  description: ID is the uuid of the subnet. It will
-                                    not be validated.
-                                  format: uuid
-                                  type: string
-                              type: object
-                          required:
-                          - subnet
-                          type: object
-                        type: array
-                        x-kubernetes-list-type: atomic
-                      identityRef:
-                        description: |-
-                          IdentityRef is a reference to a secret holding OpenStack credentials
-                          to be used when reconciling this cluster. It is also to reconcile
-                          machines unless overridden in the machine spec.
-                        properties:
-                          cloudName:
-                            description: CloudName specifies the name of the entry
-                              in the clouds.yaml file to use.
-                            type: string
-                          name:
-                            description: |-
-                              Name is the name of a secret in the same namespace as the resource being provisioned.
-                              The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
-                              The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
-                            type: string
-                          region:
-                            description: |-
-                              Region specifies an OpenStack region to use. If specified, it overrides
-                              any value in clouds.yaml. If specified for an OpenStackMachine, its
-                              value will be included in providerID.
-                            type: string
-                        required:
-                        - cloudName
-                        - name
-                        type: object
-                        x-kubernetes-validations:
-                        - message: region is immutable
-                          rule: (!has(self.region) && !has(oldSelf.region)) || self.region
-                            == oldSelf.region
-                      managedSecurityGroups:
-                        description: |-
-                          ManagedSecurityGroups determines whether OpenStack security groups for the cluster
-                          will be managed by the OpenStack provider or whether pre-existing security groups will
-                          be specified as part of the configuration.
-                          By default, the managed security groups have rules that allow the Kubelet, etcd, and the
-                          Kubernetes API server to function correctly.
-                          It's possible to add additional rules to the managed security groups.
-                          When defined to an empty struct, the managed security groups will be created with the default rules.
-                        properties:
-                          allNodesSecurityGroupRules:
-                            description: allNodesSecurityGroupRules defines the rules
-                              that should be applied to all nodes.
-                            items:
-                              description: |-
-                                SecurityGroupRuleSpec represent the basic information of the associated OpenStack
-                                Security Group Role.
-                                For now this is only used for the allNodesSecurityGroupRules but when we add
-                                other security groups, we'll need to add a validation because
-                                Remote* fields are mutually exclusive.
-                              properties:
-                                description:
-                                  description: description of the security group rule.
-                                  type: string
-                                direction:
-                                  description: |-
-                                    direction in which the security group rule is applied. The only values
-                                    allowed are "ingress" or "egress". For a compute instance, an ingress
-                                    security group rule is applied to incoming (ingress) traffic for that
-                                    instance. An egress rule is applied to traffic leaving the instance.
-                                  type: string
-                                etherType:
-                                  description: |-
-                                    etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
-                                    ingress or egress rules.
-                                  type: string
-                                name:
-                                  description: |-
-                                    name of the security group rule.
-                                    It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
-                                  type: string
-                                portRangeMax:
-                                  description: |-
-                                    portRangeMax is a number in the range that is matched by the security group
-                                    rule. The portRangeMin attribute constrains the portRangeMax attribute.
-                                  type: integer
-                                portRangeMin:
-                                  description: |-
-                                    portRangeMin is a number in the range that is matched by the security group
-                                    rule. If the protocol is TCP or UDP, this value must be less than or equal
-                                    to the value of the portRangeMax attribute.
-                                  type: integer
-                                protocol:
-                                  description: protocol is the protocol that is matched
-                                    by the security group rule.
-                                  type: string
-                                remoteGroupID:
-                                  description: |-
-                                    remoteGroupID is the remote group ID to be associated with this security group rule.
-                                    You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                                  type: string
-                                remoteIPPrefix:
-                                  description: |-
-                                    remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
-                                    You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                                  type: string
-                                remoteManagedGroups:
-                                  description: |-
-                                    remoteManagedGroups is the remote managed groups to be associated with this security group rule.
-                                    You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                                  items:
-                                    enum:
-                                    - bastion
-                                    - controlplane
-                                    - worker
-                                    type: string
-                                  type: array
-                              required:
-                              - direction
-                              - name
-                              type: object
-                            type: array
-                            x-kubernetes-list-map-keys:
-                            - name
-                            x-kubernetes-list-type: map
-                          allowAllInClusterTraffic:
-                            default: false
-                            description: AllowAllInClusterTraffic allows all ingress
-                              and egress traffic between cluster nodes when set to
-                              true.
-                            type: boolean
-                          controlPlaneNodesSecurityGroupRules:
-                            description: controlPlaneNodesSecurityGroupRules defines
-                              the rules that should be applied to control plane nodes.
-                            items:
-                              description: |-
-                                SecurityGroupRuleSpec represent the basic information of the associated OpenStack
-                                Security Group Role.
-                                For now this is only used for the allNodesSecurityGroupRules but when we add
-                                other security groups, we'll need to add a validation because
-                                Remote* fields are mutually exclusive.
-                              properties:
-                                description:
-                                  description: description of the security group rule.
-                                  type: string
-                                direction:
-                                  description: |-
-                                    direction in which the security group rule is applied. The only values
-                                    allowed are "ingress" or "egress". For a compute instance, an ingress
-                                    security group rule is applied to incoming (ingress) traffic for that
-                                    instance. An egress rule is applied to traffic leaving the instance.
-                                  type: string
-                                etherType:
-                                  description: |-
-                                    etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
-                                    ingress or egress rules.
-                                  type: string
-                                name:
-                                  description: |-
-                                    name of the security group rule.
-                                    It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
-                                  type: string
-                                portRangeMax:
-                                  description: |-
-                                    portRangeMax is a number in the range that is matched by the security group
-                                    rule. The portRangeMin attribute constrains the portRangeMax attribute.
-                                  type: integer
-                                portRangeMin:
-                                  description: |-
-                                    portRangeMin is a number in the range that is matched by the security group
-                                    rule. If the protocol is TCP or UDP, this value must be less than or equal
-                                    to the value of the portRangeMax attribute.
-                                  type: integer
-                                protocol:
-                                  description: protocol is the protocol that is matched
-                                    by the security group rule.
-                                  type: string
-                                remoteGroupID:
-                                  description: |-
-                                    remoteGroupID is the remote group ID to be associated with this security group rule.
-                                    You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                                  type: string
-                                remoteIPPrefix:
-                                  description: |-
-                                    remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
-                                    You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                                  type: string
-                                remoteManagedGroups:
-                                  description: |-
-                                    remoteManagedGroups is the remote managed groups to be associated with this security group rule.
-                                    You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                                  items:
-                                    enum:
-                                    - bastion
-                                    - controlplane
-                                    - worker
-                                    type: string
-                                  type: array
-                              required:
-                              - direction
-                              - name
-                              type: object
-                            type: array
-                            x-kubernetes-list-map-keys:
-                            - name
-                            x-kubernetes-list-type: map
-                          workerNodesSecurityGroupRules:
-                            description: workerNodesSecurityGroupRules defines the
-                              rules that should be applied to worker nodes.
-                            items:
-                              description: |-
-                                SecurityGroupRuleSpec represent the basic information of the associated OpenStack
-                                Security Group Role.
-                                For now this is only used for the allNodesSecurityGroupRules but when we add
-                                other security groups, we'll need to add a validation because
-                                Remote* fields are mutually exclusive.
-                              properties:
-                                description:
-                                  description: description of the security group rule.
-                                  type: string
-                                direction:
-                                  description: |-
-                                    direction in which the security group rule is applied. The only values
-                                    allowed are "ingress" or "egress". For a compute instance, an ingress
-                                    security group rule is applied to incoming (ingress) traffic for that
-                                    instance. An egress rule is applied to traffic leaving the instance.
-                                  type: string
-                                etherType:
-                                  description: |-
-                                    etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
-                                    ingress or egress rules.
-                                  type: string
-                                name:
-                                  description: |-
-                                    name of the security group rule.
-                                    It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
-                                  type: string
-                                portRangeMax:
-                                  description: |-
-                                    portRangeMax is a number in the range that is matched by the security group
-                                    rule. The portRangeMin attribute constrains the portRangeMax attribute.
-                                  type: integer
-                                portRangeMin:
-                                  description: |-
-                                    portRangeMin is a number in the range that is matched by the security group
-                                    rule. If the protocol is TCP or UDP, this value must be less than or equal
-                                    to the value of the portRangeMax attribute.
-                                  type: integer
-                                protocol:
-                                  description: protocol is the protocol that is matched
-                                    by the security group rule.
-                                  type: string
-                                remoteGroupID:
-                                  description: |-
-                                    remoteGroupID is the remote group ID to be associated with this security group rule.
-                                    You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                                  type: string
-                                remoteIPPrefix:
-                                  description: |-
-                                    remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
-                                    You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                                  type: string
-                                remoteManagedGroups:
-                                  description: |-
-                                    remoteManagedGroups is the remote managed groups to be associated with this security group rule.
-                                    You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-                                  items:
-                                    enum:
-                                    - bastion
-                                    - controlplane
-                                    - worker
-                                    type: string
-                                  type: array
-                              required:
-                              - direction
-                              - name
-                              type: object
-                            type: array
-                            x-kubernetes-list-map-keys:
-                            - name
-                            x-kubernetes-list-type: map
-                        required:
-                        - allowAllInClusterTraffic
-                        type: object
-                      managedSubnets:
-                        description: |-
-                          ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network,
-                          subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4
-                          subnet is supported. If you leave this empty, no network will be created.
-                        items:
-                          properties:
-                            allocationPools:
-                              description: |-
-                                AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created.
-                                If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from
-                                outside of these ranges manually.
-                              items:
-                                properties:
-                                  end:
-                                    description: End represents the end of the AlloctionPool,
-                                      that is the highest IP of the pool.
-                                    type: string
-                                  start:
-                                    description: Start represents the start of the
-                                      AllocationPool, that is the lowest IP of the
-                                      pool.
-                                    type: string
-                                required:
-                                - end
-                                - start
-                                type: object
-                              type: array
-                            cidr:
-                              description: |-
-                                CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24.
-                                This field is required when defining a subnet.
-                              type: string
-                            dnsNameservers:
-                              description: |-
-                                DNSNameservers holds a list of DNS server addresses that will be provided when creating
-                                the subnet. These addresses need to have the same IP version as CIDR.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - cidr
-                          type: object
-                        maxItems: 1
-                        type: array
-                        x-kubernetes-list-type: atomic
-                      network:
-                        description: |-
-                          Network specifies an existing network to use if no ManagedSubnets
-                          are specified.
-                        maxProperties: 1
-                        minProperties: 1
-                        properties:
-                          filter:
-                            description: Filter specifies a filter to select an OpenStack
-                              network. If provided, cannot be empty.
-                            minProperties: 1
-                            properties:
-                              description:
-                                type: string
-                              name:
-                                type: string
-                              notTags:
-                                description: |-
-                                  NotTags is a list of tags to filter by. If specified, resources which
-                                  contain all of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              notTagsAny:
-                                description: |-
-                                  NotTagsAny is a list of tags to filter by. If specified, resources
-                                  which contain any of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              projectID:
-                                type: string
-                              tags:
-                                description: |-
-                                  Tags is a list of tags to filter by. If specified, the resource must
-                                  have all of the tags specified to be included in the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              tagsAny:
-                                description: |-
-                                  TagsAny is a list of tags to filter by. If specified, the resource
-                                  must have at least one of the tags specified to be included in the
-                                  result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                            type: object
-                          id:
-                            description: ID is the ID of the network to use. If ID
-                              is provided, the other filters cannot be provided. Must
-                              be in UUID format.
-                            format: uuid
-                            type: string
-                        type: object
-                      networkMTU:
-                        description: |-
-                          NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
-                          This value will be used only if the Cluster actuator creates the network.
-                          If left empty, the network will have the default MTU defined in Openstack network service.
-                          To use this field, the Openstack installation requires the net-mtu neutron API extension.
-                        type: integer
-                      router:
-                        description: |-
-                          Router specifies an existing router to be used if ManagedSubnets are
-                          specified. If specified, no new router will be created.
-                        maxProperties: 1
-                        minProperties: 1
-                        properties:
-                          filter:
-                            description: Filter specifies a filter to select an OpenStack
-                              router. If provided, cannot be empty.
-                            minProperties: 1
-                            properties:
-                              description:
-                                type: string
-                              name:
-                                type: string
-                              notTags:
-                                description: |-
-                                  NotTags is a list of tags to filter by. If specified, resources which
-                                  contain all of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              notTagsAny:
-                                description: |-
-                                  NotTagsAny is a list of tags to filter by. If specified, resources
-                                  which contain any of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              projectID:
-                                type: string
-                              tags:
-                                description: |-
-                                  Tags is a list of tags to filter by. If specified, the resource must
-                                  have all of the tags specified to be included in the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              tagsAny:
-                                description: |-
-                                  TagsAny is a list of tags to filter by. If specified, the resource
-                                  must have at least one of the tags specified to be included in the
-                                  result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                            type: object
-                          id:
-                            description: ID is the ID of the router to use. If ID
-                              is provided, the other filters cannot be provided. Must
-                              be in UUID format.
-                            format: uuid
-                            type: string
-                        type: object
-                      subnets:
-                        description: |-
-                          Subnets specifies existing subnets to use if not ManagedSubnets are
-                          specified. All subnets must be in the network specified by Network.
-                          There can be zero, one, or two subnets. If no subnets are specified,
-                          all subnets in Network will be used. If 2 subnets are specified, one
-                          must be IPv4 and the other IPv6.
-                        items:
-                          description: SubnetParam specifies an OpenStack subnet to
-                            use. It may be specified by either ID or filter, but not
-                            both.
-                          maxProperties: 1
-                          minProperties: 1
-                          properties:
-                            filter:
-                              description: Filter specifies a filter to select the
-                                subnet. It must match exactly one subnet.
-                              minProperties: 1
-                              properties:
-                                cidr:
-                                  type: string
-                                description:
-                                  type: string
-                                gatewayIP:
-                                  type: string
-                                ipVersion:
-                                  type: integer
-                                ipv6AddressMode:
-                                  type: string
-                                ipv6RAMode:
-                                  type: string
-                                name:
-                                  type: string
-                                notTags:
-                                  description: |-
-                                    NotTags is a list of tags to filter by. If specified, resources which
-                                    contain all of the given tags will be excluded from the result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                                notTagsAny:
-                                  description: |-
-                                    NotTagsAny is a list of tags to filter by. If specified, resources
-                                    which contain any of the given tags will be excluded from the result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                                projectID:
-                                  type: string
-                                tags:
-                                  description: |-
-                                    Tags is a list of tags to filter by. If specified, the resource must
-                                    have all of the tags specified to be included in the result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                                tagsAny:
-                                  description: |-
-                                    TagsAny is a list of tags to filter by. If specified, the resource
-                                    must have at least one of the tags specified to be included in the
-                                    result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                              type: object
-                            id:
-                              description: ID is the uuid of the subnet. It will not
-                                be validated.
-                              format: uuid
-                              type: string
-                          type: object
-                        maxItems: 2
-                        type: array
-                        x-kubernetes-list-type: atomic
-                      tags:
-                        description: Tags to set on all resources in cluster which
-                          support tags
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                    required:
-                    - identityRef
-                    type: object
-                    x-kubernetes-validations:
-                    - message: bastion floating IP cannot be set when disableExternalNetwork
-                        is true
-                      rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
-                        ? !has(self.bastion) || !has(self.bastion.floatingIP) : true'
-                    - message: disableAPIServerFloatingIP cannot be false when disableExternalNetwork
-                        is true
-                      rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
-                        ? has(self.disableAPIServerFloatingIP) && self.disableAPIServerFloatingIP
-                        : true'
-                required:
-                - spec
-                type: object
-            required:
-            - template
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.5
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: openstackfloatingippools.infrastructure.cluster.x-k8s.io
-spec:
-  group: infrastructure.cluster.x-k8s.io
-  names:
-    kind: OpenStackFloatingIPPool
-    listKind: OpenStackFloatingIPPoolList
-    plural: openstackfloatingippools
-    singular: openstackfloatingippool
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: OpenStackFloatingIPPool is the Schema for the openstackfloatingippools
-          API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackFloatingIPPoolSpec defines the desired state of
-              OpenStackFloatingIPPool.
-            properties:
-              floatingIPNetwork:
-                description: FloatingIPNetwork is the external network to use for
-                  floating ips, if there's only one external network it will be used
-                  by default
-                maxProperties: 1
-                minProperties: 1
-                properties:
-                  filter:
-                    description: Filter specifies a filter to select an OpenStack
-                      network. If provided, cannot be empty.
-                    minProperties: 1
-                    properties:
-                      description:
-                        type: string
-                      name:
-                        type: string
-                      notTags:
-                        description: |-
-                          NotTags is a list of tags to filter by. If specified, resources which
-                          contain all of the given tags will be excluded from the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      notTagsAny:
-                        description: |-
-                          NotTagsAny is a list of tags to filter by. If specified, resources
-                          which contain any of the given tags will be excluded from the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      projectID:
-                        type: string
-                      tags:
-                        description: |-
-                          Tags is a list of tags to filter by. If specified, the resource must
-                          have all of the tags specified to be included in the result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      tagsAny:
-                        description: |-
-                          TagsAny is a list of tags to filter by. If specified, the resource
-                          must have at least one of the tags specified to be included in the
-                          result.
-                        items:
-                          description: |-
-                            NeutronTag represents a tag on a Neutron resource.
-                            It may not be empty and may not contain commas.
-                          minLength: 1
-                          pattern: ^[^,]+$
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                    type: object
-                  id:
-                    description: ID is the ID of the network to use. If ID is provided,
-                      the other filters cannot be provided. Must be in UUID format.
-                    format: uuid
-                    type: string
-                type: object
-              identityRef:
-                description: IdentityRef is a reference to a identity to be used when
-                  reconciling this pool.
-                properties:
-                  cloudName:
-                    description: CloudName specifies the name of the entry in the
-                      clouds.yaml file to use.
-                    type: string
-                  name:
-                    description: |-
-                      Name is the name of a secret in the same namespace as the resource being provisioned.
-                      The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
-                      The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
-                    type: string
-                  region:
-                    description: |-
-                      Region specifies an OpenStack region to use. If specified, it overrides
-                      any value in clouds.yaml. If specified for an OpenStackMachine, its
-                      value will be included in providerID.
-                    type: string
-                required:
-                - cloudName
-                - name
-                type: object
-                x-kubernetes-validations:
-                - message: region is immutable
-                  rule: (!has(self.region) && !has(oldSelf.region)) || self.region
-                    == oldSelf.region
-              maxIPs:
-                description: |-
-                  MaxIPs is the maximum number of floating ips that can be allocated from this pool, if nil there is no limit.
-                  If set, the pool will stop allocating floating ips when it reaches this number of ClaimedIPs.
-                type: integer
-              preAllocatedFloatingIPs:
-                description: |-
-                  PreAllocatedFloatingIPs is a list of floating IPs precreated in OpenStack that should be used by this pool.
-                  These are used before allocating new ones and are not deleted from OpenStack when the pool is deleted.
-                items:
-                  type: string
-                type: array
-              reclaimPolicy:
-                description: The stratergy to use for reclaiming floating ips when
-                  they are released from a machine
-                enum:
-                - Retain
-                - Delete
-                type: string
-            required:
-            - identityRef
-            - reclaimPolicy
-            type: object
-          status:
-            description: OpenStackFloatingIPPoolStatus defines the observed state
-              of OpenStackFloatingIPPool.
-            properties:
-              availableIPs:
-                default: []
-                items:
-                  type: string
-                type: array
-              claimedIPs:
-                default: []
-                items:
-                  type: string
-                type: array
-              conditions:
-                description: Conditions provide observations of the operational state
-                  of a Cluster API resource.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              failedIPs:
-                description: FailedIPs contains a list of floating ips that failed
-                  to be allocated
-                items:
-                  type: string
-                type: array
-              floatingIPNetwork:
-                description: floatingIPNetwork contains information about the network
-                  used for floating ips
-                properties:
-                  id:
-                    type: string
-                  name:
-                    type: string
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - id
-                - name
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.5
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: openstackmachines.infrastructure.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capo-webhook-service
-          namespace: capo-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: infrastructure.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: OpenStackMachine
-    listKind: OpenStackMachineList
-    plural: openstackmachines
-    shortNames:
-    - osm
-    singular: openstackmachine
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Cluster to which this OpenStackMachine belongs
-      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
-      name: Cluster
-      type: string
-    - description: OpenStack instance state
-      jsonPath: .status.instanceState
-      name: InstanceState
-      type: string
-    - description: Machine ready status
-      jsonPath: .status.ready
-      name: Ready
-      type: string
-    - description: OpenStack instance ID
-      jsonPath: .spec.providerID
-      name: ProviderID
-      type: string
-    - description: Machine object which owns with this OpenStackMachine
-      jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
-      name: Machine
-      type: string
-    - description: Time duration since creation of OpenStackMachine
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    deprecated: true
-    deprecationWarning: The v1alpha7 version of OpenStackMachine has been deprecated
-      and will be removed in a future release.
-    name: v1alpha7
-    schema:
-      openAPIV3Schema:
-        description: |-
-          OpenStackMachine is the Schema for the openstackmachines API.
-
-          Deprecated: v1alpha7.OpenStackMachine has been replaced by v1beta1.OpenStackMachine.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
-            properties:
-              additionalBlockDevices:
-                description: AdditionalBlockDevices is a list of specifications for
-                  additional block devices to attach to the server instance
-                items:
-                  description: AdditionalBlockDevice is a block device to attach to
-                    the server.
-                  properties:
-                    name:
-                      description: |-
-                        Name of the block device in the context of a machine.
-                        If the block device is a volume, the Cinder volume will be named
-                        as a combination of the machine name and this name.
-                        Also, this name will be used for tagging the block device.
-                        Information about the block device tag can be obtained from the OpenStack
-                        metadata API or the config drive.
-                      type: string
-                    sizeGiB:
-                      description: SizeGiB is the size of the block device in gibibytes
-                        (GiB).
-                      type: integer
-                    storage:
-                      description: |-
-                        Storage specifies the storage type of the block device and
-                        additional storage options.
-                      properties:
-                        type:
-                          description: |-
-                            Type is the type of block device to create.
-                            This can be either "Volume" or "Local".
-                          type: string
-                        volume:
-                          description: Volume contains additional storage options
-                            for a volume block device.
-                          properties:
-                            availabilityZone:
-                              description: |-
-                                AvailabilityZone is the volume availability zone to create the volume in.
-                                If omitted, the availability zone of the server will be used.
-                                The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
-                                to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
-                                further information.
-                              type: string
-                            type:
-                              description: |-
-                                Type is the Cinder volume type of the volume.
-                                If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                will be used.
-                              type: string
-                          type: object
-                      required:
-                      - type
-                      type: object
-                  required:
-                  - name
-                  - sizeGiB
-                  - storage
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - name
-                x-kubernetes-list-type: map
-              cloudName:
-                description: The name of the cloud to use from the clouds secret
-                type: string
-              configDrive:
-                description: Config Drive support
-                type: boolean
-              flavor:
-                description: The flavor reference for the flavor for your server instance.
-                minLength: 1
-                type: string
-              flavorID:
-                description: |-
-                  FlavorID allows flavors to be specified by ID.  This field takes precedence
-                  over Flavor.
-                minLength: 1
-                type: string
-              floatingIP:
-                description: |-
-                  The floatingIP which will be associated to the machine, only used for master.
-                  The floatingIP should have been created and haven't been associated.
-                type: string
-              identityRef:
-                description: |-
-                  IdentityRef is a reference to a identity to be used when reconciling this cluster.
-                  If not specified, the identity ref of the cluster will be used instead.
-                properties:
-                  kind:
-                    description: |-
-                      Kind of the identity. Must be supported by the infrastructure
-                      provider and may be either cluster or namespace-scoped.
-                    minLength: 1
-                    type: string
-                  name:
-                    description: |-
-                      Name of the infrastructure identity to be used.
-                      Must be either a cluster-scoped resource, or namespaced-scoped
-                      resource the same namespace as the resource(s) being provisioned.
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-              image:
-                description: |-
-                  The name of the image to use for your server instance.
-                  If the RootVolume is specified, this will be ignored and use rootVolume directly.
-                type: string
-              imageUUID:
-                description: |-
-                  The uuid of the image to use for your server instance.
-                  if it's empty, Image name will be used
-                type: string
-              instanceID:
-                description: InstanceID is the OpenStack instance ID for this machine.
-                type: string
-              ports:
-                description: |-
-                  Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
-                  If not specified a default port will be added for the default cluster network.
-                items:
-                  properties:
-                    adminStateUp:
-                      type: boolean
-                    allowedAddressPairs:
-                      items:
-                        properties:
-                          ipAddress:
-                            type: string
-                          macAddress:
-                            type: string
-                        type: object
-                      type: array
-                    description:
-                      type: string
-                    disablePortSecurity:
-                      description: |-
-                        DisablePortSecurity enables or disables the port security when set.
-                        When not set, it takes the value of the corresponding field at the network level.
-                      type: boolean
-                    fixedIPs:
-                      description: Specify pairs of subnet and/or IP address. These
-                        should be subnets of the network with the given NetworkID.
-                      items:
-                        properties:
-                          ipAddress:
-                            type: string
-                          subnet:
-                            description: |-
-                              Subnet is an openstack subnet query that will return the id of a subnet to create
-                              the fixed IP of a port in. This query must not return more than one subnet.
-                            properties:
-                              cidr:
-                                type: string
-                              description:
-                                type: string
-                              gateway_ip:
-                                type: string
-                              id:
-                                type: string
-                              ipVersion:
-                                type: integer
-                              ipv6AddressMode:
-                                type: string
-                              ipv6RaMode:
-                                type: string
-                              name:
-                                type: string
-                              notTags:
-                                type: string
-                              notTagsAny:
-                                type: string
-                              projectId:
-                                type: string
-                              tags:
-                                type: string
-                              tagsAny:
-                                type: string
-                            type: object
-                        required:
-                        - subnet
-                        type: object
-                      type: array
-                    hostId:
-                      description: The ID of the host where the port is allocated
-                      type: string
-                    macAddress:
-                      type: string
-                    nameSuffix:
-                      description: Used to make the name of the port unique. If unspecified,
-                        instead the 0-based index of the port in the list is used.
-                      type: string
-                    network:
-                      description: |-
-                        Network is a query for an openstack network that the port will be created or discovered on.
-                        This will fail if the query returns more than one network.
-                      properties:
-                        description:
-                          type: string
-                        id:
-                          type: string
-                        name:
-                          type: string
-                        notTags:
-                          type: string
-                        notTagsAny:
-                          type: string
-                        projectId:
-                          type: string
-                        tags:
-                          type: string
-                        tagsAny:
-                          type: string
-                      type: object
-                    profile:
-                      description: |-
-                        Profile is a set of key-value pairs that are used for binding details.
-                        We intentionally don't expose this as a map[string]string because we only want to enable
-                        the users to set the values of the keys that are known to work in OpenStack Networking API.
-                        See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                      properties:
-                        ovsHWOffload:
-                          description: OVSHWOffload enables or disables the OVS hardware
-                            offload feature.
-                          type: boolean
-                        trustedVF:
-                          description: TrustedVF enables or disables the “trusted
-                            mode” for the VF.
-                          type: boolean
-                      type: object
-                    propagateUplinkStatus:
-                      description: PropageteUplinkStatus enables or disables the propagate
-                        uplink status on the port.
-                      type: boolean
-                    securityGroupFilters:
-                      description: The names, uuids, filters or any combination these
-                        of the security groups to assign to the instance
-                      items:
-                        properties:
-                          description:
-                            type: string
-                          id:
-                            type: string
-                          name:
-                            type: string
-                          notTags:
-                            type: string
-                          notTagsAny:
-                            type: string
-                          projectId:
-                            type: string
-                          tags:
-                            type: string
-                          tagsAny:
-                            type: string
-                        type: object
-                      type: array
-                    tags:
-                      description: |-
-                        Tags applied to the port (and corresponding trunk, if a trunk is configured.)
-                        These tags are applied in addition to the instance's tags, which will also be applied to the port.
-                      items:
-                        type: string
-                      type: array
-                      x-kubernetes-list-type: set
-                    trunk:
-                      description: Enables and disables trunk at port level. If not
-                        provided, openStackMachine.Spec.Trunk is inherited.
-                      type: boolean
-                    valueSpecs:
-                      description: |-
-                        Value specs are extra parameters to include in the API request with OpenStack.
-                        This is an extension point for the API, so what they do and if they are supported,
-                        depends on the specific OpenStack implementation.
-                      items:
-                        description: ValueSpec represents a single value_spec key-value
-                          pair.
-                        properties:
-                          key:
-                            description: Key is the key in the key-value pair.
-                            type: string
-                          name:
-                            description: |-
-                              Name is the name of the key-value pair.
-                              This is just for identifying the pair and will not be sent to the OpenStack API.
-                            type: string
-                          value:
-                            description: Value is the value in the key-value pair.
-                            type: string
-                        required:
-                        - key
-                        - name
-                        - value
-                        type: object
-                      type: array
-                      x-kubernetes-list-map-keys:
-                      - name
-                      x-kubernetes-list-type: map
-                    vnicType:
-                      description: The virtual network interface card (vNIC) type
-                        that is bound to the neutron port.
-                      type: string
-                  type: object
-                type: array
-              providerID:
-                description: ProviderID is the unique identifier as specified by the
-                  cloud provider.
-                type: string
-              rootVolume:
-                description: The volume metadata to boot from
-                properties:
-                  availabilityZone:
-                    type: string
-                  diskSize:
-                    type: integer
-                  volumeType:
-                    type: string
-                type: object
-              securityGroups:
-                description: The names of the security groups to assign to the instance
-                items:
-                  properties:
-                    description:
-                      type: string
-                    id:
-                      type: string
-                    name:
-                      type: string
-                    notTags:
-                      type: string
-                    notTagsAny:
-                      type: string
-                    projectId:
-                      type: string
-                    tags:
-                      type: string
-                    tagsAny:
-                      type: string
-                  type: object
-                type: array
-              serverGroupID:
-                description: The server group to assign the machine to
-                type: string
-              serverMetadata:
-                additionalProperties:
-                  type: string
-                description: Metadata mapping. Allows you to create a map of key value
-                  pairs to add to the server instance.
-                type: object
-              sshKeyName:
-                description: The ssh key to inject in the instance
-                type: string
-              tags:
-                description: |-
-                  Machine tags
-                  Requires Nova api 2.52 minimum!
-                items:
-                  type: string
-                type: array
-                x-kubernetes-list-type: set
-              trunk:
-                description: Whether the server instance is created on a trunk port
-                  or not.
-                type: boolean
-            type: object
-          status:
-            description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
-            properties:
-              addresses:
-                description: Addresses contains the OpenStack instance associated
-                  addresses.
-                items:
-                  description: NodeAddress contains information for the node's address.
-                  properties:
-                    address:
-                      description: The node address.
-                      type: string
-                    type:
-                      description: Node address type, one of Hostname, ExternalIP
-                        or InternalIP.
-                      type: string
-                  required:
-                  - address
-                  - type
-                  type: object
-                type: array
-              conditions:
-                description: Conditions provide observations of the operational state
-                  of a Cluster API resource.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  FailureMessage will be set in the event that there is a terminal problem
-                  reconciling the Machine and will contain a more verbose string suitable
-                  for logging and human consumption.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the Machine's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the Machine object and/or logged in the
-                  controller's output.
-                type: string
-              failureReason:
-                description: DeprecatedCAPIMachineStatusError defines errors states
-                  for Machine objects.
-                type: string
-              instanceState:
-                description: InstanceState is the state of the OpenStack instance
-                  for this machine.
-                type: string
-              ready:
-                description: Ready is true when the provider resource is ready.
-                type: boolean
-            type: object
-        type: object
-    served: false
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - description: Cluster to which this OpenStackMachine belongs
-      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
-      name: Cluster
-      type: string
-    - description: Machine ready status
-      jsonPath: .status.ready
-      name: Ready
-      type: string
-    - description: OpenStack instance ID
-      jsonPath: .spec.providerID
-      name: ProviderID
-      type: string
-    - description: Machine object which owns with this OpenStackMachine
-      jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
-      name: Machine
-      type: string
-    - description: Time duration since creation of OpenStackMachine
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: OpenStackMachine is the Schema for the openstackmachines API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
-            properties:
-              additionalBlockDevices:
-                description: AdditionalBlockDevices is a list of specifications for
-                  additional block devices to attach to the server instance
-                items:
-                  description: AdditionalBlockDevice is a block device to attach to
-                    the server.
-                  properties:
-                    name:
-                      description: |-
-                        Name of the block device in the context of a machine.
-                        If the block device is a volume, the Cinder volume will be named
-                        as a combination of the machine name and this name.
-                        Also, this name will be used for tagging the block device.
-                        Information about the block device tag can be obtained from the OpenStack
-                        metadata API or the config drive.
-                        Name cannot be 'root', which is reserved for the root volume.
-                      type: string
-                    sizeGiB:
-                      description: SizeGiB is the size of the block device in gibibytes
-                        (GiB).
-                      minimum: 1
-                      type: integer
-                    storage:
-                      description: |-
-                        Storage specifies the storage type of the block device and
-                        additional storage options.
-                      properties:
-                        type:
-                          description: |-
-                            Type is the type of block device to create.
-                            This can be either "Volume" or "Local".
-                          type: string
-                        volume:
-                          description: Volume contains additional storage options
-                            for a volume block device.
-                          properties:
-                            availabilityZone:
-                              description: |-
-                                AvailabilityZone is the volume availability zone to create the volume
-                                in. If not specified, the volume will be created without an explicit
-                                availability zone.
-                              properties:
-                                from:
-                                  default: Name
-                                  description: |-
-                                    From specifies where we will obtain the availability zone for the
-                                    volume. The options are "Name" and "Machine". If "Name" is specified
-                                    then the Name field must also be specified. If "Machine" is specified
-                                    the volume will use the value of FailureDomain, if any, from the
-                                    associated Machine.
-                                  enum:
-                                  - Name
-                                  - Machine
-                                  type: string
-                                name:
-                                  description: |-
-                                    Name is the name of a volume availability zone to use. It is required
-                                    if From is "Name". The volume availability zone name may not contain
-                                    spaces.
-                                  minLength: 1
-                                  pattern: ^[^ ]+$
-                                  type: string
-                              type: object
-                              x-kubernetes-validations:
-                              - message: name is required when from is 'Name' or default
-                                rule: '!has(self.from) || self.from == ''Name'' ?
-                                  has(self.name) : !has(self.name)'
-                            type:
-                              description: |-
-                                Type is the Cinder volume type of the volume.
-                                If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                will be used.
-                              type: string
-                          type: object
-                      required:
-                      - type
-                      type: object
-                  required:
-                  - name
-                  - sizeGiB
-                  - storage
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - name
-                x-kubernetes-list-type: map
-              configDrive:
-                description: Config Drive support
-                type: boolean
-              flavor:
-                description: The flavor reference for the flavor for your server instance.
-                minLength: 1
-                type: string
-              flavorID:
-                description: |-
-                  FlavorID allows flavors to be specified by ID.  This field takes precedence
-                  over Flavor.
-                minLength: 1
-                type: string
-              floatingIPPoolRef:
-                description: |-
-                  floatingIPPoolRef is a reference to a IPPool that will be assigned
-                  to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
-                  will be assigned to the OpenStackMachine.
-                properties:
-                  apiGroup:
-                    description: |-
-                      APIGroup is the group for the resource being referenced.
-                      If APIGroup is not specified, the specified Kind must be in the core API group.
-                      For any other third-party types, APIGroup is required.
-                    type: string
-                  kind:
-                    description: Kind is the type of resource being referenced
-                    type: string
-                  name:
-                    description: Name is the name of resource being referenced
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-                x-kubernetes-map-type: atomic
-              identityRef:
-                description: |-
-                  IdentityRef is a reference to a secret holding OpenStack credentials
-                  to be used when reconciling this machine. If not specified, the
-                  credentials specified in the cluster will be used.
-                properties:
-                  cloudName:
-                    description: CloudName specifies the name of the entry in the
-                      clouds.yaml file to use.
-                    type: string
-                  name:
-                    description: |-
-                      Name is the name of a secret in the same namespace as the resource being provisioned.
-                      The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
-                      The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
-                    type: string
-                  region:
-                    description: |-
-                      Region specifies an OpenStack region to use. If specified, it overrides
-                      any value in clouds.yaml. If specified for an OpenStackMachine, its
-                      value will be included in providerID.
-                    type: string
-                required:
-                - cloudName
-                - name
-                type: object
-                x-kubernetes-validations:
-                - message: region is immutable
-                  rule: (!has(self.region) && !has(oldSelf.region)) || self.region
-                    == oldSelf.region
-              image:
-                description: |-
-                  The image to use for your server instance.
-                  If the rootVolume is specified, this will be used when creating the root volume.
-                maxProperties: 1
-                minProperties: 1
-                properties:
-                  filter:
-                    description: |-
-                      Filter describes a query for an image. If specified, the combination
-                      of name and tags must return a single matching image or an error will
-                      be raised.
-                    minProperties: 1
-                    properties:
-                      name:
-                        description: The name of the desired image. If specified,
-                          the combination of name and tags must return a single matching
-                          image or an error will be raised.
-                        type: string
-                      tags:
-                        description: The tags associated with the desired image. If
-                          specified, the combination of name and tags must return
-                          a single matching image or an error will be raised.
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                    type: object
-                  id:
-                    description: ID is the uuid of the image. ID will not be validated
-                      before use.
-                    format: uuid
-                    type: string
-                  imageRef:
-                    description: |-
-                      ImageRef is a reference to an ORC Image in the same namespace as the
-                      referring object.
-                    properties:
-                      name:
-                        description: Name is the name of the referenced resource
-                        type: string
-                    required:
-                    - name
-                    type: object
-                type: object
-              ports:
-                description: |-
-                  Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
-                  If not specified a default port will be added for the default cluster network.
-                items:
-                  properties:
-                    adminStateUp:
-                      description: AdminStateUp specifies whether the port should
-                        be created in the up (true) or down (false) state. The default
-                        is up.
-                      type: boolean
-                    allowedAddressPairs:
-                      description: |-
-                        AllowedAddressPairs is a list of address pairs which Neutron will
-                        allow the port to send traffic from in addition to the port's
-                        addresses. If not specified, the MAC Address will be the MAC Address
-                        of the port. Depending on the configuration of Neutron, it may be
-                        supported to specify a CIDR instead of a specific IP address.
-                      items:
-                        properties:
-                          ipAddress:
-                            description: |-
-                              IPAddress is the IP address of the allowed address pair. Depending on
-                              the configuration of Neutron, it may be supported to specify a CIDR
-                              instead of a specific IP address.
-                            type: string
-                          macAddress:
-                            description: |-
-                              MACAddress is the MAC address of the allowed address pair. If not
-                              specified, the MAC address will be the MAC address of the port.
-                            type: string
-                        required:
-                        - ipAddress
-                        type: object
-                      type: array
-                    description:
-                      description: Description is a human-readable description for
-                        the port.
-                      type: string
-                    disablePortSecurity:
-                      description: |-
-                        DisablePortSecurity enables or disables the port security when set.
-                        When not set, it takes the value of the corresponding field at the network level.
-                      type: boolean
-                    fixedIPs:
-                      description: FixedIPs is a list of pairs of subnet and/or IP
-                        address to assign to the port. If specified, these must be
-                        subnets of the port's network.
-                      items:
-                        properties:
-                          ipAddress:
-                            description: |-
-                              IPAddress is a specific IP address to assign to the port. If Subnet
-                              is also specified, IPAddress must be a valid IP address in the
-                              subnet. If Subnet is not specified, IPAddress must be a valid IP
-                              address in any subnet of the port's network.
-                            type: string
-                          subnet:
-                            description: |-
-                              Subnet is an openstack subnet query that will return the id of a subnet to create
-                              the fixed IP of a port in. This query must not return more than one subnet.
-                            maxProperties: 1
-                            minProperties: 1
-                            properties:
-                              filter:
-                                description: Filter specifies a filter to select the
-                                  subnet. It must match exactly one subnet.
-                                minProperties: 1
-                                properties:
-                                  cidr:
-                                    type: string
-                                  description:
-                                    type: string
-                                  gatewayIP:
-                                    type: string
-                                  ipVersion:
-                                    type: integer
-                                  ipv6AddressMode:
-                                    type: string
-                                  ipv6RAMode:
-                                    type: string
-                                  name:
-                                    type: string
-                                  notTags:
-                                    description: |-
-                                      NotTags is a list of tags to filter by. If specified, resources which
-                                      contain all of the given tags will be excluded from the result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                  notTagsAny:
-                                    description: |-
-                                      NotTagsAny is a list of tags to filter by. If specified, resources
-                                      which contain any of the given tags will be excluded from the result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                  projectID:
-                                    type: string
-                                  tags:
-                                    description: |-
-                                      Tags is a list of tags to filter by. If specified, the resource must
-                                      have all of the tags specified to be included in the result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                  tagsAny:
-                                    description: |-
-                                      TagsAny is a list of tags to filter by. If specified, the resource
-                                      must have at least one of the tags specified to be included in the
-                                      result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                type: object
-                              id:
-                                description: ID is the uuid of the subnet. It will
-                                  not be validated.
-                                format: uuid
-                                type: string
-                            type: object
-                        type: object
-                      type: array
-                      x-kubernetes-list-type: atomic
-                    hostID:
-                      description: HostID specifies the ID of the host where the port
-                        resides.
-                      type: string
-                    macAddress:
-                      description: MACAddress specifies the MAC address of the port.
-                        If not specified, the MAC address will be generated.
-                      type: string
-                    nameSuffix:
-                      description: NameSuffix will be appended to the name of the
-                        port if specified. If unspecified, instead the 0-based index
-                        of the port in the list is used.
-                      type: string
-                    network:
-                      description: |-
-                        Network is a query for an openstack network that the port will be created or discovered on.
-                        This will fail if the query returns more than one network.
-                      maxProperties: 1
-                      minProperties: 1
-                      properties:
-                        filter:
-                          description: Filter specifies a filter to select an OpenStack
-                            network. If provided, cannot be empty.
-                          minProperties: 1
-                          properties:
-                            description:
-                              type: string
-                            name:
-                              type: string
-                            notTags:
-                              description: |-
-                                NotTags is a list of tags to filter by. If specified, resources which
-                                contain all of the given tags will be excluded from the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            notTagsAny:
-                              description: |-
-                                NotTagsAny is a list of tags to filter by. If specified, resources
-                                which contain any of the given tags will be excluded from the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            projectID:
-                              type: string
-                            tags:
-                              description: |-
-                                Tags is a list of tags to filter by. If specified, the resource must
-                                have all of the tags specified to be included in the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            tagsAny:
-                              description: |-
-                                TagsAny is a list of tags to filter by. If specified, the resource
-                                must have at least one of the tags specified to be included in the
-                                result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                          type: object
-                        id:
-                          description: ID is the ID of the network to use. If ID is
-                            provided, the other filters cannot be provided. Must be
-                            in UUID format.
-                          format: uuid
-                          type: string
-                      type: object
-                    profile:
-                      description: |-
-                        Profile is a set of key-value pairs that are used for binding
-                        details. We intentionally don't expose this as a map[string]string
-                        because we only want to enable the users to set the values of the
-                        keys that are known to work in OpenStack Networking API.  See
-                        https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                        To set profiles, your tenant needs permissions rule:create_port, and
-                        rule:create_port:binding:profile
-                      properties:
-                        ovsHWOffload:
-                          description: |-
-                            OVSHWOffload enables or disables the OVS hardware offload feature.
-                            This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
-                            See: https://bugs.launchpad.net/nova/+bug/2020813
-                          type: boolean
-                        trustedVF:
-                          description: TrustedVF enables or disables the “trusted
-                            mode” for the VF.
-                          type: boolean
-                      type: object
-                    propagateUplinkStatus:
-                      description: PropageteUplinkStatus enables or disables the propagate
-                        uplink status on the port.
-                      type: boolean
-                    securityGroups:
-                      description: SecurityGroups is a list of the names, uuids, filters
-                        or any combination these of the security groups to assign
-                        to the instance.
-                      items:
-                        description: SecurityGroupParam specifies an OpenStack security
-                          group. It may be specified by ID or filter, but not both.
-                        maxProperties: 1
-                        minProperties: 1
-                        properties:
-                          filter:
-                            description: Filter specifies a query to select an OpenStack
-                              security group. If provided, cannot be empty.
-                            minProperties: 1
-                            properties:
-                              description:
-                                type: string
-                              name:
-                                type: string
-                              notTags:
-                                description: |-
-                                  NotTags is a list of tags to filter by. If specified, resources which
-                                  contain all of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              notTagsAny:
-                                description: |-
-                                  NotTagsAny is a list of tags to filter by. If specified, resources
-                                  which contain any of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              projectID:
-                                type: string
-                              tags:
-                                description: |-
-                                  Tags is a list of tags to filter by. If specified, the resource must
-                                  have all of the tags specified to be included in the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              tagsAny:
-                                description: |-
-                                  TagsAny is a list of tags to filter by. If specified, the resource
-                                  must have at least one of the tags specified to be included in the
-                                  result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                            type: object
-                          id:
-                            description: ID is the ID of the security group to use.
-                              If ID is provided, the other filters cannot be provided.
-                              Must be in UUID format.
-                            format: uuid
-                            type: string
-                        type: object
-                      type: array
-                      x-kubernetes-list-type: atomic
-                    tags:
-                      description: |-
-                        Tags applied to the port (and corresponding trunk, if a trunk is configured.)
-                        These tags are applied in addition to the instance's tags, which will also be applied to the port.
-                      items:
-                        type: string
-                      type: array
-                      x-kubernetes-list-type: set
-                    trunk:
-                      description: |-
-                        Trunk specifies whether trunking is enabled at the port level. If not
-                        provided the value is inherited from the machine, or false for a
-                        bastion host.
-                      type: boolean
-                    valueSpecs:
-                      description: |-
-                        Value specs are extra parameters to include in the API request with OpenStack.
-                        This is an extension point for the API, so what they do and if they are supported,
-                        depends on the specific OpenStack implementation.
-                      items:
-                        description: ValueSpec represents a single value_spec key-value
-                          pair.
-                        properties:
-                          key:
-                            description: Key is the key in the key-value pair.
-                            type: string
-                          name:
-                            description: |-
-                              Name is the name of the key-value pair.
-                              This is just for identifying the pair and will not be sent to the OpenStack API.
-                            type: string
-                          value:
-                            description: Value is the value in the key-value pair.
-                            type: string
-                        required:
-                        - key
-                        - name
-                        - value
-                        type: object
-                      type: array
-                      x-kubernetes-list-map-keys:
-                      - name
-                      x-kubernetes-list-type: map
-                    vnicType:
-                      description: |-
-                        VNICType specifies the type of vNIC which this port should be
-                        attached to. This is used to determine which mechanism driver(s) to
-                        be used to bind the port. The valid values are normal, macvtap,
-                        direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
-                        remote-managed, although these values will not be validated in this
-                        API to ensure compatibility with future neutron changes or custom
-                        implementations. What type of vNIC is actually available depends on
-                        deployments. If not specified, the Neutron default value is used.
-                      type: string
-                  type: object
-                type: array
-              providerID:
-                description: ProviderID is the unique identifier as specified by the
-                  cloud provider.
-                type: string
-              rootVolume:
-                description: The volume metadata to boot from
-                properties:
-                  availabilityZone:
-                    description: |-
-                      AvailabilityZone is the volume availability zone to create the volume
-                      in. If not specified, the volume will be created without an explicit
-                      availability zone.
-                    properties:
-                      from:
-                        default: Name
-                        description: |-
-                          From specifies where we will obtain the availability zone for the
-                          volume. The options are "Name" and "Machine". If "Name" is specified
-                          then the Name field must also be specified. If "Machine" is specified
-                          the volume will use the value of FailureDomain, if any, from the
-                          associated Machine.
-                        enum:
-                        - Name
-                        - Machine
-                        type: string
-                      name:
-                        description: |-
-                          Name is the name of a volume availability zone to use. It is required
-                          if From is "Name". The volume availability zone name may not contain
-                          spaces.
-                        minLength: 1
-                        pattern: ^[^ ]+$
-                        type: string
-                    type: object
-                    x-kubernetes-validations:
-                    - message: name is required when from is 'Name' or default
-                      rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
-                        : !has(self.name)'
-                  sizeGiB:
-                    description: SizeGiB is the size of the block device in gibibytes
-                      (GiB).
-                    minimum: 1
-                    type: integer
-                  type:
-                    description: |-
-                      Type is the Cinder volume type of the volume.
-                      If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                      will be used.
-                    type: string
-                required:
-                - sizeGiB
-                type: object
-              schedulerHintAdditionalProperties:
-                description: |-
-                  SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
-                  to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
-                  such as specifying certain host aggregates or availability zones.
-                items:
-                  description: |-
-                    SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
-                    It includes a Name to identify the property and a Value that can be of various types.
-                  properties:
-                    name:
-                      description: |-
-                        Name is the name of the scheduler hint property.
-                        It is a unique identifier for the property.
-                      minLength: 1
-                      type: string
-                    value:
-                      description: |-
-                        Value is the value of the scheduler hint property, which can be of various types
-                        (e.g., bool, string, int). The type is indicated by the Value.Type field.
-                      properties:
-                        bool:
-                          description: |-
-                            Bool is the boolean value of the scheduler hint, used when Type is "Bool".
-                            This field is required if type is 'Bool', and must not be set otherwise.
-                          type: boolean
-                        number:
-                          description: |-
-                            Number is the integer value of the scheduler hint, used when Type is "Number".
-                            This field is required if type is 'Number', and must not be set otherwise.
-                          type: integer
-                        string:
-                          description: |-
-                            String is the string value of the scheduler hint, used when Type is "String".
-                            This field is required if type is 'String', and must not be set otherwise.
-                          maxLength: 255
-                          minLength: 1
-                          type: string
-                        type:
-                          description: |-
-                            Type represents the type of the value.
-                            Valid values are Bool, String, and Number.
-                          enum:
-                          - Bool
-                          - String
-                          - Number
-                          type: string
-                      required:
-                      - type
-                      type: object
-                      x-kubernetes-validations:
-                      - message: bool is required when type is Bool, and forbidden
-                          otherwise
-                        rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
-                          : !has(self.bool)'
-                      - message: number is required when type is Number, and forbidden
-                          otherwise
-                        rule: 'has(self.type) && self.type == ''Number'' ? has(self.number)
-                          : !has(self.number)'
-                      - message: string is required when type is String, and forbidden
-                          otherwise
-                        rule: 'has(self.type) && self.type == ''String'' ? has(self.string)
-                          : !has(self.string)'
-                  required:
-                  - name
-                  - value
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - name
-                x-kubernetes-list-type: map
-              securityGroups:
-                description: The names of the security groups to assign to the instance
-                items:
-                  description: SecurityGroupParam specifies an OpenStack security
-                    group. It may be specified by ID or filter, but not both.
-                  maxProperties: 1
-                  minProperties: 1
-                  properties:
-                    filter:
-                      description: Filter specifies a query to select an OpenStack
-                        security group. If provided, cannot be empty.
-                      minProperties: 1
-                      properties:
-                        description:
-                          type: string
-                        name:
-                          type: string
-                        notTags:
-                          description: |-
-                            NotTags is a list of tags to filter by. If specified, resources which
-                            contain all of the given tags will be excluded from the result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        notTagsAny:
-                          description: |-
-                            NotTagsAny is a list of tags to filter by. If specified, resources
-                            which contain any of the given tags will be excluded from the result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        projectID:
-                          type: string
-                        tags:
-                          description: |-
-                            Tags is a list of tags to filter by. If specified, the resource must
-                            have all of the tags specified to be included in the result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        tagsAny:
-                          description: |-
-                            TagsAny is a list of tags to filter by. If specified, the resource
-                            must have at least one of the tags specified to be included in the
-                            result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                      type: object
-                    id:
-                      description: ID is the ID of the security group to use. If ID
-                        is provided, the other filters cannot be provided. Must be
-                        in UUID format.
-                      format: uuid
-                      type: string
-                  type: object
-                type: array
-              serverGroup:
-                description: The server group to assign the machine to.
-                maxProperties: 1
-                minProperties: 1
-                properties:
-                  filter:
-                    description: Filter specifies a query to select an OpenStack server
-                      group. If provided, it cannot be empty.
-                    minProperties: 1
-                    properties:
-                      name:
-                        description: Name is the name of a server group to look for.
-                        type: string
-                    type: object
-                  id:
-                    description: ID is the ID of the server group to use.
-                    format: uuid
-                    type: string
-                type: object
-              serverMetadata:
-                description: Metadata mapping. Allows you to create a map of key value
-                  pairs to add to the server instance.
-                items:
-                  properties:
-                    key:
-                      description: Key is the server metadata key
-                      maxLength: 255
-                      type: string
-                    value:
-                      description: Value is the server metadata value
-                      maxLength: 255
-                      type: string
-                  required:
-                  - key
-                  - value
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - key
-                x-kubernetes-list-type: map
-              sshKeyName:
-                description: The ssh key to inject in the instance
-                type: string
-              tags:
-                description: |-
-                  Tags which will be added to the machine and all dependent resources
-                  which support them. These are in addition to Tags defined on the
-                  cluster.
-                  Requires Nova api 2.52 minimum!
-                items:
-                  type: string
-                type: array
-                x-kubernetes-list-type: set
-              trunk:
-                description: Whether the server instance is created on a trunk port
-                  or not.
-                type: boolean
-            required:
-            - image
-            type: object
-            x-kubernetes-validations:
-            - message: at least one of flavor or flavorID must be set
-              rule: (has(self.flavor) || has(self.flavorID))
-          status:
-            description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
-            properties:
-              addresses:
-                description: Addresses contains the OpenStack instance associated
-                  addresses.
-                items:
-                  description: NodeAddress contains information for the node's address.
-                  properties:
-                    address:
-                      description: The node address.
-                      type: string
-                    type:
-                      description: Node address type, one of Hostname, ExternalIP
-                        or InternalIP.
-                      type: string
-                  required:
-                  - address
-                  - type
-                  type: object
-                type: array
-              conditions:
-                description: Conditions provide observations of the operational state
-                  of a Cluster API resource.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              failureMessage:
-                description: |-
-                  FailureMessage will be set in the event that there is a terminal problem
-                  reconciling the Machine and will contain a more verbose string suitable
-                  for logging and human consumption.
-
-                  This field should not be set for transitive errors that a controller
-                  faces that are expected to be fixed automatically over
-                  time (like service outages), but instead indicate that something is
-                  fundamentally wrong with the Machine's spec or the configuration of
-                  the controller, and that manual intervention is required. Examples
-                  of terminal errors would be invalid combinations of settings in the
-                  spec, values that are unsupported by the controller, or the
-                  responsible controller itself being critically misconfigured.
-
-                  Any transient errors that occur during the reconciliation of Machines
-                  can be added as events to the Machine object and/or logged in the
-                  controller's output.
-                type: string
-              failureReason:
-                description: DeprecatedCAPIMachineStatusError defines errors states
-                  for Machine objects.
-                type: string
-              instanceID:
-                description: InstanceID is the OpenStack instance ID for this machine.
-                type: string
-              instanceState:
-                description: |-
-                  InstanceState is the state of the OpenStack instance for this machine.
-                  This field is not set anymore by the OpenStackMachine controller.
-                  Instead, it's set by the OpenStackServer controller.
-                type: string
-              ready:
-                description: Ready is true when the provider resource is ready.
-                type: boolean
-              resolved:
-                description: |-
-                  Resolved contains parts of the machine spec with all external
-                  references fully resolved.
-                properties:
-                  flavorID:
-                    description: FlavorID is the ID of the flavor to use.
-                    type: string
-                  imageID:
-                    description: ImageID is the ID of the image to use for the machine
-                      and is calculated based on ImageFilter.
-                    type: string
-                  ports:
-                    description: Ports is the fully resolved list of ports to create
-                      for the machine.
-                    items:
-                      description: ResolvedPortSpec is a PortOpts with all contained
-                        references fully resolved.
-                      properties:
-                        adminStateUp:
-                          description: AdminStateUp specifies whether the port should
-                            be created in the up (true) or down (false) state. The
-                            default is up.
-                          type: boolean
-                        allowedAddressPairs:
-                          description: |-
-                            AllowedAddressPairs is a list of address pairs which Neutron will
-                            allow the port to send traffic from in addition to the port's
-                            addresses. If not specified, the MAC Address will be the MAC Address
-                            of the port. Depending on the configuration of Neutron, it may be
-                            supported to specify a CIDR instead of a specific IP address.
-                          items:
-                            properties:
-                              ipAddress:
-                                description: |-
-                                  IPAddress is the IP address of the allowed address pair. Depending on
-                                  the configuration of Neutron, it may be supported to specify a CIDR
-                                  instead of a specific IP address.
-                                type: string
-                              macAddress:
-                                description: |-
-                                  MACAddress is the MAC address of the allowed address pair. If not
-                                  specified, the MAC address will be the MAC address of the port.
-                                type: string
-                            required:
-                            - ipAddress
-                            type: object
-                          type: array
-                        description:
-                          description: Description is a human-readable description
-                            for the port.
-                          type: string
-                        disablePortSecurity:
-                          description: |-
-                            DisablePortSecurity enables or disables the port security when set.
-                            When not set, it takes the value of the corresponding field at the network level.
-                          type: boolean
-                        fixedIPs:
-                          description: FixedIPs is a list of pairs of subnet and/or
-                            IP address to assign to the port. If specified, these
-                            must be subnets of the port's network.
-                          items:
-                            description: ResolvedFixedIP is a FixedIP with the Subnet
-                              resolved to an ID.
-                            properties:
-                              ipAddress:
-                                description: |-
-                                  IPAddress is a specific IP address to assign to the port. If SubnetID
-                                  is also specified, IPAddress must be a valid IP address in the
-                                  subnet. If Subnet is not specified, IPAddress must be a valid IP
-                                  address in any subnet of the port's network.
-                                type: string
-                              subnet:
-                                description: SubnetID is the id of a subnet to create
-                                  the fixed IP of a port in.
-                                type: string
-                            type: object
-                          type: array
-                          x-kubernetes-list-type: atomic
-                        hostID:
-                          description: HostID specifies the ID of the host where the
-                            port resides.
-                          type: string
-                        macAddress:
-                          description: MACAddress specifies the MAC address of the
-                            port. If not specified, the MAC address will be generated.
-                          type: string
-                        name:
-                          description: Name is the name of the port.
-                          type: string
-                        networkID:
-                          description: NetworkID is the ID of the network the port
-                            will be created in.
-                          type: string
-                        profile:
-                          description: |-
-                            Profile is a set of key-value pairs that are used for binding
-                            details. We intentionally don't expose this as a map[string]string
-                            because we only want to enable the users to set the values of the
-                            keys that are known to work in OpenStack Networking API.  See
-                            https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                            To set profiles, your tenant needs permissions rule:create_port, and
-                            rule:create_port:binding:profile
-                          properties:
-                            ovsHWOffload:
-                              description: |-
-                                OVSHWOffload enables or disables the OVS hardware offload feature.
-                                This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
-                                See: https://bugs.launchpad.net/nova/+bug/2020813
-                              type: boolean
-                            trustedVF:
-                              description: TrustedVF enables or disables the “trusted
-                                mode” for the VF.
-                              type: boolean
-                          type: object
-                        propagateUplinkStatus:
-                          description: PropageteUplinkStatus enables or disables the
-                            propagate uplink status on the port.
-                          type: boolean
-                        securityGroups:
-                          description: SecurityGroups is a list of security group
-                            IDs to assign to the port.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                        tags:
-                          description: Tags applied to the port (and corresponding
-                            trunk, if a trunk is configured.)
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        trunk:
-                          description: Trunk specifies whether trunking is enabled
-                            at the port level.
-                          type: boolean
-                        valueSpecs:
-                          description: |-
-                            Value specs are extra parameters to include in the API request with OpenStack.
-                            This is an extension point for the API, so what they do and if they are supported,
-                            depends on the specific OpenStack implementation.
-                          items:
-                            description: ValueSpec represents a single value_spec
-                              key-value pair.
-                            properties:
-                              key:
-                                description: Key is the key in the key-value pair.
-                                type: string
-                              name:
-                                description: |-
-                                  Name is the name of the key-value pair.
-                                  This is just for identifying the pair and will not be sent to the OpenStack API.
-                                type: string
-                              value:
-                                description: Value is the value in the key-value pair.
-                                type: string
-                            required:
-                            - key
-                            - name
-                            - value
-                            type: object
-                          type: array
-                          x-kubernetes-list-map-keys:
-                          - name
-                          x-kubernetes-list-type: map
-                        vnicType:
-                          description: |-
-                            VNICType specifies the type of vNIC which this port should be
-                            attached to. This is used to determine which mechanism driver(s) to
-                            be used to bind the port. The valid values are normal, macvtap,
-                            direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
-                            remote-managed, although these values will not be validated in this
-                            API to ensure compatibility with future neutron changes or custom
-                            implementations. What type of vNIC is actually available depends on
-                            deployments. If not specified, the Neutron default value is used.
-                          type: string
-                      required:
-                      - description
-                      - name
-                      - networkID
-                      type: object
-                    type: array
-                  serverGroupID:
-                    description: ServerGroupID is the ID of the server group the machine
-                      should be added to and is calculated based on ServerGroupFilter.
-                    type: string
-                type: object
-              resources:
-                description: Resources contains references to OpenStack resources
-                  created for the machine.
-                properties:
-                  ports:
-                    description: Ports is the status of the ports created for the
-                      machine.
-                    items:
-                      properties:
-                        id:
-                          description: ID is the unique identifier of the port.
-                          type: string
-                      required:
-                      - id
-                      type: object
-                    type: array
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.5
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: openstackmachinetemplates.infrastructure.cluster.x-k8s.io
-spec:
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: capo-webhook-service
-          namespace: capo-system
-          path: /convert
-      conversionReviewVersions:
-      - v1
-      - v1beta1
-  group: infrastructure.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: OpenStackMachineTemplate
-    listKind: OpenStackMachineTemplateList
-    plural: openstackmachinetemplates
-    shortNames:
-    - osmt
-    singular: openstackmachinetemplate
-  scope: Namespaced
-  versions:
-  - deprecated: true
-    deprecationWarning: The v1alpha7 version of OpenStackMachineTemplate has been
-      deprecated and will be removed in a future release.
-    name: v1alpha7
-    schema:
-      openAPIV3Schema:
-        description: |-
-          OpenStackMachineTemplate is the Schema for the openstackmachinetemplates API.
-
-          Deprecated: v1alpha7.OpenStackMachineTemplate has been replaced by v1beta1.OpenStackMachineTemplate.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackMachineTemplateSpec defines the desired state of
-              OpenStackMachineTemplate.
-            properties:
-              template:
-                description: OpenStackMachineTemplateResource describes the data needed
-                  to create a OpenStackMachine from a template.
-                properties:
-                  spec:
-                    description: Spec is the specification of the desired behavior
-                      of the machine.
-                    properties:
-                      additionalBlockDevices:
-                        description: AdditionalBlockDevices is a list of specifications
-                          for additional block devices to attach to the server instance
-                        items:
-                          description: AdditionalBlockDevice is a block device to
-                            attach to the server.
-                          properties:
-                            name:
-                              description: |-
-                                Name of the block device in the context of a machine.
-                                If the block device is a volume, the Cinder volume will be named
-                                as a combination of the machine name and this name.
-                                Also, this name will be used for tagging the block device.
-                                Information about the block device tag can be obtained from the OpenStack
-                                metadata API or the config drive.
-                              type: string
-                            sizeGiB:
-                              description: SizeGiB is the size of the block device
-                                in gibibytes (GiB).
-                              type: integer
-                            storage:
-                              description: |-
-                                Storage specifies the storage type of the block device and
-                                additional storage options.
-                              properties:
-                                type:
-                                  description: |-
-                                    Type is the type of block device to create.
-                                    This can be either "Volume" or "Local".
-                                  type: string
-                                volume:
-                                  description: Volume contains additional storage
-                                    options for a volume block device.
-                                  properties:
-                                    availabilityZone:
-                                      description: |-
-                                        AvailabilityZone is the volume availability zone to create the volume in.
-                                        If omitted, the availability zone of the server will be used.
-                                        The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
-                                        to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
-                                        further information.
-                                      type: string
-                                    type:
-                                      description: |-
-                                        Type is the Cinder volume type of the volume.
-                                        If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                        will be used.
-                                      type: string
-                                  type: object
-                              required:
-                              - type
-                              type: object
-                          required:
-                          - name
-                          - sizeGiB
-                          - storage
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - name
-                        x-kubernetes-list-type: map
-                      cloudName:
-                        description: The name of the cloud to use from the clouds
-                          secret
-                        type: string
-                      configDrive:
-                        description: Config Drive support
-                        type: boolean
-                      flavor:
-                        description: The flavor reference for the flavor for your
-                          server instance.
-                        minLength: 1
-                        type: string
-                      flavorID:
-                        description: |-
-                          FlavorID allows flavors to be specified by ID.  This field takes precedence
-                          over Flavor.
-                        minLength: 1
-                        type: string
-                      floatingIP:
-                        description: |-
-                          The floatingIP which will be associated to the machine, only used for master.
-                          The floatingIP should have been created and haven't been associated.
-                        type: string
-                      identityRef:
-                        description: |-
-                          IdentityRef is a reference to a identity to be used when reconciling this cluster.
-                          If not specified, the identity ref of the cluster will be used instead.
-                        properties:
-                          kind:
-                            description: |-
-                              Kind of the identity. Must be supported by the infrastructure
-                              provider and may be either cluster or namespace-scoped.
-                            minLength: 1
-                            type: string
-                          name:
-                            description: |-
-                              Name of the infrastructure identity to be used.
-                              Must be either a cluster-scoped resource, or namespaced-scoped
-                              resource the same namespace as the resource(s) being provisioned.
-                            type: string
-                        required:
-                        - kind
-                        - name
-                        type: object
-                      image:
-                        description: |-
-                          The name of the image to use for your server instance.
-                          If the RootVolume is specified, this will be ignored and use rootVolume directly.
-                        type: string
-                      imageUUID:
-                        description: |-
-                          The uuid of the image to use for your server instance.
-                          if it's empty, Image name will be used
-                        type: string
-                      instanceID:
-                        description: InstanceID is the OpenStack instance ID for this
-                          machine.
-                        type: string
-                      ports:
-                        description: |-
-                          Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
-                          If not specified a default port will be added for the default cluster network.
-                        items:
-                          properties:
-                            adminStateUp:
-                              type: boolean
-                            allowedAddressPairs:
-                              items:
-                                properties:
-                                  ipAddress:
-                                    type: string
-                                  macAddress:
-                                    type: string
-                                type: object
-                              type: array
-                            description:
-                              type: string
-                            disablePortSecurity:
-                              description: |-
-                                DisablePortSecurity enables or disables the port security when set.
-                                When not set, it takes the value of the corresponding field at the network level.
-                              type: boolean
-                            fixedIPs:
-                              description: Specify pairs of subnet and/or IP address.
-                                These should be subnets of the network with the given
-                                NetworkID.
-                              items:
-                                properties:
-                                  ipAddress:
-                                    type: string
-                                  subnet:
-                                    description: |-
-                                      Subnet is an openstack subnet query that will return the id of a subnet to create
-                                      the fixed IP of a port in. This query must not return more than one subnet.
-                                    properties:
-                                      cidr:
-                                        type: string
-                                      description:
-                                        type: string
-                                      gateway_ip:
-                                        type: string
-                                      id:
-                                        type: string
-                                      ipVersion:
-                                        type: integer
-                                      ipv6AddressMode:
-                                        type: string
-                                      ipv6RaMode:
-                                        type: string
-                                      name:
-                                        type: string
-                                      notTags:
-                                        type: string
-                                      notTagsAny:
-                                        type: string
-                                      projectId:
-                                        type: string
-                                      tags:
-                                        type: string
-                                      tagsAny:
-                                        type: string
-                                    type: object
-                                required:
-                                - subnet
-                                type: object
-                              type: array
-                            hostId:
-                              description: The ID of the host where the port is allocated
-                              type: string
-                            macAddress:
-                              type: string
-                            nameSuffix:
-                              description: Used to make the name of the port unique.
-                                If unspecified, instead the 0-based index of the port
-                                in the list is used.
-                              type: string
-                            network:
-                              description: |-
-                                Network is a query for an openstack network that the port will be created or discovered on.
-                                This will fail if the query returns more than one network.
-                              properties:
-                                description:
-                                  type: string
-                                id:
-                                  type: string
-                                name:
-                                  type: string
-                                notTags:
-                                  type: string
-                                notTagsAny:
-                                  type: string
-                                projectId:
-                                  type: string
-                                tags:
-                                  type: string
-                                tagsAny:
-                                  type: string
-                              type: object
-                            profile:
-                              description: |-
-                                Profile is a set of key-value pairs that are used for binding details.
-                                We intentionally don't expose this as a map[string]string because we only want to enable
-                                the users to set the values of the keys that are known to work in OpenStack Networking API.
-                                See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                              properties:
-                                ovsHWOffload:
-                                  description: OVSHWOffload enables or disables the
-                                    OVS hardware offload feature.
-                                  type: boolean
-                                trustedVF:
-                                  description: TrustedVF enables or disables the “trusted
-                                    mode” for the VF.
-                                  type: boolean
-                              type: object
-                            propagateUplinkStatus:
-                              description: PropageteUplinkStatus enables or disables
-                                the propagate uplink status on the port.
-                              type: boolean
-                            securityGroupFilters:
-                              description: The names, uuids, filters or any combination
-                                these of the security groups to assign to the instance
-                              items:
-                                properties:
-                                  description:
-                                    type: string
-                                  id:
-                                    type: string
-                                  name:
-                                    type: string
-                                  notTags:
-                                    type: string
-                                  notTagsAny:
-                                    type: string
-                                  projectId:
-                                    type: string
-                                  tags:
-                                    type: string
-                                  tagsAny:
-                                    type: string
-                                type: object
-                              type: array
-                            tags:
-                              description: |-
-                                Tags applied to the port (and corresponding trunk, if a trunk is configured.)
-                                These tags are applied in addition to the instance's tags, which will also be applied to the port.
-                              items:
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            trunk:
-                              description: Enables and disables trunk at port level.
-                                If not provided, openStackMachine.Spec.Trunk is inherited.
-                              type: boolean
-                            valueSpecs:
-                              description: |-
-                                Value specs are extra parameters to include in the API request with OpenStack.
-                                This is an extension point for the API, so what they do and if they are supported,
-                                depends on the specific OpenStack implementation.
-                              items:
-                                description: ValueSpec represents a single value_spec
-                                  key-value pair.
-                                properties:
-                                  key:
-                                    description: Key is the key in the key-value pair.
-                                    type: string
-                                  name:
-                                    description: |-
-                                      Name is the name of the key-value pair.
-                                      This is just for identifying the pair and will not be sent to the OpenStack API.
-                                    type: string
-                                  value:
-                                    description: Value is the value in the key-value
-                                      pair.
-                                    type: string
-                                required:
-                                - key
-                                - name
-                                - value
-                                type: object
-                              type: array
-                              x-kubernetes-list-map-keys:
-                              - name
-                              x-kubernetes-list-type: map
-                            vnicType:
-                              description: The virtual network interface card (vNIC)
-                                type that is bound to the neutron port.
-                              type: string
-                          type: object
-                        type: array
-                      providerID:
-                        description: ProviderID is the unique identifier as specified
-                          by the cloud provider.
-                        type: string
-                      rootVolume:
-                        description: The volume metadata to boot from
-                        properties:
-                          availabilityZone:
-                            type: string
-                          diskSize:
-                            type: integer
-                          volumeType:
-                            type: string
-                        type: object
-                      securityGroups:
-                        description: The names of the security groups to assign to
-                          the instance
-                        items:
-                          properties:
-                            description:
-                              type: string
-                            id:
-                              type: string
-                            name:
-                              type: string
-                            notTags:
-                              type: string
-                            notTagsAny:
-                              type: string
-                            projectId:
-                              type: string
-                            tags:
-                              type: string
-                            tagsAny:
-                              type: string
-                          type: object
-                        type: array
-                      serverGroupID:
-                        description: The server group to assign the machine to
-                        type: string
-                      serverMetadata:
-                        additionalProperties:
-                          type: string
-                        description: Metadata mapping. Allows you to create a map
-                          of key value pairs to add to the server instance.
-                        type: object
-                      sshKeyName:
-                        description: The ssh key to inject in the instance
-                        type: string
-                      tags:
-                        description: |-
-                          Machine tags
-                          Requires Nova api 2.52 minimum!
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      trunk:
-                        description: Whether the server instance is created on a trunk
-                          port or not.
-                        type: boolean
-                    type: object
-                required:
-                - spec
-                type: object
-            required:
-            - template
-            type: object
-        type: object
-    served: false
-    storage: false
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
-          API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackMachineTemplateSpec defines the desired state of
-              OpenStackMachineTemplate.
-            properties:
-              template:
-                description: OpenStackMachineTemplateResource describes the data needed
-                  to create a OpenStackMachine from a template.
-                properties:
-                  spec:
-                    description: Spec is the specification of the desired behavior
-                      of the machine.
-                    properties:
-                      additionalBlockDevices:
-                        description: AdditionalBlockDevices is a list of specifications
-                          for additional block devices to attach to the server instance
-                        items:
-                          description: AdditionalBlockDevice is a block device to
-                            attach to the server.
-                          properties:
-                            name:
-                              description: |-
-                                Name of the block device in the context of a machine.
-                                If the block device is a volume, the Cinder volume will be named
-                                as a combination of the machine name and this name.
-                                Also, this name will be used for tagging the block device.
-                                Information about the block device tag can be obtained from the OpenStack
-                                metadata API or the config drive.
-                                Name cannot be 'root', which is reserved for the root volume.
-                              type: string
-                            sizeGiB:
-                              description: SizeGiB is the size of the block device
-                                in gibibytes (GiB).
-                              minimum: 1
-                              type: integer
-                            storage:
-                              description: |-
-                                Storage specifies the storage type of the block device and
-                                additional storage options.
-                              properties:
-                                type:
-                                  description: |-
-                                    Type is the type of block device to create.
-                                    This can be either "Volume" or "Local".
-                                  type: string
-                                volume:
-                                  description: Volume contains additional storage
-                                    options for a volume block device.
-                                  properties:
-                                    availabilityZone:
-                                      description: |-
-                                        AvailabilityZone is the volume availability zone to create the volume
-                                        in. If not specified, the volume will be created without an explicit
-                                        availability zone.
-                                      properties:
-                                        from:
-                                          default: Name
-                                          description: |-
-                                            From specifies where we will obtain the availability zone for the
-                                            volume. The options are "Name" and "Machine". If "Name" is specified
-                                            then the Name field must also be specified. If "Machine" is specified
-                                            the volume will use the value of FailureDomain, if any, from the
-                                            associated Machine.
-                                          enum:
-                                          - Name
-                                          - Machine
-                                          type: string
-                                        name:
-                                          description: |-
-                                            Name is the name of a volume availability zone to use. It is required
-                                            if From is "Name". The volume availability zone name may not contain
-                                            spaces.
-                                          minLength: 1
-                                          pattern: ^[^ ]+$
-                                          type: string
-                                      type: object
-                                      x-kubernetes-validations:
-                                      - message: name is required when from is 'Name'
-                                          or default
-                                        rule: '!has(self.from) || self.from == ''Name''
-                                          ? has(self.name) : !has(self.name)'
-                                    type:
-                                      description: |-
-                                        Type is the Cinder volume type of the volume.
-                                        If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                        will be used.
-                                      type: string
-                                  type: object
-                              required:
-                              - type
-                              type: object
-                          required:
-                          - name
-                          - sizeGiB
-                          - storage
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - name
-                        x-kubernetes-list-type: map
-                      configDrive:
-                        description: Config Drive support
-                        type: boolean
-                      flavor:
-                        description: The flavor reference for the flavor for your
-                          server instance.
-                        minLength: 1
-                        type: string
-                      flavorID:
-                        description: |-
-                          FlavorID allows flavors to be specified by ID.  This field takes precedence
-                          over Flavor.
-                        minLength: 1
-                        type: string
-                      floatingIPPoolRef:
-                        description: |-
-                          floatingIPPoolRef is a reference to a IPPool that will be assigned
-                          to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
-                          will be assigned to the OpenStackMachine.
-                        properties:
-                          apiGroup:
-                            description: |-
-                              APIGroup is the group for the resource being referenced.
-                              If APIGroup is not specified, the specified Kind must be in the core API group.
-                              For any other third-party types, APIGroup is required.
-                            type: string
-                          kind:
-                            description: Kind is the type of resource being referenced
-                            type: string
-                          name:
-                            description: Name is the name of resource being referenced
-                            type: string
-                        required:
-                        - kind
-                        - name
-                        type: object
-                        x-kubernetes-map-type: atomic
-                      identityRef:
-                        description: |-
-                          IdentityRef is a reference to a secret holding OpenStack credentials
-                          to be used when reconciling this machine. If not specified, the
-                          credentials specified in the cluster will be used.
-                        properties:
-                          cloudName:
-                            description: CloudName specifies the name of the entry
-                              in the clouds.yaml file to use.
-                            type: string
-                          name:
-                            description: |-
-                              Name is the name of a secret in the same namespace as the resource being provisioned.
-                              The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
-                              The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
-                            type: string
-                          region:
-                            description: |-
-                              Region specifies an OpenStack region to use. If specified, it overrides
-                              any value in clouds.yaml. If specified for an OpenStackMachine, its
-                              value will be included in providerID.
-                            type: string
-                        required:
-                        - cloudName
-                        - name
-                        type: object
-                        x-kubernetes-validations:
-                        - message: region is immutable
-                          rule: (!has(self.region) && !has(oldSelf.region)) || self.region
-                            == oldSelf.region
-                      image:
-                        description: |-
-                          The image to use for your server instance.
-                          If the rootVolume is specified, this will be used when creating the root volume.
-                        maxProperties: 1
-                        minProperties: 1
-                        properties:
-                          filter:
-                            description: |-
-                              Filter describes a query for an image. If specified, the combination
-                              of name and tags must return a single matching image or an error will
-                              be raised.
-                            minProperties: 1
-                            properties:
-                              name:
-                                description: The name of the desired image. If specified,
-                                  the combination of name and tags must return a single
-                                  matching image or an error will be raised.
-                                type: string
-                              tags:
-                                description: The tags associated with the desired
-                                  image. If specified, the combination of name and
-                                  tags must return a single matching image or an error
-                                  will be raised.
-                                items:
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                            type: object
-                          id:
-                            description: ID is the uuid of the image. ID will not
-                              be validated before use.
-                            format: uuid
-                            type: string
-                          imageRef:
-                            description: |-
-                              ImageRef is a reference to an ORC Image in the same namespace as the
-                              referring object.
-                            properties:
-                              name:
-                                description: Name is the name of the referenced resource
-                                type: string
-                            required:
-                            - name
-                            type: object
-                        type: object
-                      ports:
-                        description: |-
-                          Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
-                          If not specified a default port will be added for the default cluster network.
-                        items:
-                          properties:
-                            adminStateUp:
-                              description: AdminStateUp specifies whether the port
-                                should be created in the up (true) or down (false)
-                                state. The default is up.
-                              type: boolean
-                            allowedAddressPairs:
-                              description: |-
-                                AllowedAddressPairs is a list of address pairs which Neutron will
-                                allow the port to send traffic from in addition to the port's
-                                addresses. If not specified, the MAC Address will be the MAC Address
-                                of the port. Depending on the configuration of Neutron, it may be
-                                supported to specify a CIDR instead of a specific IP address.
-                              items:
-                                properties:
-                                  ipAddress:
-                                    description: |-
-                                      IPAddress is the IP address of the allowed address pair. Depending on
-                                      the configuration of Neutron, it may be supported to specify a CIDR
-                                      instead of a specific IP address.
-                                    type: string
-                                  macAddress:
-                                    description: |-
-                                      MACAddress is the MAC address of the allowed address pair. If not
-                                      specified, the MAC address will be the MAC address of the port.
-                                    type: string
-                                required:
-                                - ipAddress
-                                type: object
-                              type: array
-                            description:
-                              description: Description is a human-readable description
-                                for the port.
-                              type: string
-                            disablePortSecurity:
-                              description: |-
-                                DisablePortSecurity enables or disables the port security when set.
-                                When not set, it takes the value of the corresponding field at the network level.
-                              type: boolean
-                            fixedIPs:
-                              description: FixedIPs is a list of pairs of subnet and/or
-                                IP address to assign to the port. If specified, these
-                                must be subnets of the port's network.
-                              items:
-                                properties:
-                                  ipAddress:
-                                    description: |-
-                                      IPAddress is a specific IP address to assign to the port. If Subnet
-                                      is also specified, IPAddress must be a valid IP address in the
-                                      subnet. If Subnet is not specified, IPAddress must be a valid IP
-                                      address in any subnet of the port's network.
-                                    type: string
-                                  subnet:
-                                    description: |-
-                                      Subnet is an openstack subnet query that will return the id of a subnet to create
-                                      the fixed IP of a port in. This query must not return more than one subnet.
-                                    maxProperties: 1
-                                    minProperties: 1
-                                    properties:
-                                      filter:
-                                        description: Filter specifies a filter to
-                                          select the subnet. It must match exactly
-                                          one subnet.
-                                        minProperties: 1
-                                        properties:
-                                          cidr:
-                                            type: string
-                                          description:
-                                            type: string
-                                          gatewayIP:
-                                            type: string
-                                          ipVersion:
-                                            type: integer
-                                          ipv6AddressMode:
-                                            type: string
-                                          ipv6RAMode:
-                                            type: string
-                                          name:
-                                            type: string
-                                          notTags:
-                                            description: |-
-                                              NotTags is a list of tags to filter by. If specified, resources which
-                                              contain all of the given tags will be excluded from the result.
-                                            items:
-                                              description: |-
-                                                NeutronTag represents a tag on a Neutron resource.
-                                                It may not be empty and may not contain commas.
-                                              minLength: 1
-                                              pattern: ^[^,]+$
-                                              type: string
-                                            type: array
-                                            x-kubernetes-list-type: set
-                                          notTagsAny:
-                                            description: |-
-                                              NotTagsAny is a list of tags to filter by. If specified, resources
-                                              which contain any of the given tags will be excluded from the result.
-                                            items:
-                                              description: |-
-                                                NeutronTag represents a tag on a Neutron resource.
-                                                It may not be empty and may not contain commas.
-                                              minLength: 1
-                                              pattern: ^[^,]+$
-                                              type: string
-                                            type: array
-                                            x-kubernetes-list-type: set
-                                          projectID:
-                                            type: string
-                                          tags:
-                                            description: |-
-                                              Tags is a list of tags to filter by. If specified, the resource must
-                                              have all of the tags specified to be included in the result.
-                                            items:
-                                              description: |-
-                                                NeutronTag represents a tag on a Neutron resource.
-                                                It may not be empty and may not contain commas.
-                                              minLength: 1
-                                              pattern: ^[^,]+$
-                                              type: string
-                                            type: array
-                                            x-kubernetes-list-type: set
-                                          tagsAny:
-                                            description: |-
-                                              TagsAny is a list of tags to filter by. If specified, the resource
-                                              must have at least one of the tags specified to be included in the
-                                              result.
-                                            items:
-                                              description: |-
-                                                NeutronTag represents a tag on a Neutron resource.
-                                                It may not be empty and may not contain commas.
-                                              minLength: 1
-                                              pattern: ^[^,]+$
-                                              type: string
-                                            type: array
-                                            x-kubernetes-list-type: set
-                                        type: object
-                                      id:
-                                        description: ID is the uuid of the subnet.
-                                          It will not be validated.
-                                        format: uuid
-                                        type: string
-                                    type: object
-                                type: object
-                              type: array
-                              x-kubernetes-list-type: atomic
-                            hostID:
-                              description: HostID specifies the ID of the host where
-                                the port resides.
-                              type: string
-                            macAddress:
-                              description: MACAddress specifies the MAC address of
-                                the port. If not specified, the MAC address will be
-                                generated.
-                              type: string
-                            nameSuffix:
-                              description: NameSuffix will be appended to the name
-                                of the port if specified. If unspecified, instead
-                                the 0-based index of the port in the list is used.
-                              type: string
-                            network:
-                              description: |-
-                                Network is a query for an openstack network that the port will be created or discovered on.
-                                This will fail if the query returns more than one network.
-                              maxProperties: 1
-                              minProperties: 1
-                              properties:
-                                filter:
-                                  description: Filter specifies a filter to select
-                                    an OpenStack network. If provided, cannot be empty.
-                                  minProperties: 1
-                                  properties:
-                                    description:
-                                      type: string
-                                    name:
-                                      type: string
-                                    notTags:
-                                      description: |-
-                                        NotTags is a list of tags to filter by. If specified, resources which
-                                        contain all of the given tags will be excluded from the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    notTagsAny:
-                                      description: |-
-                                        NotTagsAny is a list of tags to filter by. If specified, resources
-                                        which contain any of the given tags will be excluded from the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    projectID:
-                                      type: string
-                                    tags:
-                                      description: |-
-                                        Tags is a list of tags to filter by. If specified, the resource must
-                                        have all of the tags specified to be included in the result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                    tagsAny:
-                                      description: |-
-                                        TagsAny is a list of tags to filter by. If specified, the resource
-                                        must have at least one of the tags specified to be included in the
-                                        result.
-                                      items:
-                                        description: |-
-                                          NeutronTag represents a tag on a Neutron resource.
-                                          It may not be empty and may not contain commas.
-                                        minLength: 1
-                                        pattern: ^[^,]+$
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
-                                  type: object
-                                id:
-                                  description: ID is the ID of the network to use.
-                                    If ID is provided, the other filters cannot be
-                                    provided. Must be in UUID format.
-                                  format: uuid
-                                  type: string
-                              type: object
-                            profile:
-                              description: |-
-                                Profile is a set of key-value pairs that are used for binding
-                                details. We intentionally don't expose this as a map[string]string
-                                because we only want to enable the users to set the values of the
-                                keys that are known to work in OpenStack Networking API.  See
-                                https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                                To set profiles, your tenant needs permissions rule:create_port, and
-                                rule:create_port:binding:profile
-                              properties:
-                                ovsHWOffload:
-                                  description: |-
-                                    OVSHWOffload enables or disables the OVS hardware offload feature.
-                                    This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
-                                    See: https://bugs.launchpad.net/nova/+bug/2020813
-                                  type: boolean
-                                trustedVF:
-                                  description: TrustedVF enables or disables the “trusted
-                                    mode” for the VF.
-                                  type: boolean
-                              type: object
-                            propagateUplinkStatus:
-                              description: PropageteUplinkStatus enables or disables
-                                the propagate uplink status on the port.
-                              type: boolean
-                            securityGroups:
-                              description: SecurityGroups is a list of the names,
-                                uuids, filters or any combination these of the security
-                                groups to assign to the instance.
-                              items:
-                                description: SecurityGroupParam specifies an OpenStack
-                                  security group. It may be specified by ID or filter,
-                                  but not both.
-                                maxProperties: 1
-                                minProperties: 1
-                                properties:
-                                  filter:
-                                    description: Filter specifies a query to select
-                                      an OpenStack security group. If provided, cannot
-                                      be empty.
-                                    minProperties: 1
-                                    properties:
-                                      description:
-                                        type: string
-                                      name:
-                                        type: string
-                                      notTags:
-                                        description: |-
-                                          NotTags is a list of tags to filter by. If specified, resources which
-                                          contain all of the given tags will be excluded from the result.
-                                        items:
-                                          description: |-
-                                            NeutronTag represents a tag on a Neutron resource.
-                                            It may not be empty and may not contain commas.
-                                          minLength: 1
-                                          pattern: ^[^,]+$
-                                          type: string
-                                        type: array
-                                        x-kubernetes-list-type: set
-                                      notTagsAny:
-                                        description: |-
-                                          NotTagsAny is a list of tags to filter by. If specified, resources
-                                          which contain any of the given tags will be excluded from the result.
-                                        items:
-                                          description: |-
-                                            NeutronTag represents a tag on a Neutron resource.
-                                            It may not be empty and may not contain commas.
-                                          minLength: 1
-                                          pattern: ^[^,]+$
-                                          type: string
-                                        type: array
-                                        x-kubernetes-list-type: set
-                                      projectID:
-                                        type: string
-                                      tags:
-                                        description: |-
-                                          Tags is a list of tags to filter by. If specified, the resource must
-                                          have all of the tags specified to be included in the result.
-                                        items:
-                                          description: |-
-                                            NeutronTag represents a tag on a Neutron resource.
-                                            It may not be empty and may not contain commas.
-                                          minLength: 1
-                                          pattern: ^[^,]+$
-                                          type: string
-                                        type: array
-                                        x-kubernetes-list-type: set
-                                      tagsAny:
-                                        description: |-
-                                          TagsAny is a list of tags to filter by. If specified, the resource
-                                          must have at least one of the tags specified to be included in the
-                                          result.
-                                        items:
-                                          description: |-
-                                            NeutronTag represents a tag on a Neutron resource.
-                                            It may not be empty and may not contain commas.
-                                          minLength: 1
-                                          pattern: ^[^,]+$
-                                          type: string
-                                        type: array
-                                        x-kubernetes-list-type: set
-                                    type: object
-                                  id:
-                                    description: ID is the ID of the security group
-                                      to use. If ID is provided, the other filters
-                                      cannot be provided. Must be in UUID format.
-                                    format: uuid
-                                    type: string
-                                type: object
-                              type: array
-                              x-kubernetes-list-type: atomic
-                            tags:
-                              description: |-
-                                Tags applied to the port (and corresponding trunk, if a trunk is configured.)
-                                These tags are applied in addition to the instance's tags, which will also be applied to the port.
-                              items:
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            trunk:
-                              description: |-
-                                Trunk specifies whether trunking is enabled at the port level. If not
-                                provided the value is inherited from the machine, or false for a
-                                bastion host.
-                              type: boolean
-                            valueSpecs:
-                              description: |-
-                                Value specs are extra parameters to include in the API request with OpenStack.
-                                This is an extension point for the API, so what they do and if they are supported,
-                                depends on the specific OpenStack implementation.
-                              items:
-                                description: ValueSpec represents a single value_spec
-                                  key-value pair.
-                                properties:
-                                  key:
-                                    description: Key is the key in the key-value pair.
-                                    type: string
-                                  name:
-                                    description: |-
-                                      Name is the name of the key-value pair.
-                                      This is just for identifying the pair and will not be sent to the OpenStack API.
-                                    type: string
-                                  value:
-                                    description: Value is the value in the key-value
-                                      pair.
-                                    type: string
-                                required:
-                                - key
-                                - name
-                                - value
-                                type: object
-                              type: array
-                              x-kubernetes-list-map-keys:
-                              - name
-                              x-kubernetes-list-type: map
-                            vnicType:
-                              description: |-
-                                VNICType specifies the type of vNIC which this port should be
-                                attached to. This is used to determine which mechanism driver(s) to
-                                be used to bind the port. The valid values are normal, macvtap,
-                                direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
-                                remote-managed, although these values will not be validated in this
-                                API to ensure compatibility with future neutron changes or custom
-                                implementations. What type of vNIC is actually available depends on
-                                deployments. If not specified, the Neutron default value is used.
-                              type: string
-                          type: object
-                        type: array
-                      providerID:
-                        description: ProviderID is the unique identifier as specified
-                          by the cloud provider.
-                        type: string
-                      rootVolume:
-                        description: The volume metadata to boot from
-                        properties:
-                          availabilityZone:
-                            description: |-
-                              AvailabilityZone is the volume availability zone to create the volume
-                              in. If not specified, the volume will be created without an explicit
-                              availability zone.
-                            properties:
-                              from:
-                                default: Name
-                                description: |-
-                                  From specifies where we will obtain the availability zone for the
-                                  volume. The options are "Name" and "Machine". If "Name" is specified
-                                  then the Name field must also be specified. If "Machine" is specified
-                                  the volume will use the value of FailureDomain, if any, from the
-                                  associated Machine.
-                                enum:
-                                - Name
-                                - Machine
-                                type: string
-                              name:
-                                description: |-
-                                  Name is the name of a volume availability zone to use. It is required
-                                  if From is "Name". The volume availability zone name may not contain
-                                  spaces.
-                                minLength: 1
-                                pattern: ^[^ ]+$
-                                type: string
-                            type: object
-                            x-kubernetes-validations:
-                            - message: name is required when from is 'Name' or default
-                              rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
-                                : !has(self.name)'
-                          sizeGiB:
-                            description: SizeGiB is the size of the block device in
-                              gibibytes (GiB).
-                            minimum: 1
-                            type: integer
-                          type:
-                            description: |-
-                              Type is the Cinder volume type of the volume.
-                              If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                              will be used.
-                            type: string
-                        required:
-                        - sizeGiB
-                        type: object
-                      schedulerHintAdditionalProperties:
-                        description: |-
-                          SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
-                          to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
-                          such as specifying certain host aggregates or availability zones.
-                        items:
-                          description: |-
-                            SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
-                            It includes a Name to identify the property and a Value that can be of various types.
-                          properties:
-                            name:
-                              description: |-
-                                Name is the name of the scheduler hint property.
-                                It is a unique identifier for the property.
-                              minLength: 1
-                              type: string
-                            value:
-                              description: |-
-                                Value is the value of the scheduler hint property, which can be of various types
-                                (e.g., bool, string, int). The type is indicated by the Value.Type field.
-                              properties:
-                                bool:
-                                  description: |-
-                                    Bool is the boolean value of the scheduler hint, used when Type is "Bool".
-                                    This field is required if type is 'Bool', and must not be set otherwise.
-                                  type: boolean
-                                number:
-                                  description: |-
-                                    Number is the integer value of the scheduler hint, used when Type is "Number".
-                                    This field is required if type is 'Number', and must not be set otherwise.
-                                  type: integer
-                                string:
-                                  description: |-
-                                    String is the string value of the scheduler hint, used when Type is "String".
-                                    This field is required if type is 'String', and must not be set otherwise.
-                                  maxLength: 255
-                                  minLength: 1
-                                  type: string
-                                type:
-                                  description: |-
-                                    Type represents the type of the value.
-                                    Valid values are Bool, String, and Number.
-                                  enum:
-                                  - Bool
-                                  - String
-                                  - Number
-                                  type: string
-                              required:
-                              - type
-                              type: object
-                              x-kubernetes-validations:
-                              - message: bool is required when type is Bool, and forbidden
-                                  otherwise
-                                rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
-                                  : !has(self.bool)'
-                              - message: number is required when type is Number, and
-                                  forbidden otherwise
-                                rule: 'has(self.type) && self.type == ''Number'' ?
-                                  has(self.number) : !has(self.number)'
-                              - message: string is required when type is String, and
-                                  forbidden otherwise
-                                rule: 'has(self.type) && self.type == ''String'' ?
-                                  has(self.string) : !has(self.string)'
-                          required:
-                          - name
-                          - value
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - name
-                        x-kubernetes-list-type: map
-                      securityGroups:
-                        description: The names of the security groups to assign to
-                          the instance
-                        items:
-                          description: SecurityGroupParam specifies an OpenStack security
-                            group. It may be specified by ID or filter, but not both.
-                          maxProperties: 1
-                          minProperties: 1
-                          properties:
-                            filter:
-                              description: Filter specifies a query to select an OpenStack
-                                security group. If provided, cannot be empty.
-                              minProperties: 1
-                              properties:
-                                description:
-                                  type: string
-                                name:
-                                  type: string
-                                notTags:
-                                  description: |-
-                                    NotTags is a list of tags to filter by. If specified, resources which
-                                    contain all of the given tags will be excluded from the result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                                notTagsAny:
-                                  description: |-
-                                    NotTagsAny is a list of tags to filter by. If specified, resources
-                                    which contain any of the given tags will be excluded from the result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                                projectID:
-                                  type: string
-                                tags:
-                                  description: |-
-                                    Tags is a list of tags to filter by. If specified, the resource must
-                                    have all of the tags specified to be included in the result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                                tagsAny:
-                                  description: |-
-                                    TagsAny is a list of tags to filter by. If specified, the resource
-                                    must have at least one of the tags specified to be included in the
-                                    result.
-                                  items:
-                                    description: |-
-                                      NeutronTag represents a tag on a Neutron resource.
-                                      It may not be empty and may not contain commas.
-                                    minLength: 1
-                                    pattern: ^[^,]+$
-                                    type: string
-                                  type: array
-                                  x-kubernetes-list-type: set
-                              type: object
-                            id:
-                              description: ID is the ID of the security group to use.
-                                If ID is provided, the other filters cannot be provided.
-                                Must be in UUID format.
-                              format: uuid
-                              type: string
-                          type: object
-                        type: array
-                      serverGroup:
-                        description: The server group to assign the machine to.
-                        maxProperties: 1
-                        minProperties: 1
-                        properties:
-                          filter:
-                            description: Filter specifies a query to select an OpenStack
-                              server group. If provided, it cannot be empty.
-                            minProperties: 1
-                            properties:
-                              name:
-                                description: Name is the name of a server group to
-                                  look for.
-                                type: string
-                            type: object
-                          id:
-                            description: ID is the ID of the server group to use.
-                            format: uuid
-                            type: string
-                        type: object
-                      serverMetadata:
-                        description: Metadata mapping. Allows you to create a map
-                          of key value pairs to add to the server instance.
-                        items:
-                          properties:
-                            key:
-                              description: Key is the server metadata key
-                              maxLength: 255
-                              type: string
-                            value:
-                              description: Value is the server metadata value
-                              maxLength: 255
-                              type: string
-                          required:
-                          - key
-                          - value
-                          type: object
-                        type: array
-                        x-kubernetes-list-map-keys:
-                        - key
-                        x-kubernetes-list-type: map
-                      sshKeyName:
-                        description: The ssh key to inject in the instance
-                        type: string
-                      tags:
-                        description: |-
-                          Tags which will be added to the machine and all dependent resources
-                          which support them. These are in addition to Tags defined on the
-                          cluster.
-                          Requires Nova api 2.52 minimum!
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                      trunk:
-                        description: Whether the server instance is created on a trunk
-                          port or not.
-                        type: boolean
-                    required:
-                    - image
-                    type: object
-                    x-kubernetes-validations:
-                    - message: at least one of flavor or flavorID must be set
-                      rule: (has(self.flavor) || has(self.flavorID))
-                required:
-                - spec
-                type: object
-            required:
-            - template
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
-    controller-gen.kubebuilder.io/version: v0.16.5
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
-    clusterctl.cluster.x-k8s.io: ""
-  name: openstackservers.infrastructure.cluster.x-k8s.io
-spec:
-  group: infrastructure.cluster.x-k8s.io
-  names:
-    categories:
-    - cluster-api
-    kind: OpenStackServer
-    listKind: OpenStackServerList
-    plural: openstackservers
-    shortNames:
-    - oss
-    singular: openstackserver
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: OpenStack instance state
-      jsonPath: .status.instanceState
-      name: InstanceState
-      type: string
-    - description: OpenStack instance ready status
-      jsonPath: .status.ready
-      name: Ready
-      type: string
-    - description: OpenStack instance ID
-      jsonPath: .status.instanceID
-      name: InstanceID
-      type: string
-    - description: Time duration since creation of OpenStack instance
-      jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: OpenStackServer is the Schema for the openstackservers API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OpenStackServerSpec defines the desired state of OpenStackServer.
-            properties:
-              additionalBlockDevices:
-                description: AdditionalBlockDevices is a list of specifications for
-                  additional block devices to attach to the server instance.
-                items:
-                  description: AdditionalBlockDevice is a block device to attach to
-                    the server.
-                  properties:
-                    name:
-                      description: |-
-                        Name of the block device in the context of a machine.
-                        If the block device is a volume, the Cinder volume will be named
-                        as a combination of the machine name and this name.
-                        Also, this name will be used for tagging the block device.
-                        Information about the block device tag can be obtained from the OpenStack
-                        metadata API or the config drive.
-                        Name cannot be 'root', which is reserved for the root volume.
-                      type: string
-                    sizeGiB:
-                      description: SizeGiB is the size of the block device in gibibytes
-                        (GiB).
-                      minimum: 1
-                      type: integer
-                    storage:
-                      description: |-
-                        Storage specifies the storage type of the block device and
-                        additional storage options.
-                      properties:
-                        type:
-                          description: |-
-                            Type is the type of block device to create.
-                            This can be either "Volume" or "Local".
-                          type: string
-                        volume:
-                          description: Volume contains additional storage options
-                            for a volume block device.
-                          properties:
-                            availabilityZone:
-                              description: |-
-                                AvailabilityZone is the volume availability zone to create the volume
-                                in. If not specified, the volume will be created without an explicit
-                                availability zone.
-                              properties:
-                                from:
-                                  default: Name
-                                  description: |-
-                                    From specifies where we will obtain the availability zone for the
-                                    volume. The options are "Name" and "Machine". If "Name" is specified
-                                    then the Name field must also be specified. If "Machine" is specified
-                                    the volume will use the value of FailureDomain, if any, from the
-                                    associated Machine.
-                                  enum:
-                                  - Name
-                                  - Machine
-                                  type: string
-                                name:
-                                  description: |-
-                                    Name is the name of a volume availability zone to use. It is required
-                                    if From is "Name". The volume availability zone name may not contain
-                                    spaces.
-                                  minLength: 1
-                                  pattern: ^[^ ]+$
-                                  type: string
-                              type: object
-                              x-kubernetes-validations:
-                              - message: name is required when from is 'Name' or default
-                                rule: '!has(self.from) || self.from == ''Name'' ?
-                                  has(self.name) : !has(self.name)'
-                            type:
-                              description: |-
-                                Type is the Cinder volume type of the volume.
-                                If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                                will be used.
-                              type: string
-                          type: object
-                      required:
-                      - type
-                      type: object
-                  required:
-                  - name
-                  - sizeGiB
-                  - storage
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - name
-                x-kubernetes-list-type: map
-              availabilityZone:
-                description: AvailabilityZone is the availability zone in which to
-                  create the server instance.
-                type: string
-              configDrive:
-                description: ConfigDrive is a flag to enable config drive for the
-                  server instance.
-                type: boolean
-              flavor:
-                description: The flavor reference for the flavor for the server instance.
-                minLength: 1
-                type: string
-              flavorID:
-                description: |-
-                  FlavorID allows flavors to be specified by ID.  This field takes precedence
-                  over Flavor.
-                minLength: 1
-                type: string
-              floatingIPPoolRef:
-                description: FloatingIPPoolRef is a reference to a FloatingIPPool
-                  to allocate a floating IP from.
-                properties:
-                  apiGroup:
-                    description: |-
-                      APIGroup is the group for the resource being referenced.
-                      If APIGroup is not specified, the specified Kind must be in the core API group.
-                      For any other third-party types, APIGroup is required.
-                    type: string
-                  kind:
-                    description: Kind is the type of resource being referenced
-                    type: string
-                  name:
-                    description: Name is the name of resource being referenced
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-                x-kubernetes-map-type: atomic
-              identityRef:
-                description: IdentityRef is a reference to a secret holding OpenStack
-                  credentials.
-                properties:
-                  cloudName:
-                    description: CloudName specifies the name of the entry in the
-                      clouds.yaml file to use.
-                    type: string
-                  name:
-                    description: |-
-                      Name is the name of a secret in the same namespace as the resource being provisioned.
-                      The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
-                      The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
-                    type: string
-                  region:
-                    description: |-
-                      Region specifies an OpenStack region to use. If specified, it overrides
-                      any value in clouds.yaml. If specified for an OpenStackMachine, its
-                      value will be included in providerID.
-                    type: string
-                required:
-                - cloudName
-                - name
-                type: object
-                x-kubernetes-validations:
-                - message: region is immutable
-                  rule: (!has(self.region) && !has(oldSelf.region)) || self.region
-                    == oldSelf.region
-              image:
-                description: The image to use for the server instance.
-                maxProperties: 1
-                minProperties: 1
-                properties:
-                  filter:
-                    description: |-
-                      Filter describes a query for an image. If specified, the combination
-                      of name and tags must return a single matching image or an error will
-                      be raised.
-                    minProperties: 1
-                    properties:
-                      name:
-                        description: The name of the desired image. If specified,
-                          the combination of name and tags must return a single matching
-                          image or an error will be raised.
-                        type: string
-                      tags:
-                        description: The tags associated with the desired image. If
-                          specified, the combination of name and tags must return
-                          a single matching image or an error will be raised.
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
-                    type: object
-                  id:
-                    description: ID is the uuid of the image. ID will not be validated
-                      before use.
-                    format: uuid
-                    type: string
-                  imageRef:
-                    description: |-
-                      ImageRef is a reference to an ORC Image in the same namespace as the
-                      referring object.
-                    properties:
-                      name:
-                        description: Name is the name of the referenced resource
-                        type: string
-                    required:
-                    - name
-                    type: object
-                type: object
-              ports:
-                description: Ports to be attached to the server instance.
-                items:
-                  properties:
-                    adminStateUp:
-                      description: AdminStateUp specifies whether the port should
-                        be created in the up (true) or down (false) state. The default
-                        is up.
-                      type: boolean
-                    allowedAddressPairs:
-                      description: |-
-                        AllowedAddressPairs is a list of address pairs which Neutron will
-                        allow the port to send traffic from in addition to the port's
-                        addresses. If not specified, the MAC Address will be the MAC Address
-                        of the port. Depending on the configuration of Neutron, it may be
-                        supported to specify a CIDR instead of a specific IP address.
-                      items:
-                        properties:
-                          ipAddress:
-                            description: |-
-                              IPAddress is the IP address of the allowed address pair. Depending on
-                              the configuration of Neutron, it may be supported to specify a CIDR
-                              instead of a specific IP address.
-                            type: string
-                          macAddress:
-                            description: |-
-                              MACAddress is the MAC address of the allowed address pair. If not
-                              specified, the MAC address will be the MAC address of the port.
-                            type: string
-                        required:
-                        - ipAddress
-                        type: object
-                      type: array
-                    description:
-                      description: Description is a human-readable description for
-                        the port.
-                      type: string
-                    disablePortSecurity:
-                      description: |-
-                        DisablePortSecurity enables or disables the port security when set.
-                        When not set, it takes the value of the corresponding field at the network level.
-                      type: boolean
-                    fixedIPs:
-                      description: FixedIPs is a list of pairs of subnet and/or IP
-                        address to assign to the port. If specified, these must be
-                        subnets of the port's network.
-                      items:
-                        properties:
-                          ipAddress:
-                            description: |-
-                              IPAddress is a specific IP address to assign to the port. If Subnet
-                              is also specified, IPAddress must be a valid IP address in the
-                              subnet. If Subnet is not specified, IPAddress must be a valid IP
-                              address in any subnet of the port's network.
-                            type: string
-                          subnet:
-                            description: |-
-                              Subnet is an openstack subnet query that will return the id of a subnet to create
-                              the fixed IP of a port in. This query must not return more than one subnet.
-                            maxProperties: 1
-                            minProperties: 1
-                            properties:
-                              filter:
-                                description: Filter specifies a filter to select the
-                                  subnet. It must match exactly one subnet.
-                                minProperties: 1
-                                properties:
-                                  cidr:
-                                    type: string
-                                  description:
-                                    type: string
-                                  gatewayIP:
-                                    type: string
-                                  ipVersion:
-                                    type: integer
-                                  ipv6AddressMode:
-                                    type: string
-                                  ipv6RAMode:
-                                    type: string
-                                  name:
-                                    type: string
-                                  notTags:
-                                    description: |-
-                                      NotTags is a list of tags to filter by. If specified, resources which
-                                      contain all of the given tags will be excluded from the result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                  notTagsAny:
-                                    description: |-
-                                      NotTagsAny is a list of tags to filter by. If specified, resources
-                                      which contain any of the given tags will be excluded from the result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                  projectID:
-                                    type: string
-                                  tags:
-                                    description: |-
-                                      Tags is a list of tags to filter by. If specified, the resource must
-                                      have all of the tags specified to be included in the result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                  tagsAny:
-                                    description: |-
-                                      TagsAny is a list of tags to filter by. If specified, the resource
-                                      must have at least one of the tags specified to be included in the
-                                      result.
-                                    items:
-                                      description: |-
-                                        NeutronTag represents a tag on a Neutron resource.
-                                        It may not be empty and may not contain commas.
-                                      minLength: 1
-                                      pattern: ^[^,]+$
-                                      type: string
-                                    type: array
-                                    x-kubernetes-list-type: set
-                                type: object
-                              id:
-                                description: ID is the uuid of the subnet. It will
-                                  not be validated.
-                                format: uuid
-                                type: string
-                            type: object
-                        type: object
-                      type: array
-                      x-kubernetes-list-type: atomic
-                    hostID:
-                      description: HostID specifies the ID of the host where the port
-                        resides.
-                      type: string
-                    macAddress:
-                      description: MACAddress specifies the MAC address of the port.
-                        If not specified, the MAC address will be generated.
-                      type: string
-                    nameSuffix:
-                      description: NameSuffix will be appended to the name of the
-                        port if specified. If unspecified, instead the 0-based index
-                        of the port in the list is used.
-                      type: string
-                    network:
-                      description: |-
-                        Network is a query for an openstack network that the port will be created or discovered on.
-                        This will fail if the query returns more than one network.
-                      maxProperties: 1
-                      minProperties: 1
-                      properties:
-                        filter:
-                          description: Filter specifies a filter to select an OpenStack
-                            network. If provided, cannot be empty.
-                          minProperties: 1
-                          properties:
-                            description:
-                              type: string
-                            name:
-                              type: string
-                            notTags:
-                              description: |-
-                                NotTags is a list of tags to filter by. If specified, resources which
-                                contain all of the given tags will be excluded from the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            notTagsAny:
-                              description: |-
-                                NotTagsAny is a list of tags to filter by. If specified, resources
-                                which contain any of the given tags will be excluded from the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            projectID:
-                              type: string
-                            tags:
-                              description: |-
-                                Tags is a list of tags to filter by. If specified, the resource must
-                                have all of the tags specified to be included in the result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                            tagsAny:
-                              description: |-
-                                TagsAny is a list of tags to filter by. If specified, the resource
-                                must have at least one of the tags specified to be included in the
-                                result.
-                              items:
-                                description: |-
-                                  NeutronTag represents a tag on a Neutron resource.
-                                  It may not be empty and may not contain commas.
-                                minLength: 1
-                                pattern: ^[^,]+$
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
-                          type: object
-                        id:
-                          description: ID is the ID of the network to use. If ID is
-                            provided, the other filters cannot be provided. Must be
-                            in UUID format.
-                          format: uuid
-                          type: string
-                      type: object
-                    profile:
-                      description: |-
-                        Profile is a set of key-value pairs that are used for binding
-                        details. We intentionally don't expose this as a map[string]string
-                        because we only want to enable the users to set the values of the
-                        keys that are known to work in OpenStack Networking API.  See
-                        https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                        To set profiles, your tenant needs permissions rule:create_port, and
-                        rule:create_port:binding:profile
-                      properties:
-                        ovsHWOffload:
-                          description: |-
-                            OVSHWOffload enables or disables the OVS hardware offload feature.
-                            This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
-                            See: https://bugs.launchpad.net/nova/+bug/2020813
-                          type: boolean
-                        trustedVF:
-                          description: TrustedVF enables or disables the “trusted
-                            mode” for the VF.
-                          type: boolean
-                      type: object
-                    propagateUplinkStatus:
-                      description: PropageteUplinkStatus enables or disables the propagate
-                        uplink status on the port.
-                      type: boolean
-                    securityGroups:
-                      description: SecurityGroups is a list of the names, uuids, filters
-                        or any combination these of the security groups to assign
-                        to the instance.
-                      items:
-                        description: SecurityGroupParam specifies an OpenStack security
-                          group. It may be specified by ID or filter, but not both.
-                        maxProperties: 1
-                        minProperties: 1
-                        properties:
-                          filter:
-                            description: Filter specifies a query to select an OpenStack
-                              security group. If provided, cannot be empty.
-                            minProperties: 1
-                            properties:
-                              description:
-                                type: string
-                              name:
-                                type: string
-                              notTags:
-                                description: |-
-                                  NotTags is a list of tags to filter by. If specified, resources which
-                                  contain all of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              notTagsAny:
-                                description: |-
-                                  NotTagsAny is a list of tags to filter by. If specified, resources
-                                  which contain any of the given tags will be excluded from the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              projectID:
-                                type: string
-                              tags:
-                                description: |-
-                                  Tags is a list of tags to filter by. If specified, the resource must
-                                  have all of the tags specified to be included in the result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                              tagsAny:
-                                description: |-
-                                  TagsAny is a list of tags to filter by. If specified, the resource
-                                  must have at least one of the tags specified to be included in the
-                                  result.
-                                items:
-                                  description: |-
-                                    NeutronTag represents a tag on a Neutron resource.
-                                    It may not be empty and may not contain commas.
-                                  minLength: 1
-                                  pattern: ^[^,]+$
-                                  type: string
-                                type: array
-                                x-kubernetes-list-type: set
-                            type: object
-                          id:
-                            description: ID is the ID of the security group to use.
-                              If ID is provided, the other filters cannot be provided.
-                              Must be in UUID format.
-                            format: uuid
-                            type: string
-                        type: object
-                      type: array
-                      x-kubernetes-list-type: atomic
-                    tags:
-                      description: |-
-                        Tags applied to the port (and corresponding trunk, if a trunk is configured.)
-                        These tags are applied in addition to the instance's tags, which will also be applied to the port.
-                      items:
-                        type: string
-                      type: array
-                      x-kubernetes-list-type: set
-                    trunk:
-                      description: |-
-                        Trunk specifies whether trunking is enabled at the port level. If not
-                        provided the value is inherited from the machine, or false for a
-                        bastion host.
-                      type: boolean
-                    valueSpecs:
-                      description: |-
-                        Value specs are extra parameters to include in the API request with OpenStack.
-                        This is an extension point for the API, so what they do and if they are supported,
-                        depends on the specific OpenStack implementation.
-                      items:
-                        description: ValueSpec represents a single value_spec key-value
-                          pair.
-                        properties:
-                          key:
-                            description: Key is the key in the key-value pair.
-                            type: string
-                          name:
-                            description: |-
-                              Name is the name of the key-value pair.
-                              This is just for identifying the pair and will not be sent to the OpenStack API.
-                            type: string
-                          value:
-                            description: Value is the value in the key-value pair.
-                            type: string
-                        required:
-                        - key
-                        - name
-                        - value
-                        type: object
-                      type: array
-                      x-kubernetes-list-map-keys:
-                      - name
-                      x-kubernetes-list-type: map
-                    vnicType:
-                      description: |-
-                        VNICType specifies the type of vNIC which this port should be
-                        attached to. This is used to determine which mechanism driver(s) to
-                        be used to bind the port. The valid values are normal, macvtap,
-                        direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
-                        remote-managed, although these values will not be validated in this
-                        API to ensure compatibility with future neutron changes or custom
-                        implementations. What type of vNIC is actually available depends on
-                        deployments. If not specified, the Neutron default value is used.
-                      type: string
-                  type: object
-                type: array
-              rootVolume:
-                description: RootVolume is the specification for the root volume of
-                  the server instance.
-                properties:
-                  availabilityZone:
-                    description: |-
-                      AvailabilityZone is the volume availability zone to create the volume
-                      in. If not specified, the volume will be created without an explicit
-                      availability zone.
-                    properties:
-                      from:
-                        default: Name
-                        description: |-
-                          From specifies where we will obtain the availability zone for the
-                          volume. The options are "Name" and "Machine". If "Name" is specified
-                          then the Name field must also be specified. If "Machine" is specified
-                          the volume will use the value of FailureDomain, if any, from the
-                          associated Machine.
-                        enum:
-                        - Name
-                        - Machine
-                        type: string
-                      name:
-                        description: |-
-                          Name is the name of a volume availability zone to use. It is required
-                          if From is "Name". The volume availability zone name may not contain
-                          spaces.
-                        minLength: 1
-                        pattern: ^[^ ]+$
-                        type: string
-                    type: object
-                    x-kubernetes-validations:
-                    - message: name is required when from is 'Name' or default
-                      rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
-                        : !has(self.name)'
-                  sizeGiB:
-                    description: SizeGiB is the size of the block device in gibibytes
-                      (GiB).
-                    minimum: 1
-                    type: integer
-                  type:
-                    description: |-
-                      Type is the Cinder volume type of the volume.
-                      If omitted, the default Cinder volume type that is configured in the OpenStack cloud
-                      will be used.
-                    type: string
-                required:
-                - sizeGiB
-                type: object
-              schedulerHintAdditionalProperties:
-                description: |-
-                  SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
-                  to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
-                  such as specifying certain host aggregates or availability zones.
-                items:
-                  description: |-
-                    SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
-                    It includes a Name to identify the property and a Value that can be of various types.
-                  properties:
-                    name:
-                      description: |-
-                        Name is the name of the scheduler hint property.
-                        It is a unique identifier for the property.
-                      minLength: 1
-                      type: string
-                    value:
-                      description: |-
-                        Value is the value of the scheduler hint property, which can be of various types
-                        (e.g., bool, string, int). The type is indicated by the Value.Type field.
-                      properties:
-                        bool:
-                          description: |-
-                            Bool is the boolean value of the scheduler hint, used when Type is "Bool".
-                            This field is required if type is 'Bool', and must not be set otherwise.
-                          type: boolean
-                        number:
-                          description: |-
-                            Number is the integer value of the scheduler hint, used when Type is "Number".
-                            This field is required if type is 'Number', and must not be set otherwise.
-                          type: integer
-                        string:
-                          description: |-
-                            String is the string value of the scheduler hint, used when Type is "String".
-                            This field is required if type is 'String', and must not be set otherwise.
-                          maxLength: 255
-                          minLength: 1
-                          type: string
-                        type:
-                          description: |-
-                            Type represents the type of the value.
-                            Valid values are Bool, String, and Number.
-                          enum:
-                          - Bool
-                          - String
-                          - Number
-                          type: string
-                      required:
-                      - type
-                      type: object
-                      x-kubernetes-validations:
-                      - message: bool is required when type is Bool, and forbidden
-                          otherwise
-                        rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
-                          : !has(self.bool)'
-                      - message: number is required when type is Number, and forbidden
-                          otherwise
-                        rule: 'has(self.type) && self.type == ''Number'' ? has(self.number)
-                          : !has(self.number)'
-                      - message: string is required when type is String, and forbidden
-                          otherwise
-                        rule: 'has(self.type) && self.type == ''String'' ? has(self.string)
-                          : !has(self.string)'
-                  required:
-                  - name
-                  - value
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - name
-                x-kubernetes-list-type: map
-              securityGroups:
-                description: SecurityGroups is a list of security groups names to
-                  assign to the instance.
-                items:
-                  description: SecurityGroupParam specifies an OpenStack security
-                    group. It may be specified by ID or filter, but not both.
-                  maxProperties: 1
-                  minProperties: 1
-                  properties:
-                    filter:
-                      description: Filter specifies a query to select an OpenStack
-                        security group. If provided, cannot be empty.
-                      minProperties: 1
-                      properties:
-                        description:
-                          type: string
-                        name:
-                          type: string
-                        notTags:
-                          description: |-
-                            NotTags is a list of tags to filter by. If specified, resources which
-                            contain all of the given tags will be excluded from the result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        notTagsAny:
-                          description: |-
-                            NotTagsAny is a list of tags to filter by. If specified, resources
-                            which contain any of the given tags will be excluded from the result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        projectID:
-                          type: string
-                        tags:
-                          description: |-
-                            Tags is a list of tags to filter by. If specified, the resource must
-                            have all of the tags specified to be included in the result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        tagsAny:
-                          description: |-
-                            TagsAny is a list of tags to filter by. If specified, the resource
-                            must have at least one of the tags specified to be included in the
-                            result.
-                          items:
-                            description: |-
-                              NeutronTag represents a tag on a Neutron resource.
-                              It may not be empty and may not contain commas.
-                            minLength: 1
-                            pattern: ^[^,]+$
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                      type: object
-                    id:
-                      description: ID is the ID of the security group to use. If ID
-                        is provided, the other filters cannot be provided. Must be
-                        in UUID format.
-                      format: uuid
-                      type: string
-                  type: object
-                type: array
-              serverGroup:
-                description: ServerGroup is the server group to which the server instance
-                  belongs.
-                maxProperties: 1
-                minProperties: 1
-                properties:
-                  filter:
-                    description: Filter specifies a query to select an OpenStack server
-                      group. If provided, it cannot be empty.
-                    minProperties: 1
-                    properties:
-                      name:
-                        description: Name is the name of a server group to look for.
-                        type: string
-                    type: object
-                  id:
-                    description: ID is the ID of the server group to use.
-                    format: uuid
-                    type: string
-                type: object
-              serverMetadata:
-                description: ServerMetadata is a map of key value pairs to add to
-                  the server instance.
-                items:
-                  properties:
-                    key:
-                      description: Key is the server metadata key
-                      maxLength: 255
-                      type: string
-                    value:
-                      description: Value is the server metadata value
-                      maxLength: 255
-                      type: string
-                  required:
-                  - key
-                  - value
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - key
-                x-kubernetes-list-type: map
-              sshKeyName:
-                description: SSHKeyName is the name of the SSH key to inject in the
-                  instance.
-                type: string
-              tags:
-                description: |-
-                  Tags which will be added to the machine and all dependent resources
-                  which support them. These are in addition to Tags defined on the
-                  cluster.
-                  Requires Nova api 2.52 minimum!
-                items:
-                  type: string
-                type: array
-                x-kubernetes-list-type: set
-              trunk:
-                description: Trunk is a flag to indicate if the server instance is
-                  created on a trunk port or not.
-                type: boolean
-              userDataRef:
-                description: |-
-                  UserDataRef is a reference to a secret containing the user data to
-                  be injected into the server instance.
-                properties:
-                  name:
-                    default: ""
-                    description: |-
-                      Name of the referent.
-                      This field is effectively required, but due to backwards compatibility is
-                      allowed to be empty. Instances of this type with an empty value here are
-                      almost certainly wrong.
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-            required:
-            - identityRef
-            - image
-            - ports
-            - sshKeyName
-            type: object
-            x-kubernetes-validations:
-            - message: at least one of flavor or flavorID must be set
-              rule: (has(self.flavor) || has(self.flavorID))
-          status:
-            description: OpenStackServerStatus defines the observed state of OpenStackServer.
-            properties:
-              addresses:
-                description: Addresses is the list of addresses of the server instance.
-                items:
-                  description: NodeAddress contains information for the node's address.
-                  properties:
-                    address:
-                      description: The node address.
-                      type: string
-                    type:
-                      description: Node address type, one of Hostname, ExternalIP
-                        or InternalIP.
-                      type: string
-                  required:
-                  - address
-                  - type
-                  type: object
-                type: array
-              conditions:
-                description: Conditions defines current service state of the OpenStackServer.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              instanceID:
-                description: InstanceID is the ID of the server instance.
-                type: string
-              instanceState:
-                description: InstanceState is the state of the server instance.
-                type: string
-              ready:
-                default: false
-                description: Ready is true when the OpenStack server is ready.
-                type: boolean
-              resolved:
-                description: |-
-                  Resolved contains parts of the machine spec with all external
-                  references fully resolved.
-                properties:
-                  flavorID:
-                    description: FlavorID is the ID of the flavor to use.
-                    type: string
-                  imageID:
-                    description: ImageID is the ID of the image to use for the server
-                      and is calculated based on ImageFilter.
-                    type: string
-                  ports:
-                    description: Ports is the fully resolved list of ports to create
-                      for the server.
-                    items:
-                      description: ResolvedPortSpec is a PortOpts with all contained
-                        references fully resolved.
-                      properties:
-                        adminStateUp:
-                          description: AdminStateUp specifies whether the port should
-                            be created in the up (true) or down (false) state. The
-                            default is up.
-                          type: boolean
-                        allowedAddressPairs:
-                          description: |-
-                            AllowedAddressPairs is a list of address pairs which Neutron will
-                            allow the port to send traffic from in addition to the port's
-                            addresses. If not specified, the MAC Address will be the MAC Address
-                            of the port. Depending on the configuration of Neutron, it may be
-                            supported to specify a CIDR instead of a specific IP address.
-                          items:
-                            properties:
-                              ipAddress:
-                                description: |-
-                                  IPAddress is the IP address of the allowed address pair. Depending on
-                                  the configuration of Neutron, it may be supported to specify a CIDR
-                                  instead of a specific IP address.
-                                type: string
-                              macAddress:
-                                description: |-
-                                  MACAddress is the MAC address of the allowed address pair. If not
-                                  specified, the MAC address will be the MAC address of the port.
-                                type: string
-                            required:
-                            - ipAddress
-                            type: object
-                          type: array
-                        description:
-                          description: Description is a human-readable description
-                            for the port.
-                          type: string
-                        disablePortSecurity:
-                          description: |-
-                            DisablePortSecurity enables or disables the port security when set.
-                            When not set, it takes the value of the corresponding field at the network level.
-                          type: boolean
-                        fixedIPs:
-                          description: FixedIPs is a list of pairs of subnet and/or
-                            IP address to assign to the port. If specified, these
-                            must be subnets of the port's network.
-                          items:
-                            description: ResolvedFixedIP is a FixedIP with the Subnet
-                              resolved to an ID.
-                            properties:
-                              ipAddress:
-                                description: |-
-                                  IPAddress is a specific IP address to assign to the port. If SubnetID
-                                  is also specified, IPAddress must be a valid IP address in the
-                                  subnet. If Subnet is not specified, IPAddress must be a valid IP
-                                  address in any subnet of the port's network.
-                                type: string
-                              subnet:
-                                description: SubnetID is the id of a subnet to create
-                                  the fixed IP of a port in.
-                                type: string
-                            type: object
-                          type: array
-                          x-kubernetes-list-type: atomic
-                        hostID:
-                          description: HostID specifies the ID of the host where the
-                            port resides.
-                          type: string
-                        macAddress:
-                          description: MACAddress specifies the MAC address of the
-                            port. If not specified, the MAC address will be generated.
-                          type: string
-                        name:
-                          description: Name is the name of the port.
-                          type: string
-                        networkID:
-                          description: NetworkID is the ID of the network the port
-                            will be created in.
-                          type: string
-                        profile:
-                          description: |-
-                            Profile is a set of key-value pairs that are used for binding
-                            details. We intentionally don't expose this as a map[string]string
-                            because we only want to enable the users to set the values of the
-                            keys that are known to work in OpenStack Networking API.  See
-                            https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
-                            To set profiles, your tenant needs permissions rule:create_port, and
-                            rule:create_port:binding:profile
-                          properties:
-                            ovsHWOffload:
-                              description: |-
-                                OVSHWOffload enables or disables the OVS hardware offload feature.
-                                This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
-                                See: https://bugs.launchpad.net/nova/+bug/2020813
-                              type: boolean
-                            trustedVF:
-                              description: TrustedVF enables or disables the “trusted
-                                mode” for the VF.
-                              type: boolean
-                          type: object
-                        propagateUplinkStatus:
-                          description: PropageteUplinkStatus enables or disables the
-                            propagate uplink status on the port.
-                          type: boolean
-                        securityGroups:
-                          description: SecurityGroups is a list of security group
-                            IDs to assign to the port.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                        tags:
-                          description: Tags applied to the port (and corresponding
-                            trunk, if a trunk is configured.)
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: set
-                        trunk:
-                          description: Trunk specifies whether trunking is enabled
-                            at the port level.
-                          type: boolean
-                        valueSpecs:
-                          description: |-
-                            Value specs are extra parameters to include in the API request with OpenStack.
-                            This is an extension point for the API, so what they do and if they are supported,
-                            depends on the specific OpenStack implementation.
-                          items:
-                            description: ValueSpec represents a single value_spec
-                              key-value pair.
-                            properties:
-                              key:
-                                description: Key is the key in the key-value pair.
-                                type: string
-                              name:
-                                description: |-
-                                  Name is the name of the key-value pair.
-                                  This is just for identifying the pair and will not be sent to the OpenStack API.
-                                type: string
-                              value:
-                                description: Value is the value in the key-value pair.
-                                type: string
-                            required:
-                            - key
-                            - name
-                            - value
-                            type: object
-                          type: array
-                          x-kubernetes-list-map-keys:
-                          - name
-                          x-kubernetes-list-type: map
-                        vnicType:
-                          description: |-
-                            VNICType specifies the type of vNIC which this port should be
-                            attached to. This is used to determine which mechanism driver(s) to
-                            be used to bind the port. The valid values are normal, macvtap,
-                            direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
-                            remote-managed, although these values will not be validated in this
-                            API to ensure compatibility with future neutron changes or custom
-                            implementations. What type of vNIC is actually available depends on
-                            deployments. If not specified, the Neutron default value is used.
-                          type: string
-                      required:
-                      - description
-                      - name
-                      - networkID
-                      type: object
-                    type: array
-                  serverGroupID:
-                    description: ServerGroupID is the ID of the server group the server
-                      should be added to and is calculated based on ServerGroupFilter.
-                    type: string
-                type: object
-              resources:
-                description: Resources contains references to OpenStack resources
-                  created for the machine.
-                properties:
-                  ports:
-                    description: Ports is the status of the ports created for the
-                      server.
-                    items:
-                      properties:
-                        id:
-                          description: ID is the unique identifier of the port.
-                          type: string
-                      required:
-                      - id
-                      type: object
-                    type: array
-                type: object
-            required:
-            - ready
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-  name: capo-manager
-  namespace: capo-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-  name: capo-leader-election-role
-  namespace: capo-system
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - configmaps/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-  name: capo-manager-role
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
-  - clusters
-  - clusters/status
-  - machines
-  - machines/status
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - infrastructure.cluster.x-k8s.io
-  resources:
-  - openstackclusters
-  - openstackfloatingippools
-  - openstackmachines
-  - openstackservers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - infrastructure.cluster.x-k8s.io
-  resources:
-  - openstackclusters/status
-  - openstackfloatingippools/status
-  - openstackmachines/status
-  - openstackservers/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ipam.cluster.x-k8s.io
-  resources:
-  - ipaddressclaims
-  - ipaddressclaims/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ipam.cluster.x-k8s.io
-  resources:
-  - ipaddresses
-  - ipaddresses/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - update
-  - watch
-- apiGroups:
-  - openstack.k-orc.cloud
-  resources:
-  - images
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-  name: capo-leader-election-rolebinding
-  namespace: capo-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: capo-leader-election-role
-subjects:
-- kind: ServiceAccount
-  name: capo-manager
-  namespace: capo-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-  name: capo-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: capo-manager-role
-subjects:
-- kind: ServiceAccount
-  name: capo-manager
-  namespace: capo-system
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-  name: capo-webhook-service
-  namespace: capo-system
-spec:
-  ports:
-  - port: 443
-    targetPort: webhook-server
-  selector:
-    cluster.x-k8s.io/provider: infrastructure-openstack
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-    control-plane: capo-controller-manager
-  name: capo-controller-manager
-  namespace: capo-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      cluster.x-k8s.io/provider: infrastructure-openstack
-      control-plane: capo-controller-manager
-  strategy: {}
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        cluster.x-k8s.io/provider: infrastructure-openstack
-        control-plane: capo-controller-manager
-    spec:
-      containers:
-      - args:
-        - --leader-elect
-        - --v=2
-        - --diagnostics-address=127.0.0.1:8080
-        - --insecure-diagnostics=true
-        command:
-        - /manager
-        image: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.12.1
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: healthz
-        name: manager
-        ports:
-        - containerPort: 9443
-          name: webhook-server
-          protocol: TCP
-        - containerPort: 9440
-          name: healthz
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: healthz
-        resources: {}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsUser: 65532
-        terminationMessagePolicy: FallbackToLogsOnError
-        volumeMounts:
-        - mountPath: /tmp/k8s-webhook-server/serving-certs
-          name: cert
-          readOnly: true
-      securityContext:
-        runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: capo-manager
-      terminationGracePeriodSeconds: 10
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-      volumes:
-      - name: cert
-        secret:
-          defaultMode: 420
-          secretName: capo-webhook-service-cert
-status: {}
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  annotations:
-    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
-  creationTimestamp: null
-  labels:
-    cluster.x-k8s.io/provider: infrastructure-openstack
-    clusterctl.cluster.x-k8s.io: ""
-  name: capo-validating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
-  - v1beta1
-  clientConfig:
-    service:
-      name: capo-webhook-service
-      namespace: capo-system
-      path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackcluster
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.openstackcluster.infrastructure.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - infrastructure.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - openstackclusters
-  sideEffects: None
-- admissionReviewVersions:
-  - v1beta1
-  clientConfig:
-    service:
-      name: capo-webhook-service
-      namespace: capo-system
-      path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackclustertemplate
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.openstackclustertemplate.infrastructure.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - infrastructure.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - openstackclustertemplates
-  sideEffects: None
-- admissionReviewVersions:
-  - v1beta1
-  clientConfig:
-    service:
-      name: capo-webhook-service
-      namespace: capo-system
-      path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackmachine
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.openstackmachine.infrastructure.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - infrastructure.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - openstackmachines
-  sideEffects: None
-- admissionReviewVersions:
-  - v1beta1
-  clientConfig:
-    service:
-      name: capo-webhook-service
-      namespace: capo-system
-      path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackmachinetemplate
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.openstackmachinetemplate.infrastructure.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - infrastructure.cluster.x-k8s.io
-    apiVersions:
-    - v1beta1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - openstackmachinetemplates
-  sideEffects: None
-- admissionReviewVersions:
-  - v1beta1
-  clientConfig:
-    service:
-      name: capo-webhook-service
-      namespace: capo-system
-      path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-openstackserver
-  failurePolicy: Fail
-  matchPolicy: Equivalent
-  name: validation.openstackserver.infrastructure.cluster.x-k8s.io
-  rules:
-  - apiGroups:
-    - infrastructure.cluster.x-k8s.io
-    apiVersions:
-    - v1alpha1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - openstackservers
-  sideEffects: None