+++ /dev/null
----
-# Source: calico/templates/calico-kube-controllers.yaml
-# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict
-
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
- name: calico-kube-controllers
- namespace: kube-system
- labels:
- k8s-app: calico-kube-controllers
-spec:
- maxUnavailable: 1
- selector:
- matchLabels:
- k8s-app: calico-kube-controllers
----
-# Source: calico/templates/calico-kube-controllers.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: calico-kube-controllers
- namespace: kube-system
----
-# Source: calico/templates/calico-node.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: calico-node
- namespace: kube-system
----
-# Source: calico/templates/calico-node.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: calico-cni-plugin
- namespace: kube-system
----
-# Source: calico/templates/calico-config.yaml
-# This ConfigMap is used to configure a self-hosted Calico installation.
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: calico-config
- namespace: kube-system
-data:
- # Typha is disabled.
- typha_service_name: "none"
- # Configure the backend to use.
- calico_backend: "bird"
-
- # Configure the MTU to use for workload interfaces and tunnels.
- # By default, MTU is auto-detected, and explicitly setting this field should not be required.
- # You can override auto-detection by providing a non-zero value.
- veth_mtu: "0"
-
- # The CNI network configuration to install on each node. The special
- # values in this config will be automatically populated.
- cni_network_config: |-
- {
- "name": "k8s-pod-network",
- "cniVersion": "0.3.1",
- "plugins": [
- {
- "type": "calico",
- "log_level": "info",
- "log_file_path": "/var/log/calico/cni/cni.log",
- "datastore_type": "kubernetes",
- "nodename": "__KUBERNETES_NODE_NAME__",
- "mtu": __CNI_MTU__,
- "ipam": {
- "type": "calico-ipam"
- },
- "policy": {
- "type": "k8s"
- },
- "kubernetes": {
- "kubeconfig": "__KUBECONFIG_FILEPATH__"
- }
- },
- {
- "type": "portmap",
- "snat": true,
- "capabilities": {"portMappings": true}
- },
- {
- "type": "bandwidth",
- "capabilities": {"bandwidth": true}
- }
- ]
- }
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: bgpconfigurations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: BGPConfiguration
- listKind: BGPConfigurationList
- plural: bgpconfigurations
- singular: bgpconfiguration
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: BGPConfiguration contains the configuration for any BGP routing.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BGPConfigurationSpec contains the values of the BGP configuration.
- properties:
- asNumber:
- description: 'ASNumber is the default AS number used by a node. [Default:
- 64512]'
- format: int32
- type: integer
- bindMode:
- description: BindMode indicates whether to listen for BGP connections
- on all addresses (None) or only on the node's canonical IP address
- Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen
- for BGP connections on all addresses.
- type: string
- communities:
- description: Communities is a list of BGP community values and their
- arbitrary names for tagging routes.
- items:
- description: Community contains standard or large community value
- and its name.
- properties:
- name:
- description: Name given to community value.
- type: string
- value:
- description: Value must be of format `aa:nn` or `aa:nn:mm`.
- For standard community use `aa:nn` format, where `aa` and
- `nn` are 16 bit number. For large community use `aa:nn:mm`
- format, where `aa`, `nn` and `mm` are 32 bit number. Where,
- `aa` is an AS Number, `nn` and `mm` are per-AS identifier.
- pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$
- type: string
- type: object
- type: array
- ignoredInterfaces:
- description: IgnoredInterfaces indicates the network interfaces that
- needs to be excluded when reading device routes.
- items:
- type: string
- type: array
- listenPort:
- description: ListenPort is the port where BGP protocol should listen.
- Defaults to 179
- maximum: 65535
- minimum: 1
- type: integer
- logSeverityScreen:
- description: 'LogSeverityScreen is the log severity above which logs
- are sent to the stdout. [Default: INFO]'
- type: string
- nodeMeshMaxRestartTime:
- description: Time to allow for software restart for node-to-mesh peerings. When
- specified, this is configured as the graceful restart timeout. When
- not specified, the BIRD default of 120s is used. This field can
- only be set on the default BGPConfiguration instance and requires
- that NodeMesh is enabled
- type: string
- nodeMeshPassword:
- description: Optional BGP password for full node-to-mesh peerings.
- This field can only be set on the default BGPConfiguration instance
- and requires that NodeMesh is enabled
- properties:
- secretKeyRef:
- description: Selects a key of a secret in the node pod's namespace.
- properties:
- key:
- description: The key of the secret to select from. Must be
- a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be
- defined
- type: boolean
- required:
- - key
- type: object
- type: object
- nodeToNodeMeshEnabled:
- description: 'NodeToNodeMeshEnabled sets whether full node to node
- BGP mesh is enabled. [Default: true]'
- type: boolean
- prefixAdvertisements:
- description: PrefixAdvertisements contains per-prefix advertisement
- configuration.
- items:
- description: PrefixAdvertisement configures advertisement properties
- for the specified CIDR.
- properties:
- cidr:
- description: CIDR for which properties should be advertised.
- type: string
- communities:
- description: Communities can be list of either community names
- already defined in `Specs.Communities` or community value
- of format `aa:nn` or `aa:nn:mm`. For standard community use
- `aa:nn` format, where `aa` and `nn` are 16 bit number. For
- large community use `aa:nn:mm` format, where `aa`, `nn` and
- `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and
- `mm` are per-AS identifier.
- items:
- type: string
- type: array
- type: object
- type: array
- serviceClusterIPs:
- description: ServiceClusterIPs are the CIDR blocks from which service
- cluster IPs are allocated. If specified, Calico will advertise these
- blocks, as well as any cluster IPs within them.
- items:
- description: ServiceClusterIPBlock represents a single allowed ClusterIP
- CIDR block.
- properties:
- cidr:
- type: string
- type: object
- type: array
- serviceExternalIPs:
- description: ServiceExternalIPs are the CIDR blocks for Kubernetes
- Service External IPs. Kubernetes Service ExternalIPs will only be
- advertised if they are within one of these blocks.
- items:
- description: ServiceExternalIPBlock represents a single allowed
- External IP CIDR block.
- properties:
- cidr:
- type: string
- type: object
- type: array
- serviceLoadBalancerIPs:
- description: ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes
- Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress
- IPs will only be advertised if they are within one of these blocks.
- items:
- description: ServiceLoadBalancerIPBlock represents a single allowed
- LoadBalancer IP CIDR block.
- properties:
- cidr:
- type: string
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: (devel)
- creationTimestamp: null
- name: bgpfilters.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: BGPFilter
- listKind: BGPFilterList
- plural: bgpfilters
- singular: bgpfilter
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BGPFilterSpec contains the IPv4 and IPv6 filter rules of
- the BGP Filter.
- properties:
- exportV4:
- description: The ordered set of IPv4 BGPFilter rules acting on exporting
- routes to a peer.
- items:
- description: BGPFilterRuleV4 defines a BGP filter rule consisting
- a single IPv4 CIDR block and a filter action for this CIDR.
- properties:
- action:
- type: string
- cidr:
- type: string
- interface:
- type: string
- matchOperator:
- type: string
- source:
- type: string
- required:
- - action
- type: object
- type: array
- exportV6:
- description: The ordered set of IPv6 BGPFilter rules acting on exporting
- routes to a peer.
- items:
- description: BGPFilterRuleV6 defines a BGP filter rule consisting
- a single IPv6 CIDR block and a filter action for this CIDR.
- properties:
- action:
- type: string
- cidr:
- type: string
- interface:
- type: string
- matchOperator:
- type: string
- source:
- type: string
- required:
- - action
- type: object
- type: array
- importV4:
- description: The ordered set of IPv4 BGPFilter rules acting on importing
- routes from a peer.
- items:
- description: BGPFilterRuleV4 defines a BGP filter rule consisting
- a single IPv4 CIDR block and a filter action for this CIDR.
- properties:
- action:
- type: string
- cidr:
- type: string
- interface:
- type: string
- matchOperator:
- type: string
- source:
- type: string
- required:
- - action
- type: object
- type: array
- importV6:
- description: The ordered set of IPv6 BGPFilter rules acting on importing
- routes from a peer.
- items:
- description: BGPFilterRuleV6 defines a BGP filter rule consisting
- a single IPv6 CIDR block and a filter action for this CIDR.
- properties:
- action:
- type: string
- cidr:
- type: string
- interface:
- type: string
- matchOperator:
- type: string
- source:
- type: string
- required:
- - action
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: bgppeers.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: BGPPeer
- listKind: BGPPeerList
- plural: bgppeers
- singular: bgppeer
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BGPPeerSpec contains the specification for a BGPPeer resource.
- properties:
- asNumber:
- description: The AS Number of the peer.
- format: int32
- type: integer
- filters:
- description: The ordered set of BGPFilters applied on this BGP peer.
- items:
- type: string
- type: array
- keepOriginalNextHop:
- description: Option to keep the original nexthop field when routes
- are sent to a BGP Peer. Setting "true" configures the selected BGP
- Peers node to use the "next hop keep;" instead of "next hop self;"(default)
- in the specific branch of the Node on "bird.cfg".
- type: boolean
- maxRestartTime:
- description: Time to allow for software restart. When specified,
- this is configured as the graceful restart timeout. When not specified,
- the BIRD default of 120s is used.
- type: string
- node:
- description: The node name identifying the Calico node instance that
- is targeted by this peer. If this is not set, and no nodeSelector
- is specified, then this BGP peer selects all nodes in the cluster.
- type: string
- nodeSelector:
- description: Selector for the nodes that should have this peering. When
- this is set, the Node field must be empty.
- type: string
- numAllowedLocalASNumbers:
- description: Maximum number of local AS numbers that are allowed in
- the AS path for received routes. This removes BGP loop prevention
- and should only be used if absolutely necessary.
- format: int32
- type: integer
- password:
- description: Optional BGP password for the peerings generated by this
- BGPPeer resource.
- properties:
- secretKeyRef:
- description: Selects a key of a secret in the node pod's namespace.
- properties:
- key:
- description: The key of the secret to select from. Must be
- a valid secret key.
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be
- defined
- type: boolean
- required:
- - key
- type: object
- type: object
- peerIP:
- description: The IP address of the peer followed by an optional port
- number to peer with. If port number is given, format should be `[<IPv6>]:port`
- or `<IPv4>:<port>` for IPv4. If optional port number is not set,
- and this peer IP and ASNumber belongs to a calico/node with ListenPort
- set in BGPConfiguration, then we use that port to peer.
- type: string
- peerSelector:
- description: Selector for the remote nodes to peer with. When this
- is set, the PeerIP and ASNumber fields must be empty. For each
- peering between the local node and selected remote nodes, we configure
- an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified,
- and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The
- remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
- or the global default if that is not set.
- type: string
- reachableBy:
- description: Add an exact, i.e. /32, static route toward peer IP in
- order to prevent route flapping. ReachableBy contains the address
- of the gateway which peer can be reached by.
- type: string
- sourceAddress:
- description: Specifies whether and how to configure a source address
- for the peerings generated by this BGPPeer resource. Default value
- "UseNodeIP" means to configure the node IP as the source address. "None"
- means not to configure a source address.
- type: string
- ttlSecurity:
- description: TTLSecurity enables the generalized TTL security mechanism
- (GTSM) which protects against spoofed packets by ignoring received
- packets with a smaller than expected TTL value. The provided value
- is the number of hops (edges) between the peers.
- type: integer
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: blockaffinities.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: BlockAffinity
- listKind: BlockAffinityList
- plural: blockaffinities
- singular: blockaffinity
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BlockAffinitySpec contains the specification for a BlockAffinity
- resource.
- properties:
- cidr:
- type: string
- deleted:
- description: Deleted indicates that this block affinity is being deleted.
- This field is a string for compatibility with older releases that
- mistakenly treat this field as a string.
- type: string
- node:
- type: string
- state:
- type: string
- required:
- - cidr
- - deleted
- - node
- - state
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: (devel)
- creationTimestamp: null
- name: caliconodestatuses.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: CalicoNodeStatus
- listKind: CalicoNodeStatusList
- plural: caliconodestatuses
- singular: caliconodestatus
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus
- resource.
- properties:
- classes:
- description: Classes declares the types of information to monitor
- for this calico/node, and allows for selective status reporting
- about certain subsets of information.
- items:
- type: string
- type: array
- node:
- description: The node name identifies the Calico node instance for
- node status.
- type: string
- updatePeriodSeconds:
- description: UpdatePeriodSeconds is the period at which CalicoNodeStatus
- should be updated. Set to 0 to disable CalicoNodeStatus refresh.
- Maximum update period is one day.
- format: int32
- type: integer
- type: object
- status:
- description: CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus.
- No validation needed for status since it is updated by Calico.
- properties:
- agent:
- description: Agent holds agent status on the node.
- properties:
- birdV4:
- description: BIRDV4 represents the latest observed status of bird4.
- properties:
- lastBootTime:
- description: LastBootTime holds the value of lastBootTime
- from bird.ctl output.
- type: string
- lastReconfigurationTime:
- description: LastReconfigurationTime holds the value of lastReconfigTime
- from bird.ctl output.
- type: string
- routerID:
- description: Router ID used by bird.
- type: string
- state:
- description: The state of the BGP Daemon.
- type: string
- version:
- description: Version of the BGP daemon
- type: string
- type: object
- birdV6:
- description: BIRDV6 represents the latest observed status of bird6.
- properties:
- lastBootTime:
- description: LastBootTime holds the value of lastBootTime
- from bird.ctl output.
- type: string
- lastReconfigurationTime:
- description: LastReconfigurationTime holds the value of lastReconfigTime
- from bird.ctl output.
- type: string
- routerID:
- description: Router ID used by bird.
- type: string
- state:
- description: The state of the BGP Daemon.
- type: string
- version:
- description: Version of the BGP daemon
- type: string
- type: object
- type: object
- bgp:
- description: BGP holds node BGP status.
- properties:
- numberEstablishedV4:
- description: The total number of IPv4 established bgp sessions.
- type: integer
- numberEstablishedV6:
- description: The total number of IPv6 established bgp sessions.
- type: integer
- numberNotEstablishedV4:
- description: The total number of IPv4 non-established bgp sessions.
- type: integer
- numberNotEstablishedV6:
- description: The total number of IPv6 non-established bgp sessions.
- type: integer
- peersV4:
- description: PeersV4 represents IPv4 BGP peers status on the node.
- items:
- description: CalicoNodePeer contains the status of BGP peers
- on the node.
- properties:
- peerIP:
- description: IP address of the peer whose condition we are
- reporting.
- type: string
- since:
- description: Since the state or reason last changed.
- type: string
- state:
- description: State is the BGP session state.
- type: string
- type:
- description: Type indicates whether this peer is configured
- via the node-to-node mesh, or via en explicit global or
- per-node BGPPeer object.
- type: string
- type: object
- type: array
- peersV6:
- description: PeersV6 represents IPv6 BGP peers status on the node.
- items:
- description: CalicoNodePeer contains the status of BGP peers
- on the node.
- properties:
- peerIP:
- description: IP address of the peer whose condition we are
- reporting.
- type: string
- since:
- description: Since the state or reason last changed.
- type: string
- state:
- description: State is the BGP session state.
- type: string
- type:
- description: Type indicates whether this peer is configured
- via the node-to-node mesh, or via en explicit global or
- per-node BGPPeer object.
- type: string
- type: object
- type: array
- required:
- - numberEstablishedV4
- - numberEstablishedV6
- - numberNotEstablishedV4
- - numberNotEstablishedV6
- type: object
- lastUpdated:
- description: LastUpdated is a timestamp representing the server time
- when CalicoNodeStatus object last updated. It is represented in
- RFC3339 form and is in UTC.
- format: date-time
- nullable: true
- type: string
- routes:
- description: Routes reports routes known to the Calico BGP daemon
- on the node.
- properties:
- routesV4:
- description: RoutesV4 represents IPv4 routes on the node.
- items:
- description: CalicoNodeRoute contains the status of BGP routes
- on the node.
- properties:
- destination:
- description: Destination of the route.
- type: string
- gateway:
- description: Gateway for the destination.
- type: string
- interface:
- description: Interface for the destination
- type: string
- learnedFrom:
- description: LearnedFrom contains information regarding
- where this route originated.
- properties:
- peerIP:
- description: If sourceType is NodeMesh or BGPPeer, IP
- address of the router that sent us this route.
- type: string
- sourceType:
- description: Type of the source where a route is learned
- from.
- type: string
- type: object
- type:
- description: Type indicates if the route is being used for
- forwarding or not.
- type: string
- type: object
- type: array
- routesV6:
- description: RoutesV6 represents IPv6 routes on the node.
- items:
- description: CalicoNodeRoute contains the status of BGP routes
- on the node.
- properties:
- destination:
- description: Destination of the route.
- type: string
- gateway:
- description: Gateway for the destination.
- type: string
- interface:
- description: Interface for the destination
- type: string
- learnedFrom:
- description: LearnedFrom contains information regarding
- where this route originated.
- properties:
- peerIP:
- description: If sourceType is NodeMesh or BGPPeer, IP
- address of the router that sent us this route.
- type: string
- sourceType:
- description: Type of the source where a route is learned
- from.
- type: string
- type: object
- type:
- description: Type indicates if the route is being used for
- forwarding or not.
- type: string
- type: object
- type: array
- type: object
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: clusterinformations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: ClusterInformation
- listKind: ClusterInformationList
- plural: clusterinformations
- singular: clusterinformation
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: ClusterInformation contains the cluster specific information.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ClusterInformationSpec contains the values of describing
- the cluster.
- properties:
- calicoVersion:
- description: CalicoVersion is the version of Calico that the cluster
- is running
- type: string
- clusterGUID:
- description: ClusterGUID is the GUID of the cluster
- type: string
- clusterType:
- description: ClusterType describes the type of the cluster
- type: string
- datastoreReady:
- description: DatastoreReady is used during significant datastore migrations
- to signal to components such as Felix that it should wait before
- accessing the datastore.
- type: boolean
- variant:
- description: Variant declares which variant of Calico should be active.
- type: string
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: felixconfigurations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: FelixConfiguration
- listKind: FelixConfigurationList
- plural: felixconfigurations
- singular: felixconfiguration
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: Felix Configuration contains the configuration for Felix.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: FelixConfigurationSpec contains the values of the Felix configuration.
- properties:
- allowIPIPPacketsFromWorkloads:
- description: 'AllowIPIPPacketsFromWorkloads controls whether Felix
- will add a rule to drop IPIP encapsulated traffic from workloads
- [Default: false]'
- type: boolean
- allowVXLANPacketsFromWorkloads:
- description: 'AllowVXLANPacketsFromWorkloads controls whether Felix
- will add a rule to drop VXLAN encapsulated traffic from workloads
- [Default: false]'
- type: boolean
- awsSrcDstCheck:
- description: 'Set source-destination-check on AWS EC2 instances. Accepted
- value must be one of "DoNothing", "Enable" or "Disable". [Default:
- DoNothing]'
- enum:
- - DoNothing
- - Enable
- - Disable
- type: string
- bpfCTLBLogFilter:
- description: 'BPFCTLBLogFilter specifies, what is logged by connect
- time load balancer when BPFLogLevel is debug. Currently has to be
- specified as ''all'' when BPFLogFilters is set to see CTLB logs.
- [Default: unset - means logs are emitted when BPFLogLevel id debug
- and BPFLogFilters not set.]'
- type: string
- bpfConnectTimeLoadBalancing:
- description: 'BPFConnectTimeLoadBalancing when in BPF mode, controls
- whether Felix installs the connect-time load balancer. The connect-time
- load balancer is required for the host to be able to reach Kubernetes
- services and it improves the performance of pod-to-service connections.When
- set to TCP, connect time load balancing is available only for services
- with TCP ports. [Default: TCP]'
- enum:
- - TCP
- - Enabled
- - Disabled
- type: string
- bpfConnectTimeLoadBalancingEnabled:
- description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode,
- controls whether Felix installs the connection-time load balancer. The
- connect-time load balancer is required for the host to be able to
- reach Kubernetes services and it improves the performance of pod-to-service
- connections. The only reason to disable it is for debugging purposes.
- This will be deprecated. Use BPFConnectTimeLoadBalancing [Default:
- true]'
- type: boolean
- bpfDSROptoutCIDRs:
- description: BPFDSROptoutCIDRs is a list of CIDRs which are excluded
- from DSR. That is, clients in those CIDRs will accesses nodeports
- as if BPFExternalServiceMode was set to Tunnel.
- items:
- type: string
- type: array
- bpfDataIfacePattern:
- description: BPFDataIfacePattern is a regular expression that controls
- which interfaces Felix should attach BPF programs to in order to
- catch traffic to/from the network. This needs to match the interfaces
- that Calico workload traffic flows over as well as any interfaces
- that handle incoming traffic to nodeports and services from outside
- the cluster. It should not match the workload interfaces (usually
- named cali...).
- type: string
- bpfDisableGROForIfaces:
- description: BPFDisableGROForIfaces is a regular expression that controls
- which interfaces Felix should disable the Generic Receive Offload
- [GRO] option. It should not match the workload interfaces (usually
- named cali...).
- type: string
- bpfDisableUnprivileged:
- description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled
- sysctl to disable unprivileged use of BPF. This ensures that unprivileged
- users cannot access Calico''s BPF maps and cannot insert their own
- BPF programs to interfere with Calico''s. [Default: true]'
- type: boolean
- bpfEnabled:
- description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
- [Default: false]'
- type: boolean
- bpfEnforceRPF:
- description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
- with BPF programs regardless of what is the per-interfaces or global
- setting. Possible values are Disabled, Strict or Loose. [Default:
- Loose]'
- pattern: ^(?i)(Disabled|Strict|Loose)?$
- type: string
- bpfExcludeCIDRsFromNAT:
- description: BPFExcludeCIDRsFromNAT is a list of CIDRs that are to
- be excluded from NAT resolution so that host can handle them. A
- typical usecase is node local DNS cache.
- items:
- type: string
- type: array
- bpfExtToServiceConnmark:
- description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
- mark that is set on connections from an external client to a local
- service. This mark allows us to control how packets of that connection
- are routed within the host and how is routing interpreted by RPF
- check. [Default: 0]'
- type: integer
- bpfExternalServiceMode:
- description: 'BPFExternalServiceMode in BPF mode, controls how connections
- from outside the cluster to services (node ports and cluster IPs)
- are forwarded to remote workloads. If set to "Tunnel" then both
- request and response traffic is tunneled to the remote node. If
- set to "DSR", the request traffic is tunneled but the response traffic
- is sent directly from the remote node. In "DSR" mode, the remote
- node appears to use the IP of the ingress node; this requires a
- permissive L2 network. [Default: Tunnel]'
- pattern: ^(?i)(Tunnel|DSR)?$
- type: string
- bpfForceTrackPacketsFromIfaces:
- description: 'BPFForceTrackPacketsFromIfaces in BPF mode, forces traffic
- from these interfaces to skip Calico''s iptables NOTRACK rule, allowing
- traffic from those interfaces to be tracked by Linux conntrack. Should
- only be used for interfaces that are not used for the Calico fabric. For
- example, a docker bridge device for non-Calico-networked containers.
- [Default: docker+]'
- items:
- type: string
- type: array
- bpfHostConntrackBypass:
- description: 'BPFHostConntrackBypass Controls whether to bypass Linux
- conntrack in BPF mode for workloads and services. [Default: true
- - bypass Linux conntrack]'
- type: boolean
- bpfHostNetworkedNATWithoutCTLB:
- description: 'BPFHostNetworkedNATWithoutCTLB when in BPF mode, controls
- whether Felix does a NAT without CTLB. This along with BPFConnectTimeLoadBalancing
- determines the CTLB behavior. [Default: Enabled]'
- enum:
- - Enabled
- - Disabled
- type: string
- bpfKubeProxyEndpointSlicesEnabled:
- description: BPFKubeProxyEndpointSlicesEnabled is deprecated and has
- no effect. BPF kube-proxy always accepts endpoint slices. This option
- will be removed in the next release.
- type: boolean
- bpfKubeProxyIptablesCleanupEnabled:
- description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF
- mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s
- iptables chains. Should only be enabled if kube-proxy is not running. [Default:
- true]'
- type: boolean
- bpfKubeProxyMinSyncPeriod:
- description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the
- minimum time between updates to the dataplane for Felix''s embedded
- kube-proxy. Lower values give reduced set-up latency. Higher values
- reduce Felix CPU usage by batching up more work. [Default: 1s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- bpfL3IfacePattern:
- description: BPFL3IfacePattern is a regular expression that allows
- to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
- in addition to BPFDataIfacePattern. That is, tunnel interfaces not
- created by Calico, that Calico workload traffic flows over as well
- as any interfaces that handle incoming traffic to nodeports and
- services from outside the cluster.
- type: string
- bpfLogFilters:
- additionalProperties:
- type: string
- description: "BPFLogFilters is a map of key=values where the value
- is a pcap filter expression and the key is an interface name with
- 'all' denoting all interfaces, 'weps' all workload endpoints and
- 'heps' all host endpoints. \n When specified as an env var, it accepts
- a comma-separated list of key=values. [Default: unset - means all
- debug logs are emitted]"
- type: object
- bpfLogLevel:
- description: 'BPFLogLevel controls the log level of the BPF programs
- when in BPF dataplane mode. One of "Off", "Info", or "Debug". The
- logs are emitted to the BPF trace pipe, accessible with the command
- `tc exec bpf debug`. [Default: Off].'
- pattern: ^(?i)(Off|Info|Debug)?$
- type: string
- bpfMapSizeConntrack:
- description: 'BPFMapSizeConntrack sets the size for the conntrack
- map. This map must be large enough to hold an entry for each active
- connection. Warning: changing the size of the conntrack map can
- cause disruption.'
- type: integer
- bpfMapSizeIPSets:
- description: BPFMapSizeIPSets sets the size for ipsets map. The IP
- sets map must be large enough to hold an entry for each endpoint
- matched by every selector in the source/destination matches in network
- policy. Selectors such as "all()" can result in large numbers of
- entries (one entry per endpoint in that case).
- type: integer
- bpfMapSizeIfState:
- description: BPFMapSizeIfState sets the size for ifstate map. The
- ifstate map must be large enough to hold an entry for each device
- (host + workloads) on a host.
- type: integer
- bpfMapSizeNATAffinity:
- type: integer
- bpfMapSizeNATBackend:
- description: BPFMapSizeNATBackend sets the size for nat back end map.
- This is the total number of endpoints. This is mostly more than
- the size of the number of services.
- type: integer
- bpfMapSizeNATFrontend:
- description: BPFMapSizeNATFrontend sets the size for nat front end
- map. FrontendMap should be large enough to hold an entry for each
- nodeport, external IP and each port in each service.
- type: integer
- bpfMapSizeRoute:
- description: BPFMapSizeRoute sets the size for the routes map. The
- routes map should be large enough to hold one entry per workload
- and a handful of entries per host (enough to cover its own IPs and
- tunnel IPs).
- type: integer
- bpfPSNATPorts:
- anyOf:
- - type: integer
- - type: string
- description: 'BPFPSNATPorts sets the range from which we randomly
- pick a port if there is a source port collision. This should be
- within the ephemeral range as defined by RFC 6056 (1024–65535) and
- preferably outside the ephemeral ranges used by common operating
- systems. Linux uses 32768–60999, while others mostly use the IANA
- defined range 49152–65535. It is not necessarily a problem if this
- range overlaps with the operating systems. Both ends of the range
- are inclusive. [Default: 20000:29999]'
- pattern: ^.*
- x-kubernetes-int-or-string: true
- bpfPolicyDebugEnabled:
- description: BPFPolicyDebugEnabled when true, Felix records detailed
- information about the BPF policy programs, which can be examined
- with the calico-bpf command-line tool.
- type: boolean
- chainInsertMode:
- description: 'ChainInsertMode controls whether Felix hooks the kernel''s
- top-level iptables chains by inserting a rule at the top of the
- chain or by appending a rule at the bottom. insert is the safe default
- since it prevents Calico''s rules from being bypassed. If you switch
- to append mode, be sure that the other rules in the chains signal
- acceptance by falling through to the Calico rules, otherwise the
- Calico policy will be bypassed. [Default: insert]'
- pattern: ^(?i)(insert|append)?$
- type: string
- dataplaneDriver:
- description: DataplaneDriver filename of the external dataplane driver
- to use. Only used if UseInternalDataplaneDriver is set to false.
- type: string
- dataplaneWatchdogTimeout:
- description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
- used for Felix's (internal) dataplane driver. Increase this value
- if you experience spurious non-ready or non-live events when Felix
- is under heavy load. Decrease the value to get felix to report non-live
- or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
- by the generic HealthTimeoutOverrides."
- type: string
- debugDisableLogDropping:
- type: boolean
- debugHost:
- description: DebugHost is the host IP or hostname to bind the debug
- port to. Only used if DebugPort is set. [Default:localhost]
- type: string
- debugMemoryProfilePath:
- type: string
- debugPort:
- description: DebugPort if set, enables Felix's debug HTTP port, which
- allows memory and CPU profiles to be retrieved. The debug port
- is not secure, it should not be exposed to the internet.
- type: integer
- debugSimulateCalcGraphHangAfter:
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- debugSimulateDataplaneApplyDelay:
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- debugSimulateDataplaneHangAfter:
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- defaultEndpointToHostAction:
- description: 'DefaultEndpointToHostAction controls what happens to
- traffic that goes from a workload endpoint to the host itself (after
- the traffic hits the endpoint egress policy). By default Calico
- blocks traffic from workload endpoints to the host itself with an
- iptables "DROP" action. If you want to allow some or all traffic
- from endpoint to host, set this parameter to RETURN or ACCEPT. Use
- RETURN if you have your own rules in the iptables "INPUT" chain;
- Calico will insert its rules at the top of that chain, then "RETURN"
- packets to the "INPUT" chain once it has completed processing workload
- endpoint egress policy. Use ACCEPT to unconditionally accept packets
- from workloads after processing workload endpoint egress policy.
- [Default: Drop]'
- pattern: ^(?i)(Drop|Accept|Return)?$
- type: string
- deviceRouteProtocol:
- description: This defines the route protocol added to programmed device
- routes, by default this will be RTPROT_BOOT when left blank.
- type: integer
- deviceRouteSourceAddress:
- description: This is the IPv4 source address to use on programmed
- device routes. By default the source address is left blank, leaving
- the kernel to choose the source address used.
- type: string
- deviceRouteSourceAddressIPv6:
- description: This is the IPv6 source address to use on programmed
- device routes. By default the source address is left blank, leaving
- the kernel to choose the source address used.
- type: string
- disableConntrackInvalidCheck:
- type: boolean
- endpointReportingDelay:
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- endpointReportingEnabled:
- type: boolean
- endpointStatusPathPrefix:
- description: "EndpointStatusPathPrefix is the path to the directory
- where endpoint status will be written. Endpoint status file reporting
- is disabled if field is left empty. \n Chosen directory should match
- the directory used by the CNI for PodStartupDelay. [Default: \"\"]"
- type: string
- externalNodesList:
- description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes
- which may source tunnel traffic and have the tunneled traffic be
- accepted at calico nodes.
- items:
- type: string
- type: array
- failsafeInboundHostPorts:
- description: 'FailsafeInboundHostPorts is a list of UDP/TCP ports
- and CIDRs that Felix will allow incoming traffic to host endpoints
- on irrespective of the security policy. This is useful to avoid
- accidentally cutting off a host with incorrect configuration. For
- back-compatibility, if the protocol is not specified, it defaults
- to "tcp". If a CIDR is not specified, it will allow traffic from
- all addresses. To disable all inbound host ports, use the value
- none. The default value allows ssh access and DHCP. [Default: tcp:22,
- udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]'
- items:
- description: ProtoPort is combination of protocol, port, and CIDR.
- Protocol and port must be specified.
- properties:
- net:
- type: string
- port:
- type: integer
- protocol:
- type: string
- required:
- - port
- - protocol
- type: object
- type: array
- failsafeOutboundHostPorts:
- description: 'FailsafeOutboundHostPorts is a list of UDP/TCP ports
- and CIDRs that Felix will allow outgoing traffic from host endpoints
- to irrespective of the security policy. This is useful to avoid
- accidentally cutting off a host with incorrect configuration. For
- back-compatibility, if the protocol is not specified, it defaults
- to "tcp". If a CIDR is not specified, it will allow traffic from
- all addresses. To disable all outbound host ports, use the value
- none. The default value opens etcd''s standard ports to ensure that
- Felix does not get cut off from etcd as well as allowing DHCP and
- DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666,
- tcp:6667, udp:53, udp:67]'
- items:
- description: ProtoPort is combination of protocol, port, and CIDR.
- Protocol and port must be specified.
- properties:
- net:
- type: string
- port:
- type: integer
- protocol:
- type: string
- required:
- - port
- - protocol
- type: object
- type: array
- featureDetectOverride:
- description: FeatureDetectOverride is used to override feature detection
- based on auto-detected platform capabilities. Values are specified
- in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true"
- or "false" will force the feature, empty or omitted values are auto-detected.
- pattern: ^([a-zA-Z0-9-_]+=(true|false|),)*([a-zA-Z0-9-_]+=(true|false|))?$
- type: string
- featureGates:
- description: FeatureGates is used to enable or disable tech-preview
- Calico features. Values are specified in a comma separated list
- with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
- This is used to enable features that are not fully production ready.
- pattern: ^([a-zA-Z0-9-_]+=([^=]+),)*([a-zA-Z0-9-_]+=([^=]+))?$
- type: string
- floatingIPs:
- description: FloatingIPs configures whether or not Felix will program
- non-OpenStack floating IP addresses. (OpenStack-derived floating
- IPs are always programmed, regardless of this setting.)
- enum:
- - Enabled
- - Disabled
- type: string
- genericXDPEnabled:
- description: 'GenericXDPEnabled enables Generic XDP so network cards
- that don''t support XDP offload or driver modes can use XDP. This
- is not recommended since it doesn''t provide better performance
- than iptables. [Default: false]'
- type: boolean
- healthEnabled:
- type: boolean
- healthHost:
- type: string
- healthPort:
- type: integer
- healthTimeoutOverrides:
- description: HealthTimeoutOverrides allows the internal watchdog timeouts
- of individual subcomponents to be overridden. This is useful for
- working around "false positive" liveness timeouts that can occur
- in particularly stressful workloads or if CPU is constrained. For
- a list of active subcomponents, see Felix's logs.
- items:
- properties:
- name:
- type: string
- timeout:
- type: string
- required:
- - name
- - timeout
- type: object
- type: array
- interfaceExclude:
- description: 'InterfaceExclude is a comma-separated list of interfaces
- that Felix should exclude when monitoring for host endpoints. The
- default value ensures that Felix ignores Kubernetes'' IPVS dummy
- interface, which is used internally by kube-proxy. If you want to
- exclude multiple interface names using a single value, the list
- supports regular expressions. For regular expressions you must wrap
- the value with ''/''. For example having values ''/^kube/,veth1''
- will exclude all interfaces that begin with ''kube'' and also the
- interface ''veth1''. [Default: kube-ipvs0]'
- type: string
- interfacePrefix:
- description: 'InterfacePrefix is the interface name prefix that identifies
- workload endpoints and so distinguishes them from host endpoint
- interfaces. Note: in environments other than bare metal, the orchestrators
- configure this appropriately. For example our Kubernetes and Docker
- integrations set the ''cali'' value, and our OpenStack integration
- sets the ''tap'' value. [Default: cali]'
- type: string
- interfaceRefreshInterval:
- description: InterfaceRefreshInterval is the period at which Felix
- rescans local interfaces to verify their state. The rescan can be
- disabled by setting the interval to 0.
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- ipipEnabled:
- description: 'IPIPEnabled overrides whether Felix should configure
- an IPIP interface on the host. Optional as Felix determines this
- based on the existing IP pools. [Default: nil (unset)]'
- type: boolean
- ipipMTU:
- description: 'IPIPMTU is the MTU to set on the tunnel device. See
- Configuring MTU [Default: 1440]'
- type: integer
- ipsetsRefreshInterval:
- description: 'IpsetsRefreshInterval is the period at which Felix re-checks
- all iptables state to ensure that no other process has accidentally
- broken Calico''s rules. Set to 0 to disable iptables refresh. [Default:
- 90s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- iptablesBackend:
- description: IptablesBackend specifies which backend of iptables will
- be used. The default is Auto.
- pattern: ^(?i)(Auto|FelixConfiguration|FelixConfigurationList|Legacy|NFT)?$
- type: string
- iptablesFilterAllowAction:
- pattern: ^(?i)(Accept|Return)?$
- type: string
- iptablesFilterDenyAction:
- description: IptablesFilterDenyAction controls what happens to traffic
- that is denied by network policy. By default Calico blocks traffic
- with an iptables "DROP" action. If you want to use "REJECT" action
- instead you can configure it in here.
- pattern: ^(?i)(Drop|Reject)?$
- type: string
- iptablesLockFilePath:
- description: 'IptablesLockFilePath is the location of the iptables
- lock file. You may need to change this if the lock file is not in
- its standard location (for example if you have mapped it into Felix''s
- container at a different path). [Default: /run/xtables.lock]'
- type: string
- iptablesLockProbeInterval:
- description: 'IptablesLockProbeInterval is the time that Felix will
- wait between attempts to acquire the iptables lock if it is not
- available. Lower values make Felix more responsive when the lock
- is contended, but use more CPU. [Default: 50ms]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- iptablesLockTimeout:
- description: 'IptablesLockTimeout is the time that Felix will wait
- for the iptables lock, or 0, to disable. To use this feature, Felix
- must share the iptables lock file with all other processes that
- also take the lock. When running Felix inside a container, this
- requires the /run directory of the host to be mounted into the calico/node
- or calico/felix container. [Default: 0s disabled]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- iptablesMangleAllowAction:
- pattern: ^(?i)(Accept|Return)?$
- type: string
- iptablesMarkMask:
- description: 'IptablesMarkMask is the mask that Felix selects its
- IPTables Mark bits from. Should be a 32 bit hexadecimal number with
- at least 8 bits set, none of which clash with any other mark bits
- in use on the system. [Default: 0xff000000]'
- format: int32
- type: integer
- iptablesNATOutgoingInterfaceFilter:
- type: string
- iptablesPostWriteCheckInterval:
- description: 'IptablesPostWriteCheckInterval is the period after Felix
- has done a write to the dataplane that it schedules an extra read
- back in order to check the write was not clobbered by another process.
- This should only occur if another application on the system doesn''t
- respect the iptables lock. [Default: 1s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- iptablesRefreshInterval:
- description: 'IptablesRefreshInterval is the period at which Felix
- re-checks the IP sets in the dataplane to ensure that no other process
- has accidentally broken Calico''s rules. Set to 0 to disable IP
- sets refresh. Note: the default for this value is lower than the
- other refresh intervals as a workaround for a Linux kernel bug that
- was fixed in kernel version 4.11. If you are using v4.11 or greater
- you may want to set this to, a higher value to reduce Felix CPU
- usage. [Default: 10s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- ipv6Support:
- description: IPv6Support controls whether Felix enables support for
- IPv6 (if supported by the in-use dataplane).
- type: boolean
- kubeNodePortRanges:
- description: 'KubeNodePortRanges holds list of port ranges used for
- service node ports. Only used if felix detects kube-proxy running
- in ipvs mode. Felix uses these ranges to separate host and workload
- traffic. [Default: 30000:32767].'
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- logDebugFilenameRegex:
- description: LogDebugFilenameRegex controls which source code files
- have their Debug log output included in the logs. Only logs from
- files with names that match the given regular expression are included. The
- filter only applies to Debug level logs.
- type: string
- logFilePath:
- description: 'LogFilePath is the full path to the Felix log. Set to
- none to disable file logging. [Default: /var/log/calico/felix.log]'
- type: string
- logPrefix:
- description: 'LogPrefix is the log prefix that Felix uses when rendering
- LOG rules. [Default: calico-packet]'
- type: string
- logSeverityFile:
- description: 'LogSeverityFile is the log severity above which logs
- are sent to the log file. [Default: Info]'
- pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
- type: string
- logSeverityScreen:
- description: 'LogSeverityScreen is the log severity above which logs
- are sent to the stdout. [Default: Info]'
- pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
- type: string
- logSeveritySys:
- description: 'LogSeveritySys is the log severity above which logs
- are sent to the syslog. Set to None for no logging to syslog. [Default:
- Info]'
- pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
- type: string
- maxIpsetSize:
- type: integer
- metadataAddr:
- description: 'MetadataAddr is the IP address or domain name of the
- server that can answer VM queries for cloud-init metadata. In OpenStack,
- this corresponds to the machine running nova-api (or in Ubuntu,
- nova-api-metadata). A value of none (case-insensitive) means that
- Felix should not set up any NAT rule for the metadata path. [Default:
- 127.0.0.1]'
- type: string
- metadataPort:
- description: 'MetadataPort is the port of the metadata server. This,
- combined with global.MetadataAddr (if not ''None''), is used to
- set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort.
- In most cases this should not need to be changed [Default: 8775].'
- type: integer
- mtuIfacePattern:
- description: MTUIfacePattern is a regular expression that controls
- which interfaces Felix should scan in order to calculate the host's
- MTU. This should not match workload interfaces (usually named cali...).
- type: string
- natOutgoingAddress:
- description: NATOutgoingAddress specifies an address to use when performing
- source NAT for traffic in a natOutgoing pool that is leaving the
- network. By default the address used is an address on the interface
- the traffic is leaving on (ie it uses the iptables MASQUERADE target)
- type: string
- natPortRange:
- anyOf:
- - type: integer
- - type: string
- description: NATPortRange specifies the range of ports that is used
- for port mapping when doing outgoing NAT. When unset the default
- behavior of the network stack is used.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- netlinkTimeout:
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- openstackRegion:
- description: 'OpenstackRegion is the name of the region that a particular
- Felix belongs to. In a multi-region Calico/OpenStack deployment,
- this must be configured somehow for each Felix (here in the datamodel,
- or in felix.cfg or the environment on each compute node), and must
- match the [calico] openstack_region value configured in neutron.conf
- on each node. [Default: Empty]'
- type: string
- policySyncPathPrefix:
- description: 'PolicySyncPathPrefix is used to by Felix to communicate
- policy changes to external services, like Application layer policy.
- [Default: Empty]'
- type: string
- prometheusGoMetricsEnabled:
- description: 'PrometheusGoMetricsEnabled disables Go runtime metrics
- collection, which the Prometheus client does by default, when set
- to false. This reduces the number of metrics reported, reducing
- Prometheus load. [Default: true]'
- type: boolean
- prometheusMetricsEnabled:
- description: 'PrometheusMetricsEnabled enables the Prometheus metrics
- server in Felix if set to true. [Default: false]'
- type: boolean
- prometheusMetricsHost:
- description: 'PrometheusMetricsHost is the host that the Prometheus
- metrics server should bind to. [Default: empty]'
- type: string
- prometheusMetricsPort:
- description: 'PrometheusMetricsPort is the TCP port that the Prometheus
- metrics server should bind to. [Default: 9091]'
- type: integer
- prometheusProcessMetricsEnabled:
- description: 'PrometheusProcessMetricsEnabled disables process metrics
- collection, which the Prometheus client does by default, when set
- to false. This reduces the number of metrics reported, reducing
- Prometheus load. [Default: true]'
- type: boolean
- prometheusWireGuardMetricsEnabled:
- description: 'PrometheusWireGuardMetricsEnabled disables wireguard
- metrics collection, which the Prometheus client does by default,
- when set to false. This reduces the number of metrics reported,
- reducing Prometheus load. [Default: true]'
- type: boolean
- removeExternalRoutes:
- description: Whether or not to remove device routes that have not
- been programmed by Felix. Disabling this will allow external applications
- to also add device routes. This is enabled by default which means
- we will remove externally added routes.
- type: boolean
- reportingInterval:
- description: 'ReportingInterval is the interval at which Felix reports
- its status into the datastore or 0 to disable. Must be non-zero
- in OpenStack deployments. [Default: 30s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- reportingTTL:
- description: 'ReportingTTL is the time-to-live setting for process-wide
- status reports. [Default: 90s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- routeRefreshInterval:
- description: 'RouteRefreshInterval is the period at which Felix re-checks
- the routes in the dataplane to ensure that no other process has
- accidentally broken Calico''s rules. Set to 0 to disable route refresh.
- [Default: 90s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- routeSource:
- description: 'RouteSource configures where Felix gets its routing
- information. - WorkloadIPs: use workload endpoints to construct
- routes. - CalicoIPAM: the default - use IPAM data to construct routes.'
- pattern: ^(?i)(WorkloadIPs|CalicoIPAM)?$
- type: string
- routeSyncDisabled:
- description: RouteSyncDisabled will disable all operations performed
- on the route table. Set to true to run in network-policy mode only.
- type: boolean
- routeTableRange:
- description: Deprecated in favor of RouteTableRanges. Calico programs
- additional Linux route tables for various purposes. RouteTableRange
- specifies the indices of the route tables that Calico should use.
- properties:
- max:
- type: integer
- min:
- type: integer
- required:
- - max
- - min
- type: object
- routeTableRanges:
- description: Calico programs additional Linux route tables for various
- purposes. RouteTableRanges specifies a set of table index ranges
- that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`.
- items:
- properties:
- max:
- type: integer
- min:
- type: integer
- required:
- - max
- - min
- type: object
- type: array
- serviceLoopPrevention:
- description: 'When service IP advertisement is enabled, prevent routing
- loops to service IPs that are not in use, by dropping or rejecting
- packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled",
- in which case such routing loops continue to be allowed. [Default:
- Drop]'
- pattern: ^(?i)(Drop|Reject|Disabled)?$
- type: string
- sidecarAccelerationEnabled:
- description: 'SidecarAccelerationEnabled enables experimental sidecar
- acceleration [Default: false]'
- type: boolean
- usageReportingEnabled:
- description: 'UsageReportingEnabled reports anonymous Calico version
- number and cluster size to projectcalico.org. Logs warnings returned
- by the usage server. For example, if a significant security vulnerability
- has been discovered in the version of Calico being used. [Default:
- true]'
- type: boolean
- usageReportingInitialDelay:
- description: 'UsageReportingInitialDelay controls the minimum delay
- before Felix makes a report. [Default: 300s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- usageReportingInterval:
- description: 'UsageReportingInterval controls the interval at which
- Felix makes reports. [Default: 86400s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- useInternalDataplaneDriver:
- description: UseInternalDataplaneDriver, if true, Felix will use its
- internal dataplane programming logic. If false, it will launch
- an external dataplane driver and communicate with it over protobuf.
- type: boolean
- vxlanEnabled:
- description: 'VXLANEnabled overrides whether Felix should create the
- VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix
- determines this based on the existing IP pools. [Default: nil (unset)]'
- type: boolean
- vxlanMTU:
- description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
- device. See Configuring MTU [Default: 1410]'
- type: integer
- vxlanMTUV6:
- description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel
- device. See Configuring MTU [Default: 1390]'
- type: integer
- vxlanPort:
- type: integer
- vxlanVNI:
- type: integer
- windowsManageFirewallRules:
- description: 'WindowsManageFirewallRules configures whether or not
- Felix will program Windows Firewall rules. (to allow inbound access
- to its own metrics ports) [Default: Disabled]'
- enum:
- - Enabled
- - Disabled
- type: string
- wireguardEnabled:
- description: 'WireguardEnabled controls whether Wireguard is enabled
- for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network).
- [Default: false]'
- type: boolean
- wireguardEnabledV6:
- description: 'WireguardEnabledV6 controls whether Wireguard is enabled
- for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network).
- [Default: false]'
- type: boolean
- wireguardHostEncryptionEnabled:
- description: 'WireguardHostEncryptionEnabled controls whether Wireguard
- host-to-host encryption is enabled. [Default: false]'
- type: boolean
- wireguardInterfaceName:
- description: 'WireguardInterfaceName specifies the name to use for
- the IPv4 Wireguard interface. [Default: wireguard.cali]'
- type: string
- wireguardInterfaceNameV6:
- description: 'WireguardInterfaceNameV6 specifies the name to use for
- the IPv6 Wireguard interface. [Default: wg-v6.cali]'
- type: string
- wireguardKeepAlive:
- description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive
- option. Set 0 to disable. [Default: 0]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- wireguardListeningPort:
- description: 'WireguardListeningPort controls the listening port used
- by IPv4 Wireguard. [Default: 51820]'
- type: integer
- wireguardListeningPortV6:
- description: 'WireguardListeningPortV6 controls the listening port
- used by IPv6 Wireguard. [Default: 51821]'
- type: integer
- wireguardMTU:
- description: 'WireguardMTU controls the MTU on the IPv4 Wireguard
- interface. See Configuring MTU [Default: 1440]'
- type: integer
- wireguardMTUV6:
- description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard
- interface. See Configuring MTU [Default: 1420]'
- type: integer
- wireguardRoutingRulePriority:
- description: 'WireguardRoutingRulePriority controls the priority value
- to use for the Wireguard routing rule. [Default: 99]'
- type: integer
- wireguardThreadingEnabled:
- description: 'WireguardThreadingEnabled controls whether Wireguard
- has NAPI threading enabled. [Default: false]'
- type: boolean
- workloadSourceSpoofing:
- description: WorkloadSourceSpoofing controls whether pods can use
- the allowedSourcePrefixes annotation to send traffic with a source
- IP address that is not theirs. This is disabled by default. When
- set to "Any", pods can request any prefix.
- pattern: ^(?i)(Disabled|Any)?$
- type: string
- xdpEnabled:
- description: 'XDPEnabled enables XDP acceleration for suitable untracked
- incoming deny rules. [Default: true]'
- type: boolean
- xdpRefreshInterval:
- description: 'XDPRefreshInterval is the period at which Felix re-checks
- all XDP state to ensure that no other process has accidentally broken
- Calico''s BPF maps or attached programs. Set to 0 to disable XDP
- refresh. [Default: 90s]'
- pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
- type: string
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: globalnetworkpolicies.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: GlobalNetworkPolicy
- listKind: GlobalNetworkPolicyList
- plural: globalnetworkpolicies
- singular: globalnetworkpolicy
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- properties:
- applyOnForward:
- description: ApplyOnForward indicates to apply the rules in this policy
- on forward traffic.
- type: boolean
- doNotTrack:
- description: DoNotTrack indicates whether packets matched by the rules
- in this policy should go through the data plane's connection tracking,
- such as Linux conntrack. If True, the rules in this policy are
- applied before any data plane connection tracking, and packets allowed
- by this policy are marked as not to be tracked.
- type: boolean
- egress:
- description: The ordered set of egress rules. Each rule contains
- a set of packet match criteria and a corresponding action to apply.
- items:
- description: "A Rule encapsulates a set of match criteria and an
- action. Both selector-based security Policy and security Profiles
- reference rules - separated out as a list of rules for both ingress
- and egress packet matching. \n Each positive match criteria has
- a negated version, prefixed with \"Not\". All the match criteria
- within a rule must be satisfied for a packet to match. A single
- rule can contain the positive and negative version of a match
- and both must be satisfied for the rule to match."
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: "NamespaceSelector is an optional field that
- contains a selector expression. Only traffic that originates
- from (or terminates at) endpoints within the selected
- namespaces will be matched. When both NamespaceSelector
- and another selector are defined on the same rule, then
- only workload endpoints that are matched by both selectors
- will be selected by the rule. \n For NetworkPolicy, an
- empty NamespaceSelector implies that the Selector is limited
- to selecting only workload endpoints in the same namespace
- as the NetworkPolicy. \n For NetworkPolicy, `global()`
- NamespaceSelector implies that the Selector is limited
- to selecting only GlobalNetworkSet or HostEndpoint. \n
- For GlobalNetworkPolicy, an empty NamespaceSelector implies
- the Selector applies to workload endpoints across all
- namespaces."
- type: string
- nets:
- description: Nets is an optional field that restricts the
- rule to only apply to traffic that originates from (or
- terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: NotPorts is the negated version of the Ports
- field. Since only some protocols have ports, if any ports
- are specified it requires the Protocol match in the Rule
- to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: NotSelector is the negated version of the Selector
- field. See Selector field for subtleties with negated
- selectors.
- type: string
- ports:
- description: "Ports is an optional field that restricts
- the rule to only apply to traffic that has a source (destination)
- port that matches one of these ranges/values. This value
- is a list of integers or strings that represent ranges
- of ports. \n Since only some protocols have ports, if
- any ports are specified it requires the Protocol match
- in the Rule to be set to \"TCP\" or \"UDP\"."
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for sample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching the selector will be matched. \n Note that: in
- addition to the negated version of the Selector (see NotSelector
- below), the selector expression syntax itself supports
- negation. The two types of negation are subtly different.
- One negates the set of matched endpoints, the other negates
- the whole match: \n \tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled \tendpoints
- that do not have the label \"my_label\". \n \tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled \tendpoints that do have the label \"my_label\".
- \n The effect is that the latter will accept packets from
- non-Calico sources whereas the former is limited to packets
- from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: ServiceAccounts is an optional field that restricts
- the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a matching service
- account.
- properties:
- names:
- description: Names is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: Selector is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account that matches the given label selector. If
- both Names and Selector are specified then they are
- AND'ed.
- type: string
- type: object
- services:
- description: "Services is an optional field that contains
- options for matching Kubernetes Services. If specified,
- only traffic that originates from or terminates at endpoints
- within the selected service(s) will be matched, and only
- to/from each endpoint's port. \n Services cannot be specified
- on the same rule as Selector, NotSelector, NamespaceSelector,
- Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
- can only be specified with Services on ingress rules."
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: Namespace specifies the namespace of the
- given Service. If left empty, the rule will match
- within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: Methods is an optional field that restricts
- the rule to apply only to HTTP requests that use one of
- the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
- methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: 'Paths is an optional field that restricts
- the rule to apply to HTTP requests that use one of the
- listed HTTP Paths. Multiple paths are OR''d together.
- e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
- ONLY specify either a `exact` or a `prefix` match. The
- validator will check for it.'
- items:
- description: 'HTTPPath specifies an HTTP path to match.
- It may be either of the form: exact: <path>: which matches
- the path exactly or prefix: <path-prefix>: which matches
- the path prefix'
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: ICMP is an optional field that restricts the rule
- to apply to a specific type and code of ICMP traffic. This
- should only be specified if the Protocol field is set to "ICMP"
- or "ICMPv6".
- properties:
- code:
- description: Match on a specific ICMP code. If specified,
- the Type value must also be specified. This is a technical
- limitation imposed by the kernel's iptables firewall,
- which Calico uses to enforce the rule.
- type: integer
- type:
- description: Match on a specific ICMP type. For example
- a value of 8 refers to ICMP Echo Request (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: IPVersion is an optional field that restricts the
- rule to only match a specific IP version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: Match on a specific ICMP code. If specified,
- the Type value must also be specified. This is a technical
- limitation imposed by the kernel's iptables firewall,
- which Calico uses to enforce the rule.
- type: integer
- type:
- description: Match on a specific ICMP type. For example
- a value of 8 refers to ICMP Echo Request (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: "Protocol is an optional field that restricts the
- rule to only apply to traffic of a specific IP protocol. Required
- if any of the EntityRules contain Ports (because ports only
- apply to certain protocols). \n Must be one of these string
- values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
- \"UDPLite\" or an integer in the range 1-255."
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: "NamespaceSelector is an optional field that
- contains a selector expression. Only traffic that originates
- from (or terminates at) endpoints within the selected
- namespaces will be matched. When both NamespaceSelector
- and another selector are defined on the same rule, then
- only workload endpoints that are matched by both selectors
- will be selected by the rule. \n For NetworkPolicy, an
- empty NamespaceSelector implies that the Selector is limited
- to selecting only workload endpoints in the same namespace
- as the NetworkPolicy. \n For NetworkPolicy, `global()`
- NamespaceSelector implies that the Selector is limited
- to selecting only GlobalNetworkSet or HostEndpoint. \n
- For GlobalNetworkPolicy, an empty NamespaceSelector implies
- the Selector applies to workload endpoints across all
- namespaces."
- type: string
- nets:
- description: Nets is an optional field that restricts the
- rule to only apply to traffic that originates from (or
- terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: NotPorts is the negated version of the Ports
- field. Since only some protocols have ports, if any ports
- are specified it requires the Protocol match in the Rule
- to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: NotSelector is the negated version of the Selector
- field. See Selector field for subtleties with negated
- selectors.
- type: string
- ports:
- description: "Ports is an optional field that restricts
- the rule to only apply to traffic that has a source (destination)
- port that matches one of these ranges/values. This value
- is a list of integers or strings that represent ranges
- of ports. \n Since only some protocols have ports, if
- any ports are specified it requires the Protocol match
- in the Rule to be set to \"TCP\" or \"UDP\"."
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for sample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching the selector will be matched. \n Note that: in
- addition to the negated version of the Selector (see NotSelector
- below), the selector expression syntax itself supports
- negation. The two types of negation are subtly different.
- One negates the set of matched endpoints, the other negates
- the whole match: \n \tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled \tendpoints
- that do not have the label \"my_label\". \n \tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled \tendpoints that do have the label \"my_label\".
- \n The effect is that the latter will accept packets from
- non-Calico sources whereas the former is limited to packets
- from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: ServiceAccounts is an optional field that restricts
- the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a matching service
- account.
- properties:
- names:
- description: Names is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: Selector is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account that matches the given label selector. If
- both Names and Selector are specified then they are
- AND'ed.
- type: string
- type: object
- services:
- description: "Services is an optional field that contains
- options for matching Kubernetes Services. If specified,
- only traffic that originates from or terminates at endpoints
- within the selected service(s) will be matched, and only
- to/from each endpoint's port. \n Services cannot be specified
- on the same rule as Selector, NotSelector, NamespaceSelector,
- Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
- can only be specified with Services on ingress rules."
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: Namespace specifies the namespace of the
- given Service. If left empty, the rule will match
- within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- ingress:
- description: The ordered set of ingress rules. Each rule contains
- a set of packet match criteria and a corresponding action to apply.
- items:
- description: "A Rule encapsulates a set of match criteria and an
- action. Both selector-based security Policy and security Profiles
- reference rules - separated out as a list of rules for both ingress
- and egress packet matching. \n Each positive match criteria has
- a negated version, prefixed with \"Not\". All the match criteria
- within a rule must be satisfied for a packet to match. A single
- rule can contain the positive and negative version of a match
- and both must be satisfied for the rule to match."
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: "NamespaceSelector is an optional field that
- contains a selector expression. Only traffic that originates
- from (or terminates at) endpoints within the selected
- namespaces will be matched. When both NamespaceSelector
- and another selector are defined on the same rule, then
- only workload endpoints that are matched by both selectors
- will be selected by the rule. \n For NetworkPolicy, an
- empty NamespaceSelector implies that the Selector is limited
- to selecting only workload endpoints in the same namespace
- as the NetworkPolicy. \n For NetworkPolicy, `global()`
- NamespaceSelector implies that the Selector is limited
- to selecting only GlobalNetworkSet or HostEndpoint. \n
- For GlobalNetworkPolicy, an empty NamespaceSelector implies
- the Selector applies to workload endpoints across all
- namespaces."
- type: string
- nets:
- description: Nets is an optional field that restricts the
- rule to only apply to traffic that originates from (or
- terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: NotPorts is the negated version of the Ports
- field. Since only some protocols have ports, if any ports
- are specified it requires the Protocol match in the Rule
- to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: NotSelector is the negated version of the Selector
- field. See Selector field for subtleties with negated
- selectors.
- type: string
- ports:
- description: "Ports is an optional field that restricts
- the rule to only apply to traffic that has a source (destination)
- port that matches one of these ranges/values. This value
- is a list of integers or strings that represent ranges
- of ports. \n Since only some protocols have ports, if
- any ports are specified it requires the Protocol match
- in the Rule to be set to \"TCP\" or \"UDP\"."
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for sample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching the selector will be matched. \n Note that: in
- addition to the negated version of the Selector (see NotSelector
- below), the selector expression syntax itself supports
- negation. The two types of negation are subtly different.
- One negates the set of matched endpoints, the other negates
- the whole match: \n \tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled \tendpoints
- that do not have the label \"my_label\". \n \tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled \tendpoints that do have the label \"my_label\".
- \n The effect is that the latter will accept packets from
- non-Calico sources whereas the former is limited to packets
- from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: ServiceAccounts is an optional field that restricts
- the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a matching service
- account.
- properties:
- names:
- description: Names is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: Selector is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account that matches the given label selector. If
- both Names and Selector are specified then they are
- AND'ed.
- type: string
- type: object
- services:
- description: "Services is an optional field that contains
- options for matching Kubernetes Services. If specified,
- only traffic that originates from or terminates at endpoints
- within the selected service(s) will be matched, and only
- to/from each endpoint's port. \n Services cannot be specified
- on the same rule as Selector, NotSelector, NamespaceSelector,
- Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
- can only be specified with Services on ingress rules."
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: Namespace specifies the namespace of the
- given Service. If left empty, the rule will match
- within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: Methods is an optional field that restricts
- the rule to apply only to HTTP requests that use one of
- the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
- methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: 'Paths is an optional field that restricts
- the rule to apply to HTTP requests that use one of the
- listed HTTP Paths. Multiple paths are OR''d together.
- e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
- ONLY specify either a `exact` or a `prefix` match. The
- validator will check for it.'
- items:
- description: 'HTTPPath specifies an HTTP path to match.
- It may be either of the form: exact: <path>: which matches
- the path exactly or prefix: <path-prefix>: which matches
- the path prefix'
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: ICMP is an optional field that restricts the rule
- to apply to a specific type and code of ICMP traffic. This
- should only be specified if the Protocol field is set to "ICMP"
- or "ICMPv6".
- properties:
- code:
- description: Match on a specific ICMP code. If specified,
- the Type value must also be specified. This is a technical
- limitation imposed by the kernel's iptables firewall,
- which Calico uses to enforce the rule.
- type: integer
- type:
- description: Match on a specific ICMP type. For example
- a value of 8 refers to ICMP Echo Request (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: IPVersion is an optional field that restricts the
- rule to only match a specific IP version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: Match on a specific ICMP code. If specified,
- the Type value must also be specified. This is a technical
- limitation imposed by the kernel's iptables firewall,
- which Calico uses to enforce the rule.
- type: integer
- type:
- description: Match on a specific ICMP type. For example
- a value of 8 refers to ICMP Echo Request (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: "Protocol is an optional field that restricts the
- rule to only apply to traffic of a specific IP protocol. Required
- if any of the EntityRules contain Ports (because ports only
- apply to certain protocols). \n Must be one of these string
- values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
- \"UDPLite\" or an integer in the range 1-255."
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: "NamespaceSelector is an optional field that
- contains a selector expression. Only traffic that originates
- from (or terminates at) endpoints within the selected
- namespaces will be matched. When both NamespaceSelector
- and another selector are defined on the same rule, then
- only workload endpoints that are matched by both selectors
- will be selected by the rule. \n For NetworkPolicy, an
- empty NamespaceSelector implies that the Selector is limited
- to selecting only workload endpoints in the same namespace
- as the NetworkPolicy. \n For NetworkPolicy, `global()`
- NamespaceSelector implies that the Selector is limited
- to selecting only GlobalNetworkSet or HostEndpoint. \n
- For GlobalNetworkPolicy, an empty NamespaceSelector implies
- the Selector applies to workload endpoints across all
- namespaces."
- type: string
- nets:
- description: Nets is an optional field that restricts the
- rule to only apply to traffic that originates from (or
- terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: NotPorts is the negated version of the Ports
- field. Since only some protocols have ports, if any ports
- are specified it requires the Protocol match in the Rule
- to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: NotSelector is the negated version of the Selector
- field. See Selector field for subtleties with negated
- selectors.
- type: string
- ports:
- description: "Ports is an optional field that restricts
- the rule to only apply to traffic that has a source (destination)
- port that matches one of these ranges/values. This value
- is a list of integers or strings that represent ranges
- of ports. \n Since only some protocols have ports, if
- any ports are specified it requires the Protocol match
- in the Rule to be set to \"TCP\" or \"UDP\"."
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for sample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching the selector will be matched. \n Note that: in
- addition to the negated version of the Selector (see NotSelector
- below), the selector expression syntax itself supports
- negation. The two types of negation are subtly different.
- One negates the set of matched endpoints, the other negates
- the whole match: \n \tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled \tendpoints
- that do not have the label \"my_label\". \n \tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled \tendpoints that do have the label \"my_label\".
- \n The effect is that the latter will accept packets from
- non-Calico sources whereas the former is limited to packets
- from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: ServiceAccounts is an optional field that restricts
- the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a matching service
- account.
- properties:
- names:
- description: Names is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: Selector is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account that matches the given label selector. If
- both Names and Selector are specified then they are
- AND'ed.
- type: string
- type: object
- services:
- description: "Services is an optional field that contains
- options for matching Kubernetes Services. If specified,
- only traffic that originates from or terminates at endpoints
- within the selected service(s) will be matched, and only
- to/from each endpoint's port. \n Services cannot be specified
- on the same rule as Selector, NotSelector, NamespaceSelector,
- Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
- can only be specified with Services on ingress rules."
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: Namespace specifies the namespace of the
- given Service. If left empty, the rule will match
- within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- namespaceSelector:
- description: NamespaceSelector is an optional field for an expression
- used to select a pod based on namespaces.
- type: string
- order:
- description: Order is an optional field that specifies the order in
- which the policy is applied. Policies with higher "order" are applied
- after those with lower order. If the order is omitted, it may be
- considered to be "infinite" - i.e. the policy will be applied last. Policies
- with identical order will be applied in alphanumerical order based
- on the Policy "Name".
- type: number
- performanceHints:
- description: "PerformanceHints contains a list of hints to Calico's
- policy engine to help process the policy more efficiently. Hints
- never change the enforcement behaviour of the policy. \n Currently,
- the only available hint is \"AssumeNeededOnEveryNode\". When that
- hint is set on a policy, Felix will act as if the policy matches
- a local endpoint even if it does not. This is useful for \"preloading\"
- any large static policies that are known to be used on every node.
- If the policy is _not_ used on a particular node then the work done
- to preload the policy (and to maintain it) is wasted."
- items:
- type: string
- type: array
- preDNAT:
- description: PreDNAT indicates to apply the rules in this policy before
- any DNAT.
- type: boolean
- selector:
- description: "The selector is an expression used to pick out the endpoints
- that the policy should be applied to. \n Selector expressions follow
- this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g.
- my_label == \"foo bar\" \tlabel != \"string_literal\" -> not
- equal; also matches if label is not present \tlabel in { \"a\",
- \"b\", \"c\", ... } -> true if the value of label X is one of
- \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... }
- \ -> true if the value of label X is not one of \"a\", \"b\", \"c\"
- \thas(label_name) -> True if that label is present \t! expr ->
- negation of expr \texpr && expr -> Short-circuit and \texpr ||
- expr -> Short-circuit or \t( expr ) -> parens for grouping \tall()
- or the empty selector -> matches all endpoints. \n Label names are
- allowed to contain alphanumerics, -, _ and /. String literals are
- more permissive but they do not support escape characters. \n Examples
- (with made-up labels): \n \ttype == \"webserver\" && deployment
- == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment !=
- \"dev\" \t! has(label_name)"
- type: string
- serviceAccountSelector:
- description: ServiceAccountSelector is an optional field for an expression
- used to select a pod based on service accounts.
- type: string
- types:
- description: "Types indicates whether this policy applies to ingress,
- or to egress, or to both. When not explicitly specified (and so
- the value on creation is empty or nil), Calico defaults Types according
- to what Ingress and Egress rules are present in the policy. The
- default is: \n - [ PolicyTypeIngress ], if there are no Egress rules
- (including the case where there are also no Ingress rules) \n
- - [ PolicyTypeEgress ], if there are Egress rules but no Ingress
- rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are
- both Ingress and Egress rules. \n When the policy is read back again,
- Types will always be one of these values, never empty or nil."
- items:
- description: PolicyType enumerates the possible values of the PolicySpec
- Types field.
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: globalnetworksets.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: GlobalNetworkSet
- listKind: GlobalNetworkSetList
- plural: globalnetworksets
- singular: globalnetworkset
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs
- that share labels to allow rules to refer to them via selectors. The labels
- of GlobalNetworkSet are not namespaced.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GlobalNetworkSetSpec contains the specification for a NetworkSet
- resource.
- properties:
- nets:
- description: The list of IP networks that belong to this set.
- items:
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: hostendpoints.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: HostEndpoint
- listKind: HostEndpointList
- plural: hostendpoints
- singular: hostendpoint
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HostEndpointSpec contains the specification for a HostEndpoint
- resource.
- properties:
- expectedIPs:
- description: "The expected IP addresses (IPv4 and IPv6) of the endpoint.
- If \"InterfaceName\" is not present, Calico will look for an interface
- matching any of the IPs in the list and apply policy to that. Note:
- \tWhen using the selector match criteria in an ingress or egress
- security Policy \tor Profile, Calico converts the selector into
- a set of IP addresses. For host \tendpoints, the ExpectedIPs field
- is used for that purpose. (If only the interface \tname is specified,
- Calico does not learn the IPs of the interface for use in match
- \tcriteria.)"
- items:
- type: string
- type: array
- interfaceName:
- description: "Either \"*\", or the name of a specific Linux interface
- to apply policy to; or empty. \"*\" indicates that this HostEndpoint
- governs all traffic to, from or through the default network namespace
- of the host named by the \"Node\" field; entering and leaving that
- namespace via any interface, including those from/to non-host-networked
- local workloads. \n If InterfaceName is not \"*\", this HostEndpoint
- only governs traffic that enters or leaves the host through the
- specific interface named by InterfaceName, or - when InterfaceName
- is empty - through the specific interface that has one of the IPs
- in ExpectedIPs. Therefore, when InterfaceName is empty, at least
- one expected IP must be specified. Only external interfaces (such
- as \"eth0\") are supported here; it isn't possible for a HostEndpoint
- to protect traffic through a specific local workload interface.
- \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints;
- initially just pre-DNAT policy. Please check Calico documentation
- for the latest position."
- type: string
- node:
- description: The node name identifying the Calico node instance.
- type: string
- ports:
- description: Ports contains the endpoint's named ports, which may
- be referenced in security policy rules.
- items:
- properties:
- name:
- type: string
- port:
- type: integer
- protocol:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- required:
- - name
- - port
- - protocol
- type: object
- type: array
- profiles:
- description: A list of identifiers of security Profile objects that
- apply to this endpoint. Each profile is applied in the order that
- they appear in this list. Profile rules are applied after the selector-based
- security policy.
- items:
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: ipamblocks.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPAMBlock
- listKind: IPAMBlockList
- plural: ipamblocks
- singular: ipamblock
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: IPAMBlockSpec contains the specification for an IPAMBlock
- resource.
- properties:
- affinity:
- description: Affinity of the block, if this block has one. If set,
- it will be of the form "host:<hostname>". If not set, this block
- is not affine to a host.
- type: string
- allocations:
- description: Array of allocations in-use within this block. nil entries
- mean the allocation is free. For non-nil entries at index i, the
- index is the ordinal of the allocation within this block and the
- value is the index of the associated attributes in the Attributes
- array.
- items:
- type: integer
- # TODO: This nullable is manually added in. We should update controller-gen
- # to handle []*int properly itself.
- nullable: true
- type: array
- attributes:
- description: Attributes is an array of arbitrary metadata associated
- with allocations in the block. To find attributes for a given allocation,
- use the value of the allocation's entry in the Allocations array
- as the index of the element in this array.
- items:
- properties:
- handle_id:
- type: string
- secondary:
- additionalProperties:
- type: string
- type: object
- type: object
- type: array
- cidr:
- description: The block's CIDR.
- type: string
- deleted:
- description: Deleted is an internal boolean used to workaround a limitation
- in the Kubernetes API whereby deletion will not return a conflict
- error if the block has been updated. It should not be set manually.
- type: boolean
- sequenceNumber:
- default: 0
- description: We store a sequence number that is updated each time
- the block is written. Each allocation will also store the sequence
- number of the block at the time of its creation. When releasing
- an IP, passing the sequence number associated with the allocation
- allows us to protect against a race condition and ensure the IP
- hasn't been released and re-allocated since the release request.
- format: int64
- type: integer
- sequenceNumberForAllocation:
- additionalProperties:
- format: int64
- type: integer
- description: Map of allocated ordinal within the block to sequence
- number of the block at the time of allocation. Kubernetes does not
- allow numerical keys for maps, so the key is cast to a string.
- type: object
- strictAffinity:
- description: StrictAffinity on the IPAMBlock is deprecated and no
- longer used by the code. Use IPAMConfig StrictAffinity instead.
- type: boolean
- unallocated:
- description: Unallocated is an ordered list of allocations which are
- free in the block.
- items:
- type: integer
- type: array
- required:
- - allocations
- - attributes
- - cidr
- - strictAffinity
- - unallocated
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: ipamconfigs.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPAMConfig
- listKind: IPAMConfigList
- plural: ipamconfigs
- singular: ipamconfig
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: IPAMConfigSpec contains the specification for an IPAMConfig
- resource.
- properties:
- autoAllocateBlocks:
- type: boolean
- maxBlocksPerHost:
- description: MaxBlocksPerHost, if non-zero, is the max number of blocks
- that can be affine to each host.
- maximum: 2147483647
- minimum: 0
- type: integer
- strictAffinity:
- type: boolean
- required:
- - autoAllocateBlocks
- - strictAffinity
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: ipamhandles.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPAMHandle
- listKind: IPAMHandleList
- plural: ipamhandles
- singular: ipamhandle
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: IPAMHandleSpec contains the specification for an IPAMHandle
- resource.
- properties:
- block:
- additionalProperties:
- type: integer
- type: object
- deleted:
- type: boolean
- handleID:
- type: string
- required:
- - block
- - handleID
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: ippools.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPPool
- listKind: IPPoolList
- plural: ippools
- singular: ippool
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: IPPoolSpec contains the specification for an IPPool resource.
- properties:
- allowedUses:
- description: AllowedUse controls what the IP pool will be used for. If
- not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility
- items:
- type: string
- type: array
- blockSize:
- description: The block size to use for IP address assignments from
- this pool. Defaults to 26 for IPv4 and 122 for IPv6.
- type: integer
- cidr:
- description: The pool CIDR.
- type: string
- disableBGPExport:
- description: 'Disable exporting routes from this IP Pool''s CIDR over
- BGP. [Default: false]'
- type: boolean
- disabled:
- description: When disabled is true, Calico IPAM will not assign addresses
- from this pool.
- type: boolean
- ipip:
- description: 'Deprecated: this field is only used for APIv1 backwards
- compatibility. Setting this field is not allowed, this field is
- for internal use only.'
- properties:
- enabled:
- description: When enabled is true, ipip tunneling will be used
- to deliver packets to destinations within this pool.
- type: boolean
- mode:
- description: The IPIP mode. This can be one of "always" or "cross-subnet". A
- mode of "always" will also use IPIP tunneling for routing to
- destination IP addresses within this pool. A mode of "cross-subnet"
- will only use IPIP tunneling when the destination node is on
- a different subnet to the originating node. The default value
- (if not specified) is "always".
- type: string
- type: object
- ipipMode:
- description: Contains configuration for IPIP tunneling for this pool.
- If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling
- is disabled).
- type: string
- nat-outgoing:
- description: 'Deprecated: this field is only used for APIv1 backwards
- compatibility. Setting this field is not allowed, this field is
- for internal use only.'
- type: boolean
- natOutgoing:
- description: When natOutgoing is true, packets sent from Calico networked
- containers in this pool to destinations outside of this pool will
- be masqueraded.
- type: boolean
- nodeSelector:
- description: Allows IPPool to allocate for a specific node by label
- selector.
- type: string
- vxlanMode:
- description: Contains configuration for VXLAN tunneling for this pool.
- If not specified, then this is defaulted to "Never" (i.e. VXLAN
- tunneling is disabled).
- type: string
- required:
- - cidr
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: (devel)
- creationTimestamp: null
- name: ipreservations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: IPReservation
- listKind: IPReservationList
- plural: ipreservations
- singular: ipreservation
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: IPReservationSpec contains the specification for an IPReservation
- resource.
- properties:
- reservedCIDRs:
- description: ReservedCIDRs is a list of CIDRs and/or IP addresses
- that Calico IPAM will exclude from new allocations.
- items:
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: kubecontrollersconfigurations.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: KubeControllersConfiguration
- listKind: KubeControllersConfigurationList
- plural: kubecontrollersconfigurations
- singular: kubecontrollersconfiguration
- preserveUnknownFields: false
- scope: Cluster
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KubeControllersConfigurationSpec contains the values of the
- Kubernetes controllers configuration.
- properties:
- controllers:
- description: Controllers enables and configures individual Kubernetes
- controllers
- properties:
- namespace:
- description: Namespace enables and configures the namespace controller.
- Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- type: object
- node:
- description: Node enables and configures the node controller.
- Enabled by default, set to nil to disable.
- properties:
- hostEndpoint:
- description: HostEndpoint controls syncing nodes to host endpoints.
- Disabled by default, set to nil to disable.
- properties:
- autoCreate:
- description: 'AutoCreate enables automatic creation of
- host endpoints for every node. [Default: Disabled]'
- type: string
- type: object
- leakGracePeriod:
- description: 'LeakGracePeriod is the period used by the controller
- to determine if an IP address has been leaked. Set to 0
- to disable IP garbage collection. [Default: 15m]'
- type: string
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- syncLabels:
- description: 'SyncLabels controls whether to copy Kubernetes
- node labels to Calico nodes. [Default: Enabled]'
- type: string
- type: object
- policy:
- description: Policy enables and configures the policy controller.
- Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- type: object
- serviceAccount:
- description: ServiceAccount enables and configures the service
- account controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- type: object
- workloadEndpoint:
- description: WorkloadEndpoint enables and configures the workload
- endpoint controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform reconciliation
- with the Calico datastore. [Default: 5m]'
- type: string
- type: object
- type: object
- debugProfilePort:
- description: DebugProfilePort configures the port to serve memory
- and cpu profiles on. If not specified, profiling is disabled.
- format: int32
- type: integer
- etcdV3CompactionPeriod:
- description: 'EtcdV3CompactionPeriod is the period between etcdv3
- compaction requests. Set to 0 to disable. [Default: 10m]'
- type: string
- healthChecks:
- description: 'HealthChecks enables or disables support for health
- checks [Default: Enabled]'
- type: string
- logSeverityScreen:
- description: 'LogSeverityScreen is the log severity above which logs
- are sent to the stdout. [Default: Info]'
- type: string
- prometheusMetricsPort:
- description: 'PrometheusMetricsPort is the TCP port that the Prometheus
- metrics server should bind to. Set to 0 to disable. [Default: 9094]'
- type: integer
- required:
- - controllers
- type: object
- status:
- description: KubeControllersConfigurationStatus represents the status
- of the configuration. It's useful for admins to be able to see the actual
- config that was applied, which can be modified by environment variables
- on the kube-controllers process.
- properties:
- environmentVars:
- additionalProperties:
- type: string
- description: EnvironmentVars contains the environment variables on
- the kube-controllers that influenced the RunningConfig.
- type: object
- runningConfig:
- description: RunningConfig contains the effective config that is running
- in the kube-controllers pod, after merging the API resource with
- any environment variables.
- properties:
- controllers:
- description: Controllers enables and configures individual Kubernetes
- controllers
- properties:
- namespace:
- description: Namespace enables and configures the namespace
- controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- type: object
- node:
- description: Node enables and configures the node controller.
- Enabled by default, set to nil to disable.
- properties:
- hostEndpoint:
- description: HostEndpoint controls syncing nodes to host
- endpoints. Disabled by default, set to nil to disable.
- properties:
- autoCreate:
- description: 'AutoCreate enables automatic creation
- of host endpoints for every node. [Default: Disabled]'
- type: string
- type: object
- leakGracePeriod:
- description: 'LeakGracePeriod is the period used by the
- controller to determine if an IP address has been leaked.
- Set to 0 to disable IP garbage collection. [Default:
- 15m]'
- type: string
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- syncLabels:
- description: 'SyncLabels controls whether to copy Kubernetes
- node labels to Calico nodes. [Default: Enabled]'
- type: string
- type: object
- policy:
- description: Policy enables and configures the policy controller.
- Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- type: object
- serviceAccount:
- description: ServiceAccount enables and configures the service
- account controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- type: object
- workloadEndpoint:
- description: WorkloadEndpoint enables and configures the workload
- endpoint controller. Enabled by default, set to nil to disable.
- properties:
- reconcilerPeriod:
- description: 'ReconcilerPeriod is the period to perform
- reconciliation with the Calico datastore. [Default:
- 5m]'
- type: string
- type: object
- type: object
- debugProfilePort:
- description: DebugProfilePort configures the port to serve memory
- and cpu profiles on. If not specified, profiling is disabled.
- format: int32
- type: integer
- etcdV3CompactionPeriod:
- description: 'EtcdV3CompactionPeriod is the period between etcdv3
- compaction requests. Set to 0 to disable. [Default: 10m]'
- type: string
- healthChecks:
- description: 'HealthChecks enables or disables support for health
- checks [Default: Enabled]'
- type: string
- logSeverityScreen:
- description: 'LogSeverityScreen is the log severity above which
- logs are sent to the stdout. [Default: Info]'
- type: string
- prometheusMetricsPort:
- description: 'PrometheusMetricsPort is the TCP port that the Prometheus
- metrics server should bind to. Set to 0 to disable. [Default:
- 9094]'
- type: integer
- required:
- - controllers
- type: object
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: networkpolicies.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: NetworkPolicy
- listKind: NetworkPolicyList
- plural: networkpolicies
- singular: networkpolicy
- preserveUnknownFields: false
- scope: Namespaced
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- properties:
- egress:
- description: The ordered set of egress rules. Each rule contains
- a set of packet match criteria and a corresponding action to apply.
- items:
- description: "A Rule encapsulates a set of match criteria and an
- action. Both selector-based security Policy and security Profiles
- reference rules - separated out as a list of rules for both ingress
- and egress packet matching. \n Each positive match criteria has
- a negated version, prefixed with \"Not\". All the match criteria
- within a rule must be satisfied for a packet to match. A single
- rule can contain the positive and negative version of a match
- and both must be satisfied for the rule to match."
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: "NamespaceSelector is an optional field that
- contains a selector expression. Only traffic that originates
- from (or terminates at) endpoints within the selected
- namespaces will be matched. When both NamespaceSelector
- and another selector are defined on the same rule, then
- only workload endpoints that are matched by both selectors
- will be selected by the rule. \n For NetworkPolicy, an
- empty NamespaceSelector implies that the Selector is limited
- to selecting only workload endpoints in the same namespace
- as the NetworkPolicy. \n For NetworkPolicy, `global()`
- NamespaceSelector implies that the Selector is limited
- to selecting only GlobalNetworkSet or HostEndpoint. \n
- For GlobalNetworkPolicy, an empty NamespaceSelector implies
- the Selector applies to workload endpoints across all
- namespaces."
- type: string
- nets:
- description: Nets is an optional field that restricts the
- rule to only apply to traffic that originates from (or
- terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: NotPorts is the negated version of the Ports
- field. Since only some protocols have ports, if any ports
- are specified it requires the Protocol match in the Rule
- to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: NotSelector is the negated version of the Selector
- field. See Selector field for subtleties with negated
- selectors.
- type: string
- ports:
- description: "Ports is an optional field that restricts
- the rule to only apply to traffic that has a source (destination)
- port that matches one of these ranges/values. This value
- is a list of integers or strings that represent ranges
- of ports. \n Since only some protocols have ports, if
- any ports are specified it requires the Protocol match
- in the Rule to be set to \"TCP\" or \"UDP\"."
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for sample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching the selector will be matched. \n Note that: in
- addition to the negated version of the Selector (see NotSelector
- below), the selector expression syntax itself supports
- negation. The two types of negation are subtly different.
- One negates the set of matched endpoints, the other negates
- the whole match: \n \tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled \tendpoints
- that do not have the label \"my_label\". \n \tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled \tendpoints that do have the label \"my_label\".
- \n The effect is that the latter will accept packets from
- non-Calico sources whereas the former is limited to packets
- from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: ServiceAccounts is an optional field that restricts
- the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a matching service
- account.
- properties:
- names:
- description: Names is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: Selector is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account that matches the given label selector. If
- both Names and Selector are specified then they are
- AND'ed.
- type: string
- type: object
- services:
- description: "Services is an optional field that contains
- options for matching Kubernetes Services. If specified,
- only traffic that originates from or terminates at endpoints
- within the selected service(s) will be matched, and only
- to/from each endpoint's port. \n Services cannot be specified
- on the same rule as Selector, NotSelector, NamespaceSelector,
- Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
- can only be specified with Services on ingress rules."
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: Namespace specifies the namespace of the
- given Service. If left empty, the rule will match
- within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: Methods is an optional field that restricts
- the rule to apply only to HTTP requests that use one of
- the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
- methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: 'Paths is an optional field that restricts
- the rule to apply to HTTP requests that use one of the
- listed HTTP Paths. Multiple paths are OR''d together.
- e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
- ONLY specify either a `exact` or a `prefix` match. The
- validator will check for it.'
- items:
- description: 'HTTPPath specifies an HTTP path to match.
- It may be either of the form: exact: <path>: which matches
- the path exactly or prefix: <path-prefix>: which matches
- the path prefix'
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: ICMP is an optional field that restricts the rule
- to apply to a specific type and code of ICMP traffic. This
- should only be specified if the Protocol field is set to "ICMP"
- or "ICMPv6".
- properties:
- code:
- description: Match on a specific ICMP code. If specified,
- the Type value must also be specified. This is a technical
- limitation imposed by the kernel's iptables firewall,
- which Calico uses to enforce the rule.
- type: integer
- type:
- description: Match on a specific ICMP type. For example
- a value of 8 refers to ICMP Echo Request (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: IPVersion is an optional field that restricts the
- rule to only match a specific IP version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: Match on a specific ICMP code. If specified,
- the Type value must also be specified. This is a technical
- limitation imposed by the kernel's iptables firewall,
- which Calico uses to enforce the rule.
- type: integer
- type:
- description: Match on a specific ICMP type. For example
- a value of 8 refers to ICMP Echo Request (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: "Protocol is an optional field that restricts the
- rule to only apply to traffic of a specific IP protocol. Required
- if any of the EntityRules contain Ports (because ports only
- apply to certain protocols). \n Must be one of these string
- values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
- \"UDPLite\" or an integer in the range 1-255."
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: "NamespaceSelector is an optional field that
- contains a selector expression. Only traffic that originates
- from (or terminates at) endpoints within the selected
- namespaces will be matched. When both NamespaceSelector
- and another selector are defined on the same rule, then
- only workload endpoints that are matched by both selectors
- will be selected by the rule. \n For NetworkPolicy, an
- empty NamespaceSelector implies that the Selector is limited
- to selecting only workload endpoints in the same namespace
- as the NetworkPolicy. \n For NetworkPolicy, `global()`
- NamespaceSelector implies that the Selector is limited
- to selecting only GlobalNetworkSet or HostEndpoint. \n
- For GlobalNetworkPolicy, an empty NamespaceSelector implies
- the Selector applies to workload endpoints across all
- namespaces."
- type: string
- nets:
- description: Nets is an optional field that restricts the
- rule to only apply to traffic that originates from (or
- terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: NotPorts is the negated version of the Ports
- field. Since only some protocols have ports, if any ports
- are specified it requires the Protocol match in the Rule
- to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: NotSelector is the negated version of the Selector
- field. See Selector field for subtleties with negated
- selectors.
- type: string
- ports:
- description: "Ports is an optional field that restricts
- the rule to only apply to traffic that has a source (destination)
- port that matches one of these ranges/values. This value
- is a list of integers or strings that represent ranges
- of ports. \n Since only some protocols have ports, if
- any ports are specified it requires the Protocol match
- in the Rule to be set to \"TCP\" or \"UDP\"."
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for sample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching the selector will be matched. \n Note that: in
- addition to the negated version of the Selector (see NotSelector
- below), the selector expression syntax itself supports
- negation. The two types of negation are subtly different.
- One negates the set of matched endpoints, the other negates
- the whole match: \n \tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled \tendpoints
- that do not have the label \"my_label\". \n \tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled \tendpoints that do have the label \"my_label\".
- \n The effect is that the latter will accept packets from
- non-Calico sources whereas the former is limited to packets
- from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: ServiceAccounts is an optional field that restricts
- the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a matching service
- account.
- properties:
- names:
- description: Names is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: Selector is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account that matches the given label selector. If
- both Names and Selector are specified then they are
- AND'ed.
- type: string
- type: object
- services:
- description: "Services is an optional field that contains
- options for matching Kubernetes Services. If specified,
- only traffic that originates from or terminates at endpoints
- within the selected service(s) will be matched, and only
- to/from each endpoint's port. \n Services cannot be specified
- on the same rule as Selector, NotSelector, NamespaceSelector,
- Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
- can only be specified with Services on ingress rules."
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: Namespace specifies the namespace of the
- given Service. If left empty, the rule will match
- within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- ingress:
- description: The ordered set of ingress rules. Each rule contains
- a set of packet match criteria and a corresponding action to apply.
- items:
- description: "A Rule encapsulates a set of match criteria and an
- action. Both selector-based security Policy and security Profiles
- reference rules - separated out as a list of rules for both ingress
- and egress packet matching. \n Each positive match criteria has
- a negated version, prefixed with \"Not\". All the match criteria
- within a rule must be satisfied for a packet to match. A single
- rule can contain the positive and negative version of a match
- and both must be satisfied for the rule to match."
- properties:
- action:
- type: string
- destination:
- description: Destination contains the match criteria that apply
- to destination entity.
- properties:
- namespaceSelector:
- description: "NamespaceSelector is an optional field that
- contains a selector expression. Only traffic that originates
- from (or terminates at) endpoints within the selected
- namespaces will be matched. When both NamespaceSelector
- and another selector are defined on the same rule, then
- only workload endpoints that are matched by both selectors
- will be selected by the rule. \n For NetworkPolicy, an
- empty NamespaceSelector implies that the Selector is limited
- to selecting only workload endpoints in the same namespace
- as the NetworkPolicy. \n For NetworkPolicy, `global()`
- NamespaceSelector implies that the Selector is limited
- to selecting only GlobalNetworkSet or HostEndpoint. \n
- For GlobalNetworkPolicy, an empty NamespaceSelector implies
- the Selector applies to workload endpoints across all
- namespaces."
- type: string
- nets:
- description: Nets is an optional field that restricts the
- rule to only apply to traffic that originates from (or
- terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: NotPorts is the negated version of the Ports
- field. Since only some protocols have ports, if any ports
- are specified it requires the Protocol match in the Rule
- to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: NotSelector is the negated version of the Selector
- field. See Selector field for subtleties with negated
- selectors.
- type: string
- ports:
- description: "Ports is an optional field that restricts
- the rule to only apply to traffic that has a source (destination)
- port that matches one of these ranges/values. This value
- is a list of integers or strings that represent ranges
- of ports. \n Since only some protocols have ports, if
- any ports are specified it requires the Protocol match
- in the Rule to be set to \"TCP\" or \"UDP\"."
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for sample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching the selector will be matched. \n Note that: in
- addition to the negated version of the Selector (see NotSelector
- below), the selector expression syntax itself supports
- negation. The two types of negation are subtly different.
- One negates the set of matched endpoints, the other negates
- the whole match: \n \tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled \tendpoints
- that do not have the label \"my_label\". \n \tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled \tendpoints that do have the label \"my_label\".
- \n The effect is that the latter will accept packets from
- non-Calico sources whereas the former is limited to packets
- from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: ServiceAccounts is an optional field that restricts
- the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a matching service
- account.
- properties:
- names:
- description: Names is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: Selector is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account that matches the given label selector. If
- both Names and Selector are specified then they are
- AND'ed.
- type: string
- type: object
- services:
- description: "Services is an optional field that contains
- options for matching Kubernetes Services. If specified,
- only traffic that originates from or terminates at endpoints
- within the selected service(s) will be matched, and only
- to/from each endpoint's port. \n Services cannot be specified
- on the same rule as Selector, NotSelector, NamespaceSelector,
- Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
- can only be specified with Services on ingress rules."
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: Namespace specifies the namespace of the
- given Service. If left empty, the rule will match
- within this policy's namespace.
- type: string
- type: object
- type: object
- http:
- description: HTTP contains match criteria that apply to HTTP
- requests.
- properties:
- methods:
- description: Methods is an optional field that restricts
- the rule to apply only to HTTP requests that use one of
- the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
- methods are OR'd together.
- items:
- type: string
- type: array
- paths:
- description: 'Paths is an optional field that restricts
- the rule to apply to HTTP requests that use one of the
- listed HTTP Paths. Multiple paths are OR''d together.
- e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
- ONLY specify either a `exact` or a `prefix` match. The
- validator will check for it.'
- items:
- description: 'HTTPPath specifies an HTTP path to match.
- It may be either of the form: exact: <path>: which matches
- the path exactly or prefix: <path-prefix>: which matches
- the path prefix'
- properties:
- exact:
- type: string
- prefix:
- type: string
- type: object
- type: array
- type: object
- icmp:
- description: ICMP is an optional field that restricts the rule
- to apply to a specific type and code of ICMP traffic. This
- should only be specified if the Protocol field is set to "ICMP"
- or "ICMPv6".
- properties:
- code:
- description: Match on a specific ICMP code. If specified,
- the Type value must also be specified. This is a technical
- limitation imposed by the kernel's iptables firewall,
- which Calico uses to enforce the rule.
- type: integer
- type:
- description: Match on a specific ICMP type. For example
- a value of 8 refers to ICMP Echo Request (i.e. pings).
- type: integer
- type: object
- ipVersion:
- description: IPVersion is an optional field that restricts the
- rule to only match a specific IP version.
- type: integer
- metadata:
- description: Metadata contains additional information for this
- rule
- properties:
- annotations:
- additionalProperties:
- type: string
- description: Annotations is a set of key value pairs that
- give extra information about the rule
- type: object
- type: object
- notICMP:
- description: NotICMP is the negated version of the ICMP field.
- properties:
- code:
- description: Match on a specific ICMP code. If specified,
- the Type value must also be specified. This is a technical
- limitation imposed by the kernel's iptables firewall,
- which Calico uses to enforce the rule.
- type: integer
- type:
- description: Match on a specific ICMP type. For example
- a value of 8 refers to ICMP Echo Request (i.e. pings).
- type: integer
- type: object
- notProtocol:
- anyOf:
- - type: integer
- - type: string
- description: NotProtocol is the negated version of the Protocol
- field.
- pattern: ^.*
- x-kubernetes-int-or-string: true
- protocol:
- anyOf:
- - type: integer
- - type: string
- description: "Protocol is an optional field that restricts the
- rule to only apply to traffic of a specific IP protocol. Required
- if any of the EntityRules contain Ports (because ports only
- apply to certain protocols). \n Must be one of these string
- values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
- \"UDPLite\" or an integer in the range 1-255."
- pattern: ^.*
- x-kubernetes-int-or-string: true
- source:
- description: Source contains the match criteria that apply to
- source entity.
- properties:
- namespaceSelector:
- description: "NamespaceSelector is an optional field that
- contains a selector expression. Only traffic that originates
- from (or terminates at) endpoints within the selected
- namespaces will be matched. When both NamespaceSelector
- and another selector are defined on the same rule, then
- only workload endpoints that are matched by both selectors
- will be selected by the rule. \n For NetworkPolicy, an
- empty NamespaceSelector implies that the Selector is limited
- to selecting only workload endpoints in the same namespace
- as the NetworkPolicy. \n For NetworkPolicy, `global()`
- NamespaceSelector implies that the Selector is limited
- to selecting only GlobalNetworkSet or HostEndpoint. \n
- For GlobalNetworkPolicy, an empty NamespaceSelector implies
- the Selector applies to workload endpoints across all
- namespaces."
- type: string
- nets:
- description: Nets is an optional field that restricts the
- rule to only apply to traffic that originates from (or
- terminates at) IP addresses in any of the given subnets.
- items:
- type: string
- type: array
- notNets:
- description: NotNets is the negated version of the Nets
- field.
- items:
- type: string
- type: array
- notPorts:
- description: NotPorts is the negated version of the Ports
- field. Since only some protocols have ports, if any ports
- are specified it requires the Protocol match in the Rule
- to be set to "TCP" or "UDP".
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- notSelector:
- description: NotSelector is the negated version of the Selector
- field. See Selector field for subtleties with negated
- selectors.
- type: string
- ports:
- description: "Ports is an optional field that restricts
- the rule to only apply to traffic that has a source (destination)
- port that matches one of these ranges/values. This value
- is a list of integers or strings that represent ranges
- of ports. \n Since only some protocols have ports, if
- any ports are specified it requires the Protocol match
- in the Rule to be set to \"TCP\" or \"UDP\"."
- items:
- anyOf:
- - type: integer
- - type: string
- pattern: ^.*
- x-kubernetes-int-or-string: true
- type: array
- selector:
- description: "Selector is an optional field that contains
- a selector expression (see Policy for sample syntax).
- \ Only traffic that originates from (terminates at) endpoints
- matching the selector will be matched. \n Note that: in
- addition to the negated version of the Selector (see NotSelector
- below), the selector expression syntax itself supports
- negation. The two types of negation are subtly different.
- One negates the set of matched endpoints, the other negates
- the whole match: \n \tSelector = \"!has(my_label)\" matches
- packets that are from other Calico-controlled \tendpoints
- that do not have the label \"my_label\". \n \tNotSelector
- = \"has(my_label)\" matches packets that are not from
- Calico-controlled \tendpoints that do have the label \"my_label\".
- \n The effect is that the latter will accept packets from
- non-Calico sources whereas the former is limited to packets
- from Calico-controlled endpoints."
- type: string
- serviceAccounts:
- description: ServiceAccounts is an optional field that restricts
- the rule to only apply to traffic that originates from
- (or terminates at) a pod running as a matching service
- account.
- properties:
- names:
- description: Names is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account whose name is in the list.
- items:
- type: string
- type: array
- selector:
- description: Selector is an optional field that restricts
- the rule to only apply to traffic that originates
- from (or terminates at) a pod running as a service
- account that matches the given label selector. If
- both Names and Selector are specified then they are
- AND'ed.
- type: string
- type: object
- services:
- description: "Services is an optional field that contains
- options for matching Kubernetes Services. If specified,
- only traffic that originates from or terminates at endpoints
- within the selected service(s) will be matched, and only
- to/from each endpoint's port. \n Services cannot be specified
- on the same rule as Selector, NotSelector, NamespaceSelector,
- Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
- can only be specified with Services on ingress rules."
- properties:
- name:
- description: Name specifies the name of a Kubernetes
- Service to match.
- type: string
- namespace:
- description: Namespace specifies the namespace of the
- given Service. If left empty, the rule will match
- within this policy's namespace.
- type: string
- type: object
- type: object
- required:
- - action
- type: object
- type: array
- order:
- description: Order is an optional field that specifies the order in
- which the policy is applied. Policies with higher "order" are applied
- after those with lower order. If the order is omitted, it may be
- considered to be "infinite" - i.e. the policy will be applied last. Policies
- with identical order will be applied in alphanumerical order based
- on the Policy "Name".
- type: number
- performanceHints:
- description: "PerformanceHints contains a list of hints to Calico's
- policy engine to help process the policy more efficiently. Hints
- never change the enforcement behaviour of the policy. \n Currently,
- the only available hint is \"AssumeNeededOnEveryNode\". When that
- hint is set on a policy, Felix will act as if the policy matches
- a local endpoint even if it does not. This is useful for \"preloading\"
- any large static policies that are known to be used on every node.
- If the policy is _not_ used on a particular node then the work done
- to preload the policy (and to maintain it) is wasted."
- items:
- type: string
- type: array
- selector:
- description: "The selector is an expression used to pick out the endpoints
- that the policy should be applied to. \n Selector expressions follow
- this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g.
- my_label == \"foo bar\" \tlabel != \"string_literal\" -> not
- equal; also matches if label is not present \tlabel in { \"a\",
- \"b\", \"c\", ... } -> true if the value of label X is one of
- \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... }
- \ -> true if the value of label X is not one of \"a\", \"b\", \"c\"
- \thas(label_name) -> True if that label is present \t! expr ->
- negation of expr \texpr && expr -> Short-circuit and \texpr ||
- expr -> Short-circuit or \t( expr ) -> parens for grouping \tall()
- or the empty selector -> matches all endpoints. \n Label names are
- allowed to contain alphanumerics, -, _ and /. String literals are
- more permissive but they do not support escape characters. \n Examples
- (with made-up labels): \n \ttype == \"webserver\" && deployment
- == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment !=
- \"dev\" \t! has(label_name)"
- type: string
- serviceAccountSelector:
- description: ServiceAccountSelector is an optional field for an expression
- used to select a pod based on service accounts.
- type: string
- types:
- description: "Types indicates whether this policy applies to ingress,
- or to egress, or to both. When not explicitly specified (and so
- the value on creation is empty or nil), Calico defaults Types according
- to what Ingress and Egress are present in the policy. The default
- is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including
- the case where there are also no Ingress rules) \n - [ PolicyTypeEgress
- ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress,
- PolicyTypeEgress ], if there are both Ingress and Egress rules.
- \n When the policy is read back again, Types will always be one
- of these values, never empty or nil."
- items:
- description: PolicyType enumerates the possible values of the PolicySpec
- Types field.
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/kdd-crds.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: networksets.crd.projectcalico.org
-spec:
- group: crd.projectcalico.org
- names:
- kind: NetworkSet
- listKind: NetworkSetList
- plural: networksets
- singular: networkset
- preserveUnknownFields: false
- scope: Namespaced
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: NetworkSetSpec contains the specification for a NetworkSet
- resource.
- properties:
- nets:
- description: The list of IP networks that belong to this set.
- items:
- type: string
- type: array
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-# Source: calico/templates/calico-kube-controllers-rbac.yaml
-# Include a clusterrole for the kube-controllers component,
-# and bind it to the calico-kube-controllers serviceaccount.
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: calico-kube-controllers
-rules:
- # Nodes are watched to monitor for deletions.
- - apiGroups: [""]
- resources:
- - nodes
- verbs:
- - watch
- - list
- - get
- # Pods are watched to check for existence as part of IPAM controller.
- - apiGroups: [""]
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
- # IPAM resources are manipulated in response to node and block updates, as well as periodic triggers.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - ipreservations
- verbs:
- - list
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - blockaffinities
- - ipamblocks
- - ipamhandles
- verbs:
- - get
- - list
- - create
- - update
- - delete
- - watch
- # Pools are watched to maintain a mapping of blocks to IP pools.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - ippools
- verbs:
- - list
- - watch
- # kube-controllers manages hostendpoints.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - hostendpoints
- verbs:
- - get
- - list
- - create
- - update
- - delete
- # Needs access to update clusterinformations.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - clusterinformations
- verbs:
- - get
- - list
- - create
- - update
- - watch
- # KubeControllersConfiguration is where it gets its config
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - kubecontrollersconfigurations
- verbs:
- # read its own config
- - get
- - list
- # create a default if none exists
- - create
- # update status
- - update
- # watch for changes
- - watch
----
-# Source: calico/templates/calico-node-rbac.yaml
-# Include a clusterrole for the calico-node DaemonSet,
-# and bind it to the calico-node serviceaccount.
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: calico-node
-rules:
- # Used for creating service account tokens to be used by the CNI plugin
- - apiGroups: [""]
- resources:
- - serviceaccounts/token
- resourceNames:
- - calico-cni-plugin
- verbs:
- - create
- # The CNI plugin needs to get pods, nodes, and namespaces.
- - apiGroups: [""]
- resources:
- - pods
- - nodes
- - namespaces
- verbs:
- - get
- # EndpointSlices are used for Service-based network policy rule
- # enforcement.
- - apiGroups: ["discovery.k8s.io"]
- resources:
- - endpointslices
- verbs:
- - watch
- - list
- - apiGroups: [""]
- resources:
- - endpoints
- - services
- verbs:
- # Used to discover service IPs for advertisement.
- - watch
- - list
- # Used to discover Typhas.
- - get
- # Pod CIDR auto-detection on kubeadm needs access to config maps.
- - apiGroups: [""]
- resources:
- - configmaps
- verbs:
- - get
- - apiGroups: [""]
- resources:
- - nodes/status
- verbs:
- # Needed for clearing NodeNetworkUnavailable flag.
- - patch
- # Calico stores some configuration information in node annotations.
- - update
- # Watch for changes to Kubernetes NetworkPolicies.
- - apiGroups: ["networking.k8s.io"]
- resources:
- - networkpolicies
- verbs:
- - watch
- - list
- # Used by Calico for policy information.
- - apiGroups: [""]
- resources:
- - pods
- - namespaces
- - serviceaccounts
- verbs:
- - list
- - watch
- # The CNI plugin patches pods/status.
- - apiGroups: [""]
- resources:
- - pods/status
- verbs:
- - patch
- # Calico monitors various CRDs for config.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - globalfelixconfigs
- - felixconfigurations
- - bgppeers
- - bgpfilters
- - globalbgpconfigs
- - bgpconfigurations
- - ippools
- - ipreservations
- - ipamblocks
- - globalnetworkpolicies
- - globalnetworksets
- - networkpolicies
- - networksets
- - clusterinformations
- - hostendpoints
- - blockaffinities
- - caliconodestatuses
- verbs:
- - get
- - list
- - watch
- # Calico must create and update some CRDs on startup.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - ippools
- - felixconfigurations
- - clusterinformations
- verbs:
- - create
- - update
- # Calico must update some CRDs.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - caliconodestatuses
- verbs:
- - update
- # Calico stores some configuration information on the node.
- - apiGroups: [""]
- resources:
- - nodes
- verbs:
- - get
- - list
- - watch
- # These permissions are only required for upgrade from v2.6, and can
- # be removed after upgrade or on fresh installations.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - bgpconfigurations
- - bgppeers
- verbs:
- - create
- - update
- # These permissions are required for Calico CNI to perform IPAM allocations.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - blockaffinities
- - ipamblocks
- - ipamhandles
- verbs:
- - get
- - list
- - create
- - update
- - delete
- # The CNI plugin and calico/node need to be able to create a default
- # IPAMConfiguration
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - ipamconfigs
- verbs:
- - get
- - create
- # Block affinities must also be watchable by confd for route aggregation.
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - blockaffinities
- verbs:
- - watch
- # The Calico IPAM migration needs to get daemonsets. These permissions can be
- # removed if not upgrading from an installation using host-local IPAM.
- - apiGroups: ["apps"]
- resources:
- - daemonsets
- verbs:
- - get
----
-# Source: calico/templates/calico-node-rbac.yaml
-# CNI cluster role
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: calico-cni-plugin
-rules:
- - apiGroups: [""]
- resources:
- - pods
- - nodes
- - namespaces
- verbs:
- - get
- - apiGroups: [""]
- resources:
- - pods/status
- verbs:
- - patch
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - blockaffinities
- - ipamblocks
- - ipamhandles
- - clusterinformations
- - ippools
- - ipreservations
- - ipamconfigs
- verbs:
- - get
- - list
- - create
- - update
- - delete
----
-# Source: calico/templates/calico-kube-controllers-rbac.yaml
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: calico-kube-controllers
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: calico-kube-controllers
-subjects:
-- kind: ServiceAccount
- name: calico-kube-controllers
- namespace: kube-system
----
-# Source: calico/templates/calico-node-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: calico-node
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: calico-node
-subjects:
-- kind: ServiceAccount
- name: calico-node
- namespace: kube-system
----
-# Source: calico/templates/calico-node-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: calico-cni-plugin
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: calico-cni-plugin
-subjects:
-- kind: ServiceAccount
- name: calico-cni-plugin
- namespace: kube-system
----
-# Source: calico/templates/calico-node.yaml
-# This manifest installs the calico-node container, as well
-# as the CNI plugins and network config on
-# each master and worker node in a Kubernetes cluster.
-kind: DaemonSet
-apiVersion: apps/v1
-metadata:
- name: calico-node
- namespace: kube-system
- labels:
- k8s-app: calico-node
-spec:
- selector:
- matchLabels:
- k8s-app: calico-node
- updateStrategy:
- type: RollingUpdate
- rollingUpdate:
- maxUnavailable: 1
- template:
- metadata:
- labels:
- k8s-app: calico-node
- spec:
- nodeSelector:
- kubernetes.io/os: linux
- hostNetwork: true
- tolerations:
- # Make sure calico-node gets scheduled on all nodes.
- - effect: NoSchedule
- operator: Exists
- # Mark the pod as a critical add-on for rescheduling.
- - key: CriticalAddonsOnly
- operator: Exists
- - effect: NoExecute
- operator: Exists
- serviceAccountName: calico-node
- # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
- # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
- terminationGracePeriodSeconds: 0
- priorityClassName: system-node-critical
- initContainers:
- # This container performs upgrade from host-local IPAM to calico-ipam.
- # It can be deleted if this is a fresh installation, or if you have already
- # upgraded to use calico-ipam.
- - name: upgrade-ipam
- image: docker.io/calico/cni:v3.28.3
- imagePullPolicy: IfNotPresent
- command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
- envFrom:
- - configMapRef:
- # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
- name: kubernetes-services-endpoint
- optional: true
- env:
- - name: KUBERNETES_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: CALICO_NETWORKING_BACKEND
- valueFrom:
- configMapKeyRef:
- name: calico-config
- key: calico_backend
- volumeMounts:
- - mountPath: /var/lib/cni/networks
- name: host-local-net-dir
- - mountPath: /host/opt/cni/bin
- name: cni-bin-dir
- securityContext:
- privileged: true
- # This container installs the CNI binaries
- # and CNI network config file on each node.
- - name: install-cni
- image: docker.io/calico/cni:v3.28.3
- imagePullPolicy: IfNotPresent
- command: ["/opt/cni/bin/install"]
- envFrom:
- - configMapRef:
- # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
- name: kubernetes-services-endpoint
- optional: true
- env:
- # Name of the CNI config file to create.
- - name: CNI_CONF_NAME
- value: "10-calico.conflist"
- # The CNI network config to install on each node.
- - name: CNI_NETWORK_CONFIG
- valueFrom:
- configMapKeyRef:
- name: calico-config
- key: cni_network_config
- # Set the hostname based on the k8s node name.
- - name: KUBERNETES_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- # CNI MTU Config variable
- - name: CNI_MTU
- valueFrom:
- configMapKeyRef:
- name: calico-config
- key: veth_mtu
- # Prevents the container from sleeping forever.
- - name: SLEEP
- value: "false"
- volumeMounts:
- - mountPath: /host/opt/cni/bin
- name: cni-bin-dir
- - mountPath: /host/etc/cni/net.d
- name: cni-net-dir
- securityContext:
- privileged: true
- # This init container mounts the necessary filesystems needed by the BPF data plane
- # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
- # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
- - name: "mount-bpffs"
- image: docker.io/calico/node:v3.28.3
- imagePullPolicy: IfNotPresent
- command: ["calico-node", "-init", "-best-effort"]
- volumeMounts:
- - mountPath: /sys/fs
- name: sys-fs
- # Bidirectional is required to ensure that the new mount we make at /sys/fs/bpf propagates to the host
- # so that it outlives the init container.
- mountPropagation: Bidirectional
- - mountPath: /var/run/calico
- name: var-run-calico
- # Bidirectional is required to ensure that the new mount we make at /run/calico/cgroup propagates to the host
- # so that it outlives the init container.
- mountPropagation: Bidirectional
- # Mount /proc/ from host which usually is an init program at /nodeproc. It's needed by mountns binary,
- # executed by calico-node, to mount root cgroup2 fs at /run/calico/cgroup to attach CTLB programs correctly.
- - mountPath: /nodeproc
- name: nodeproc
- readOnly: true
- securityContext:
- privileged: true
- containers:
- # Runs calico-node container on each Kubernetes node. This
- # container programs network policy and routes on each
- # host.
- - name: calico-node
- image: docker.io/calico/node:v3.28.3
- imagePullPolicy: IfNotPresent
- envFrom:
- - configMapRef:
- # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
- name: kubernetes-services-endpoint
- optional: true
- env:
- # Use Kubernetes API as the backing datastore.
- - name: DATASTORE_TYPE
- value: "kubernetes"
- # Wait for the datastore.
- - name: WAIT_FOR_DATASTORE
- value: "true"
- # Set based on the k8s node name.
- - name: NODENAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- # Choose the backend to use.
- - name: CALICO_NETWORKING_BACKEND
- valueFrom:
- configMapKeyRef:
- name: calico-config
- key: calico_backend
- # Cluster type to identify the deployment type
- - name: CLUSTER_TYPE
- value: "k8s,bgp"
- # Auto-detect the BGP IP address.
- - name: IP
- value: "autodetect"
- # Enable IPIP
- - name: CALICO_IPV4POOL_IPIP
- value: "Always"
- # Enable or Disable VXLAN on the default IP pool.
- - name: CALICO_IPV4POOL_VXLAN
- value: "Never"
- # Enable or Disable VXLAN on the default IPv6 IP pool.
- - name: CALICO_IPV6POOL_VXLAN
- value: "Never"
- # Set MTU for tunnel device used if ipip is enabled
- - name: FELIX_IPINIPMTU
- valueFrom:
- configMapKeyRef:
- name: calico-config
- key: veth_mtu
- # Set MTU for the VXLAN tunnel device.
- - name: FELIX_VXLANMTU
- valueFrom:
- configMapKeyRef:
- name: calico-config
- key: veth_mtu
- # Set MTU for the Wireguard tunnel device.
- - name: FELIX_WIREGUARDMTU
- valueFrom:
- configMapKeyRef:
- name: calico-config
- key: veth_mtu
- # The default IPv4 pool to create on startup if none exists. Pod IPs will be
- # chosen from this range. Changing this value after installation will have
- # no effect. This should fall within `--cluster-cidr`.
- # - name: CALICO_IPV4POOL_CIDR
- # value: "192.168.0.0/16"
- # Disable file logging so `kubectl logs` works.
- - name: CALICO_DISABLE_FILE_LOGGING
- value: "true"
- # Set Felix endpoint to host default action to ACCEPT.
- - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
- value: "ACCEPT"
- # Disable IPv6 on Kubernetes.
- - name: FELIX_IPV6SUPPORT
- value: "false"
- - name: FELIX_HEALTHENABLED
- value: "true"
- securityContext:
- privileged: true
- resources:
- requests:
- cpu: 250m
- lifecycle:
- preStop:
- exec:
- command:
- - /bin/calico-node
- - -shutdown
- livenessProbe:
- exec:
- command:
- - /bin/calico-node
- - -felix-live
- - -bird-live
- periodSeconds: 10
- initialDelaySeconds: 10
- failureThreshold: 6
- timeoutSeconds: 10
- readinessProbe:
- exec:
- command:
- - /bin/calico-node
- - -felix-ready
- - -bird-ready
- periodSeconds: 10
- timeoutSeconds: 10
- volumeMounts:
- # For maintaining CNI plugin API credentials.
- - mountPath: /host/etc/cni/net.d
- name: cni-net-dir
- readOnly: false
- - mountPath: /lib/modules
- name: lib-modules
- readOnly: true
- - mountPath: /run/xtables.lock
- name: xtables-lock
- readOnly: false
- - mountPath: /var/run/calico
- name: var-run-calico
- readOnly: false
- - mountPath: /var/lib/calico
- name: var-lib-calico
- readOnly: false
- - name: policysync
- mountPath: /var/run/nodeagent
- # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the
- # parent directory.
- - name: bpffs
- mountPath: /sys/fs/bpf
- - name: cni-log-dir
- mountPath: /var/log/calico/cni
- readOnly: true
- volumes:
- # Used by calico-node.
- - name: lib-modules
- hostPath:
- path: /lib/modules
- - name: var-run-calico
- hostPath:
- path: /var/run/calico
- type: DirectoryOrCreate
- - name: var-lib-calico
- hostPath:
- path: /var/lib/calico
- type: DirectoryOrCreate
- - name: xtables-lock
- hostPath:
- path: /run/xtables.lock
- type: FileOrCreate
- - name: sys-fs
- hostPath:
- path: /sys/fs/
- type: DirectoryOrCreate
- - name: bpffs
- hostPath:
- path: /sys/fs/bpf
- type: Directory
- # mount /proc at /nodeproc to be used by mount-bpffs initContainer to mount root cgroup2 fs.
- - name: nodeproc
- hostPath:
- path: /proc
- # Used to install CNI.
- - name: cni-bin-dir
- hostPath:
- path: /opt/cni/bin
- type: DirectoryOrCreate
- - name: cni-net-dir
- hostPath:
- path: /etc/cni/net.d
- # Used to access CNI logs.
- - name: cni-log-dir
- hostPath:
- path: /var/log/calico/cni
- # Mount in the directory for host-local IPAM allocations. This is
- # used when upgrading from host-local to calico-ipam, and can be removed
- # if not using the upgrade-ipam init container.
- - name: host-local-net-dir
- hostPath:
- path: /var/lib/cni/networks
- # Used to create per-pod Unix Domain Sockets
- - name: policysync
- hostPath:
- type: DirectoryOrCreate
- path: /var/run/nodeagent
----
-# Source: calico/templates/calico-kube-controllers.yaml
-# See https://github.com/projectcalico/kube-controllers
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: calico-kube-controllers
- namespace: kube-system
- labels:
- k8s-app: calico-kube-controllers
-spec:
- # The controllers can only have a single active instance.
- replicas: 1
- selector:
- matchLabels:
- k8s-app: calico-kube-controllers
- strategy:
- type: Recreate
- template:
- metadata:
- name: calico-kube-controllers
- namespace: kube-system
- labels:
- k8s-app: calico-kube-controllers
- spec:
- nodeSelector:
- kubernetes.io/os: linux
- tolerations:
- # Mark the pod as a critical add-on for rescheduling.
- - key: CriticalAddonsOnly
- operator: Exists
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
- - key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
- serviceAccountName: calico-kube-controllers
- priorityClassName: system-cluster-critical
- containers:
- - name: calico-kube-controllers
- image: docker.io/calico/kube-controllers:v3.28.3
- imagePullPolicy: IfNotPresent
- env:
- # Choose which controllers to run.
- - name: ENABLED_CONTROLLERS
- value: node
- - name: DATASTORE_TYPE
- value: kubernetes
- livenessProbe:
- exec:
- command:
- - /usr/bin/check-status
- - -l
- periodSeconds: 10
- initialDelaySeconds: 10
- failureThreshold: 6
- timeoutSeconds: 10
- readinessProbe:
- exec:
- command:
- - /usr/bin/check-status
- - -r
- periodSeconds: 10
+++ /dev/null
-apiVersion: v1
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: system:cloud-node-controller
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:cloud-node-controller
- subjects:
- - kind: ServiceAccount
- name: cloud-node-controller
- namespace: kube-system
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: system:cloud-controller-manager
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:cloud-controller-manager
- subjects:
- - kind: ServiceAccount
- name: cloud-controller-manager
- namespace: kube-system
-kind: List
-metadata: {}
\ No newline at end of file
+++ /dev/null
-apiVersion: v1
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: system:cloud-controller-manager
- rules:
- - apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - create
- - update
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
- - update
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - nodes/status
- verbs:
- - patch
- - apiGroups:
- - ""
- resources:
- - services
- verbs:
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - ""
- resources:
- - services/status
- verbs:
- - patch
- - apiGroups:
- - ""
- resources:
- - serviceaccounts
- verbs:
- - create
- - get
- - apiGroups:
- - ""
- resources:
- - serviceaccounts/token
- verbs:
- - create
- - apiGroups:
- - ""
- resources:
- - persistentvolumes
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - endpoints
- verbs:
- - create
- - get
- - list
- - watch
- - update
- - apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - list
- - get
- - watch
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: system:cloud-node-controller
- rules:
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - nodes/status
- verbs:
- - patch
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
- - update
-kind: List
-metadata: {}
+++ /dev/null
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: cloud-controller-manager
- namespace: kube-system
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: openstack-cloud-controller-manager
- namespace: kube-system
- labels:
- k8s-app: openstack-cloud-controller-manager
-spec:
- selector:
- matchLabels:
- k8s-app: openstack-cloud-controller-manager
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- k8s-app: openstack-cloud-controller-manager
- spec:
- nodeSelector:
- node-role.kubernetes.io/control-plane: ""
- securityContext:
- runAsUser: 1001
- tolerations:
- - key: node.cloudprovider.kubernetes.io/uninitialized
- value: "true"
- effect: NoSchedule
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
- - key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
- serviceAccountName: cloud-controller-manager
- containers:
- - name: openstack-cloud-controller-manager
- image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.31.2
- args:
- - /bin/openstack-cloud-controller-manager
- - --v=1
- - --cluster-name=$(CLUSTER_NAME)
- - --cloud-config=$(CLOUD_CONFIG)
- - --cloud-provider=openstack
- - --use-service-account-credentials=false
- - --bind-address=127.0.0.1
- volumeMounts:
- - mountPath: /etc/kubernetes/pki
- name: k8s-certs
- readOnly: true
- - mountPath: /etc/ssl/certs
- name: ca-certs
- readOnly: true
- - mountPath: /etc/config
- name: cloud-config-volume
- readOnly: true
- resources:
- requests:
- cpu: 200m
- env:
- - name: CLOUD_CONFIG
- value: /etc/config/cloud.conf
- - name: CLUSTER_NAME
- value: kubernetes
- dnsPolicy: ClusterFirst
- hostNetwork: true
- volumes:
- - hostPath:
- path: /etc/kubernetes/pki
- type: DirectoryOrCreate
- name: k8s-certs
- - hostPath:
- path: /etc/ssl/certs
- type: DirectoryOrCreate
- name: ca-certs
- - name: cloud-config-volume
- secret:
- secretName: cloud-config
+++ /dev/null
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- control-plane: controller-manager
- name: capi-system
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-selfsigned-issuer
- namespace: capi-system
-spec:
- selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-serving-cert
- namespace: capi-system
-spec:
- dnsNames:
- - capi-webhook-service.capi-system.svc
- - capi-webhook-service.capi-system.svc.cluster.local
- issuerRef:
- kind: Issuer
- name: capi-selfsigned-issuer
- secretName: capi-webhook-service-cert
- subject:
- organizations:
- - k8s-sig-cluster-lifecycle
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: clusterclasses.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: ClusterClass
- listKind: ClusterClassList
- plural: clusterclasses
- shortNames:
- - cc
- singular: clusterclass
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Time duration since creation of ClusterClass
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- ClusterClass is a template which can be used to create managed topologies.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterClassSpec describes the desired state of the ClusterClass.
- properties:
- controlPlane:
- description: |-
- controlPlane is a reference to a local struct that holds the details
- for provisioning the Control Plane for the Cluster.
- properties:
- machineInfrastructure:
- description: |-
- MachineTemplate defines the metadata and infrastructure information
- for control plane machines.
-
- This field is supported if and only if the control plane provider template
- referenced above is Machine based and supports setting replicas.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- metadata:
- description: |-
- metadata is the metadata applied to the machines of the ControlPlane.
- At runtime this metadata is merged with the corresponding metadata from the topology.
-
- This field is supported if and only if the control plane provider template
- referenced is Machine based.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- infrastructure:
- description: |-
- infrastructure is a reference to a provider-specific template that holds
- the details for provisioning infrastructure specific cluster
- for the underlying provider.
- The underlying provider is responsible for the implementation
- of the template to an infrastructure cluster.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- workers:
- description: |-
- workers describes the worker nodes for the cluster.
- It is a collection of node types which can be used to create
- the worker nodes of the cluster.
- properties:
- machineDeployments:
- description: |-
- machineDeployments is a list of machine deployment classes that can be used to create
- a set of worker nodes.
- items:
- description: |-
- MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster
- provisioned using the `ClusterClass`.
- properties:
- class:
- description: |-
- class denotes a type of worker node present in the cluster,
- this name MUST be unique within a ClusterClass and can be referenced
- in the Cluster to create a managed MachineDeployment.
- type: string
- template:
- description: |-
- template is a local struct containing a collection of templates for creation of
- MachineDeployment objects representing a set of worker nodes.
- properties:
- bootstrap:
- description: |-
- bootstrap contains the bootstrap template reference to be used
- for the creation of worker Machines.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- infrastructure:
- description: |-
- infrastructure contains the infrastructure template reference to be used
- for the creation of worker Machines.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- metadata:
- description: |-
- metadata is the metadata applied to the machines of the MachineDeployment.
- At runtime this metadata is merged with the corresponding metadata from the topology.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- required:
- - bootstrap
- - infrastructure
- type: object
- required:
- - class
- - template
- type: object
- type: array
- type: object
- type: object
- type: object
- served: false
- storage: false
- subresources: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of ClusterClass
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: ClusterClass is a template which can be used to create managed
- topologies.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterClassSpec describes the desired state of the ClusterClass.
- properties:
- controlPlane:
- description: |-
- controlPlane is a reference to a local struct that holds the details
- for provisioning the Control Plane for the Cluster.
- properties:
- machineHealthCheck:
- description: |-
- machineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass.
- This field is supported if and only if the ControlPlane provider template
- referenced above is Machine based and supports setting replicas.
- properties:
- maxUnhealthy:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
- "selector" are not healthy.
- x-kubernetes-int-or-string: true
- nodeStartupTimeout:
- description: |-
- nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
- to consider a Machine unhealthy if a corresponding Node isn't associated
- through a `Spec.ProviderID` field.
-
- The duration set in this field is compared to the greatest of:
- - Cluster's infrastructure ready condition timestamp (if and when available)
- - Control Plane's initialized condition timestamp (if and when available)
- - Machine's infrastructure ready condition timestamp (if and when available)
- - Machine's metadata creation timestamp
-
- Defaults to 10 minutes.
- If you wish to disable this feature, set the value explicitly to 0.
- type: string
- remediationTemplate:
- description: |-
- remediationTemplate is a reference to a remediation template
- provided by an infrastructure provider.
-
- This field is completely optional, when filled, the MachineHealthCheck controller
- creates a new object from the template referenced and hands off remediation of the machine to
- a controller that lives outside of Cluster API.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- unhealthyConditions:
- description: |-
- unhealthyConditions contains a list of the conditions that determine
- whether a node is considered unhealthy. The conditions are combined in a
- logical OR, i.e. if any of the conditions is met, the node is unhealthy.
- items:
- description: |-
- UnhealthyCondition represents a Node condition type and value with a timeout
- specified as a duration. When the named condition has been in the given
- status for at least the timeout value, a node is considered unhealthy.
- properties:
- status:
- minLength: 1
- type: string
- timeout:
- type: string
- type:
- minLength: 1
- type: string
- required:
- - status
- - timeout
- - type
- type: object
- type: array
- unhealthyRange:
- description: |-
- Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
- is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
- Eg. "[3-5]" - This means that remediation will be allowed only when:
- (a) there are at least 3 unhealthy machines (and)
- (b) there are at most 5 unhealthy machines
- pattern: ^\[[0-9]+-[0-9]+\]$
- type: string
- type: object
- machineInfrastructure:
- description: |-
- machineInfrastructure defines the metadata and infrastructure information
- for control plane machines.
-
- This field is supported if and only if the control plane provider template
- referenced above is Machine based and supports setting replicas.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- metadata:
- description: |-
- metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane
- if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the
- ControlPlane.
- At runtime this metadata is merged with the corresponding metadata from the topology.
-
- This field is supported if and only if the control plane provider template
- referenced is Machine based.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- namingStrategy:
- description: namingStrategy allows changing the naming pattern
- used when creating the control plane provider object.
- properties:
- template:
- description: |-
- template defines the template to use for generating the name of the ControlPlane object.
- If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`.
- If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will
- get concatenated with a random suffix of length 5.
- The templating mechanism provides the following arguments:
- * `.cluster.name`: The name of the cluster object.
- * `.random`: A random alphanumeric string, without vowels, of length 5.
- type: string
- type: object
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- NOTE: This value can be overridden while defining a Cluster.Topology.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- NOTE: This value can be overridden while defining a Cluster.Topology.
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- NOTE: This value can be overridden while defining a Cluster.Topology.
- type: string
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- infrastructure:
- description: |-
- infrastructure is a reference to a provider-specific template that holds
- the details for provisioning infrastructure specific cluster
- for the underlying provider.
- The underlying provider is responsible for the implementation
- of the template to an infrastructure cluster.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- patches:
- description: |-
- patches defines the patches which are applied to customize
- referenced templates of a ClusterClass.
- Note: Patches will be applied in the order of the array.
- items:
- description: ClusterClassPatch defines a patch which is applied
- to customize the referenced templates.
- properties:
- definitions:
- description: |-
- definitions define inline patches.
- Note: Patches will be applied in the order of the array.
- Note: Exactly one of Definitions or External must be set.
- items:
- description: PatchDefinition defines a patch which is applied
- to customize the referenced templates.
- properties:
- jsonPatches:
- description: |-
- jsonPatches defines the patches which should be applied on the templates
- matching the selector.
- Note: Patches will be applied in the order of the array.
- items:
- description: JSONPatch defines a JSON patch.
- properties:
- op:
- description: |-
- op defines the operation of the patch.
- Note: Only `add`, `replace` and `remove` are supported.
- type: string
- path:
- description: |-
- path defines the path of the patch.
- Note: Only the spec of a template can be patched, thus the path has to start with /spec/.
- Note: For now the only allowed array modifications are `append` and `prepend`, i.e.:
- * for op: `add`: only index 0 (prepend) and - (append) are allowed
- * for op: `replace` or `remove`: no indexes are allowed
- type: string
- value:
- description: |-
- value defines the value of the patch.
- Note: Either Value or ValueFrom is required for add and replace
- operations. Only one of them is allowed to be set at the same time.
- Note: We have to use apiextensionsv1.JSON instead of our JSON type,
- because controller-tools has a hard-coded schema for apiextensionsv1.JSON
- which cannot be produced by another type (unset type field).
- Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
- x-kubernetes-preserve-unknown-fields: true
- valueFrom:
- description: |-
- valueFrom defines the value of the patch.
- Note: Either Value or ValueFrom is required for add and replace
- operations. Only one of them is allowed to be set at the same time.
- properties:
- template:
- description: |-
- template is the Go template to be used to calculate the value.
- A template can reference variables defined in .spec.variables and builtin variables.
- Note: The template must evaluate to a valid YAML or JSON value.
- type: string
- variable:
- description: |-
- variable is the variable to be used as value.
- Variable can be one of the variables defined in .spec.variables or a builtin variable.
- type: string
- type: object
- required:
- - op
- - path
- type: object
- type: array
- selector:
- description: selector defines on which templates the patch
- should be applied.
- properties:
- apiVersion:
- description: apiVersion filters templates by apiVersion.
- type: string
- kind:
- description: kind filters templates by kind.
- type: string
- matchResources:
- description: matchResources selects templates based
- on where they are referenced.
- properties:
- controlPlane:
- description: |-
- controlPlane selects templates referenced in .spec.ControlPlane.
- Note: this will match the controlPlane and also the controlPlane
- machineInfrastructure (depending on the kind and apiVersion).
- type: boolean
- infrastructureCluster:
- description: infrastructureCluster selects templates
- referenced in .spec.infrastructure.
- type: boolean
- machineDeploymentClass:
- description: |-
- machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in
- .spec.workers.machineDeployments.
- properties:
- names:
- description: names selects templates by class
- names.
- items:
- type: string
- type: array
- type: object
- machinePoolClass:
- description: |-
- machinePoolClass selects templates referenced in specific MachinePoolClasses in
- .spec.workers.machinePools.
- properties:
- names:
- description: names selects templates by class
- names.
- items:
- type: string
- type: array
- type: object
- type: object
- required:
- - apiVersion
- - kind
- - matchResources
- type: object
- required:
- - jsonPatches
- - selector
- type: object
- type: array
- description:
- description: description is a human-readable description of
- this patch.
- type: string
- enabledIf:
- description: |-
- enabledIf is a Go template to be used to calculate if a patch should be enabled.
- It can reference variables defined in .spec.variables and builtin variables.
- The patch will be enabled if the template evaluates to `true`, otherwise it will
- be disabled.
- If EnabledIf is not set, the patch will be enabled per default.
- type: string
- external:
- description: |-
- external defines an external patch.
- Note: Exactly one of Definitions or External must be set.
- properties:
- discoverVariablesExtension:
- description: discoverVariablesExtension references an extension
- which is called to discover variables.
- type: string
- generateExtension:
- description: generateExtension references an extension which
- is called to generate patches.
- type: string
- settings:
- additionalProperties:
- type: string
- description: |-
- settings defines key value pairs to be passed to the extensions.
- Values defined here take precedence over the values defined in the
- corresponding ExtensionConfig.
- type: object
- validateExtension:
- description: validateExtension references an extension which
- is called to validate the topology.
- type: string
- type: object
- name:
- description: name of the patch.
- type: string
- required:
- - name
- type: object
- type: array
- variables:
- description: |-
- variables defines the variables which can be configured
- in the Cluster topology and are then used in patches.
- items:
- description: |-
- ClusterClassVariable defines a variable which can
- be configured in the Cluster topology and used in patches.
- properties:
- metadata:
- description: |-
- metadata is the metadata of a variable.
- It can be used to add additional data for higher level tools to
- a ClusterClassVariable.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please use XMetadata in JSONSchemaProps instead.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map that can be used to store and
- retrieve arbitrary metadata.
- They are not queryable.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) variables.
- type: object
- type: object
- name:
- description: name of the variable.
- type: string
- required:
- description: |-
- required specifies if the variable is required.
- Note: this applies to the variable as a whole and thus the
- top-level object defined in the schema. If nested fields are
- required, this will be specified inside the schema.
- type: boolean
- schema:
- description: schema defines the schema of the variable.
- properties:
- openAPIV3Schema:
- description: |-
- openAPIV3Schema defines the schema of a variable via OpenAPI v3
- schema. The schema is a subset of the schema used in
- Kubernetes CRDs.
- properties:
- additionalProperties:
- description: |-
- additionalProperties specifies the schema of values in a map (keys are always strings).
- NOTE: Can only be set if type is object.
- NOTE: AdditionalProperties is mutually exclusive with Properties.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- allOf:
- description: |-
- allOf specifies that the variable must validate against all of the subschemas in the array.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- anyOf:
- description: |-
- anyOf specifies that the variable must validate against one or more of the subschemas in the array.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- default:
- description: |-
- default is the default value of the variable.
- NOTE: Can be set for all types.
- x-kubernetes-preserve-unknown-fields: true
- description:
- description: description is a human-readable description
- of this variable.
- type: string
- enum:
- description: |-
- enum is the list of valid values of the variable.
- NOTE: Can be set for all types.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- example:
- description: example is an example for this variable.
- x-kubernetes-preserve-unknown-fields: true
- exclusiveMaximum:
- description: |-
- exclusiveMaximum specifies if the Maximum is exclusive.
- NOTE: Can only be set if type is integer or number.
- type: boolean
- exclusiveMinimum:
- description: |-
- exclusiveMinimum specifies if the Minimum is exclusive.
- NOTE: Can only be set if type is integer or number.
- type: boolean
- format:
- description: |-
- format is an OpenAPI v3 format string. Unknown formats are ignored.
- For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using)
- https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go
- NOTE: Can only be set if type is string.
- type: string
- items:
- description: |-
- items specifies fields of an array.
- NOTE: Can only be set if type is array.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- maxItems:
- description: |-
- maxItems is the max length of an array variable.
- NOTE: Can only be set if type is array.
- format: int64
- type: integer
- maxLength:
- description: |-
- maxLength is the max length of a string variable.
- NOTE: Can only be set if type is string.
- format: int64
- type: integer
- maxProperties:
- description: |-
- maxProperties is the maximum amount of entries in a map or properties in an object.
- NOTE: Can only be set if type is object.
- format: int64
- type: integer
- maximum:
- description: |-
- maximum is the maximum of an integer or number variable.
- If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum.
- If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum.
- NOTE: Can only be set if type is integer or number.
- format: int64
- type: integer
- minItems:
- description: |-
- minItems is the min length of an array variable.
- NOTE: Can only be set if type is array.
- format: int64
- type: integer
- minLength:
- description: |-
- minLength is the min length of a string variable.
- NOTE: Can only be set if type is string.
- format: int64
- type: integer
- minProperties:
- description: |-
- minProperties is the minimum amount of entries in a map or properties in an object.
- NOTE: Can only be set if type is object.
- format: int64
- type: integer
- minimum:
- description: |-
- minimum is the minimum of an integer or number variable.
- If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum.
- If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum.
- NOTE: Can only be set if type is integer or number.
- format: int64
- type: integer
- not:
- description: |-
- not specifies that the variable must not validate against the subschema.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- oneOf:
- description: |-
- oneOf specifies that the variable must validate against exactly one of the subschemas in the array.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- pattern:
- description: |-
- pattern is the regex which a string variable must match.
- NOTE: Can only be set if type is string.
- type: string
- properties:
- description: |-
- properties specifies fields of an object.
- NOTE: Can only be set if type is object.
- NOTE: Properties is mutually exclusive with AdditionalProperties.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- required:
- description: |-
- required specifies which fields of an object are required.
- NOTE: Can only be set if type is object.
- items:
- type: string
- type: array
- type:
- description: |-
- type is the type of the variable.
- Valid values are: object, array, string, integer, number or boolean.
- type: string
- uniqueItems:
- description: |-
- uniqueItems specifies if items in an array must be unique.
- NOTE: Can only be set if type is array.
- type: boolean
- x-kubernetes-int-or-string:
- description: |-
- x-kubernetes-int-or-string specifies that this value is
- either an integer or a string. If this is true, an empty
- type is allowed and type as child of anyOf is permitted
- if following one of the following patterns:
-
- 1) anyOf:
- - type: integer
- - type: string
- 2) allOf:
- - anyOf:
- - type: integer
- - type: string
- - ... zero or more
- type: boolean
- x-kubernetes-preserve-unknown-fields:
- description: |-
- x-kubernetes-preserve-unknown-fields allows setting fields in a variable object
- which are not defined in the variable schema. This affects fields recursively,
- except if nested properties or additionalProperties are specified in the schema.
- type: boolean
- x-kubernetes-validations:
- description: x-kubernetes-validations describes a list
- of validation rules written in the CEL expression
- language.
- items:
- description: ValidationRule describes a validation
- rule written in the CEL expression language.
- properties:
- fieldPath:
- description: |-
- fieldPath represents the field path returned when the validation fails.
- It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.
- e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`
- If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`
- It does not support list numeric index.
- It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.
- Numeric index of array is not supported.
- For field name which contains special characters, use `['specialName']` to refer the field name.
- e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`
- type: string
- message:
- description: |-
- message represents the message displayed when validation fails. The message is required if the Rule contains
- line breaks. The message must not contain line breaks.
- If unset, the message is "failed rule: {Rule}".
- e.g. "must be a URL with the host matching spec.host"
- type: string
- messageExpression:
- description: |-
- messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
- Since messageExpression is used as a failure message, it must evaluate to a string.
- If both message and messageExpression are present on a rule, then messageExpression will be used if validation
- fails. If messageExpression results in a runtime error, the validation failure message is produced
- as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
- that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset.
- messageExpression has access to all the same variables as the rule; the only difference is the return type.
- Example:
- "x must be less than max ("+string(self.max)+")"
- type: string
- reason:
- default: FieldValueInvalid
- description: |-
- reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.
- The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate".
- If not set, default to use "FieldValueInvalid".
- All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.
- enum:
- - FieldValueInvalid
- - FieldValueForbidden
- - FieldValueRequired
- - FieldValueDuplicate
- type: string
- rule:
- description: "rule represents the expression which
- will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe
- Rule is scoped to the location of the x-kubernetes-validations
- extension in the schema.\nThe `self` variable
- in the CEL expression is bound to the scoped
- value.\nIf the Rule is scoped to an object with
- properties, the accessible properties of the
- object are field selectable\nvia `self.field`
- and field presence can be checked via `has(self.field)`.\nIf
- the Rule is scoped to an object with additionalProperties
- (i.e. a map) the value of the map\nare accessible
- via `self[mapKey]`, map containment can be checked
- via `mapKey in self` and all entries of the
- map\nare accessible via CEL macros and functions
- such as `self.all(...)`.\nIf the Rule is scoped
- to an array, the elements of the array are accessible
- via `self[i]` and also by macros and\nfunctions.\nIf
- the Rule is scoped to a scalar, `self` is bound
- to the scalar value.\nExamples:\n- Rule scoped
- to a map of objects: {\"rule\": \"self.components['Widget'].priority
- < 10\"}\n- Rule scoped to a list of integers:
- {\"rule\": \"self.values.all(value, value >=
- 0 && value < 100)\"}\n- Rule scoped to a string
- value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown
- data preserved in custom resources via x-kubernetes-preserve-unknown-fields
- is not accessible in CEL\nexpressions. This
- includes:\n- Unknown field values that are preserved
- by object schemas with x-kubernetes-preserve-unknown-fields.\n-
- Object properties where the property schema
- is of an \"unknown type\". An \"unknown type\"
- is recursively defined as:\n - A schema with
- no type and x-kubernetes-preserve-unknown-fields
- set to true\n - An array where the items schema
- is of an \"unknown type\"\n - An object where
- the additionalProperties schema is of an \"unknown
- type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`
- are accessible.\nAccessible property names are
- escaped according to the following rules when
- accessed in the expression:\n- '__' escapes
- to '__underscores__'\n- '.' escapes to '__dot__'\n-
- '-' escapes to '__dash__'\n- '/' escapes to
- '__slash__'\n- Property names that exactly match
- a CEL RESERVED keyword escape to '__{keyword}__'.
- The keywords are:\n\t \"true\", \"false\",
- \"null\", \"in\", \"as\", \"break\", \"const\",
- \"continue\", \"else\", \"for\", \"function\",
- \"if\",\n\t \"import\", \"let\", \"loop\",
- \"package\", \"namespace\", \"return\".\nExamples:\n
- \ - Rule accessing a property named \"namespace\":
- {\"rule\": \"self.__namespace__ > 0\"}\n -
- Rule accessing a property named \"x-prop\":
- {\"rule\": \"self.x__dash__prop > 0\"}\n -
- Rule accessing a property named \"redact__d\":
- {\"rule\": \"self.redact__underscores__d > 0\"}\n\nIf
- `rule` makes use of the `oldSelf` variable it
- is implicitly a\n`transition rule`.\n\nBy default,
- the `oldSelf` variable is the same type as `self`.\n\nTransition
- rules by default are applied only on UPDATE
- requests and are\nskipped if an old value could
- not be found."
- type: string
- required:
- - rule
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - rule
- x-kubernetes-list-type: map
- x-metadata:
- description: |-
- x-metadata is the metadata of a variable or a nested field within a variable.
- It can be used to add additional data for higher level tools.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map that can be used to store and
- retrieve arbitrary metadata.
- They are not queryable.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) variables.
- type: object
- type: object
- type: object
- required:
- - openAPIV3Schema
- type: object
- required:
- - name
- - required
- - schema
- type: object
- type: array
- workers:
- description: |-
- workers describes the worker nodes for the cluster.
- It is a collection of node types which can be used to create
- the worker nodes of the cluster.
- properties:
- machineDeployments:
- description: |-
- machineDeployments is a list of machine deployment classes that can be used to create
- a set of worker nodes.
- items:
- description: |-
- MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster
- provisioned using the `ClusterClass`.
- properties:
- class:
- description: |-
- class denotes a type of worker node present in the cluster,
- this name MUST be unique within a ClusterClass and can be referenced
- in the Cluster to create a managed MachineDeployment.
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machines will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
- type: string
- machineHealthCheck:
- description: machineHealthCheck defines a MachineHealthCheck
- for this MachineDeploymentClass.
- properties:
- maxUnhealthy:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
- "selector" are not healthy.
- x-kubernetes-int-or-string: true
- nodeStartupTimeout:
- description: |-
- nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
- to consider a Machine unhealthy if a corresponding Node isn't associated
- through a `Spec.ProviderID` field.
-
- The duration set in this field is compared to the greatest of:
- - Cluster's infrastructure ready condition timestamp (if and when available)
- - Control Plane's initialized condition timestamp (if and when available)
- - Machine's infrastructure ready condition timestamp (if and when available)
- - Machine's metadata creation timestamp
-
- Defaults to 10 minutes.
- If you wish to disable this feature, set the value explicitly to 0.
- type: string
- remediationTemplate:
- description: |-
- remediationTemplate is a reference to a remediation template
- provided by an infrastructure provider.
-
- This field is completely optional, when filled, the MachineHealthCheck controller
- creates a new object from the template referenced and hands off remediation of the machine to
- a controller that lives outside of Cluster API.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- unhealthyConditions:
- description: |-
- unhealthyConditions contains a list of the conditions that determine
- whether a node is considered unhealthy. The conditions are combined in a
- logical OR, i.e. if any of the conditions is met, the node is unhealthy.
- items:
- description: |-
- UnhealthyCondition represents a Node condition type and value with a timeout
- specified as a duration. When the named condition has been in the given
- status for at least the timeout value, a node is considered unhealthy.
- properties:
- status:
- minLength: 1
- type: string
- timeout:
- type: string
- type:
- minLength: 1
- type: string
- required:
- - status
- - timeout
- - type
- type: object
- type: array
- unhealthyRange:
- description: |-
- Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
- is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
- Eg. "[3-5]" - This means that remediation will be allowed only when:
- (a) there are at least 3 unhealthy machines (and)
- (b) there are at most 5 unhealthy machines
- pattern: ^\[[0-9]+-[0-9]+\]$
- type: string
- type: object
- minReadySeconds:
- description: |-
- Minimum number of seconds for which a newly created machine should
- be ready.
- Defaults to 0 (machine will be considered available as soon as it
- is ready)
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
- format: int32
- type: integer
- namingStrategy:
- description: namingStrategy allows changing the naming pattern
- used when creating the MachineDeployment.
- properties:
- template:
- description: |-
- template defines the template to use for generating the name of the MachineDeployment object.
- If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`.
- If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will
- get concatenated with a random suffix of length 5.
- The templating mechanism provides the following arguments:
- * `.cluster.name`: The name of the cluster object.
- * `.random`: A random alphanumeric string, without vowels, of length 5.
- * `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).
- type: string
- type: object
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
- type: string
- strategy:
- description: |-
- The deployment strategy to use to replace existing machines with
- new ones.
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
- properties:
- remediation:
- description: |-
- remediation controls the strategy of remediating unhealthy machines
- and how remediating operations should occur during the lifecycle of the dependant MachineSets.
- properties:
- maxInFlight:
- anyOf:
- - type: integer
- - type: string
- description: |-
- maxInFlight determines how many in flight remediations should happen at the same time.
-
- Remediation only happens on the MachineSet with the most current revision, while
- older MachineSets (usually present during rollout operations) aren't allowed to remediate.
-
- Note: In general (independent of remediations), unhealthy machines are always
- prioritized during scale down operations over healthy ones.
-
- MaxInFlight can be set to a fixed number or a percentage.
- Example: when this is set to 20%, the MachineSet controller deletes at most 20% of
- the desired replicas.
-
- If not set, remediation is limited to all machines (bounded by replicas)
- under the active MachineSet's management.
- x-kubernetes-int-or-string: true
- type: object
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- MachineDeploymentStrategyType = RollingUpdate.
- properties:
- deletePolicy:
- description: |-
- deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
- Valid values are "Random, "Newest", "Oldest"
- When no value is supplied, the default DeletePolicy of MachineSet is used
- enum:
- - Random
- - Newest
- - Oldest
- type: string
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be scheduled above the
- desired number of machines.
- Value can be an absolute number (ex: 5) or a percentage of
- desired machines (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 1.
- Example: when this is set to 30%, the new MachineSet can be scaled
- up immediately when the rolling update starts, such that the total
- number of old and new machines do not exceed 130% of desired
- machines. Once old machines have been killed, new MachineSet can
- be scaled up further, ensuring that total number of machines running
- at any time during the update is at most 130% of desired machines.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired
- machines (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 0.
- Example: when this is set to 30%, the old MachineSet can be scaled
- down to 70% of desired machines immediately when the rolling update
- starts. Once new machines are ready, old MachineSet can be scaled
- down further, followed by scaling up the new MachineSet, ensuring
- that the total number of machines available at all times
- during the update is at least 70% of desired machines.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of deployment. Allowed values are RollingUpdate and OnDelete.
- The default is RollingUpdate.
- enum:
- - RollingUpdate
- - OnDelete
- type: string
- type: object
- template:
- description: |-
- template is a local struct containing a collection of templates for creation of
- MachineDeployment objects representing a set of worker nodes.
- properties:
- bootstrap:
- description: |-
- bootstrap contains the bootstrap template reference to be used
- for the creation of worker Machines.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- infrastructure:
- description: |-
- infrastructure contains the infrastructure template reference to be used
- for the creation of worker Machines.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- metadata:
- description: |-
- metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment.
- At runtime this metadata is merged with the corresponding metadata from the topology.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- required:
- - bootstrap
- - infrastructure
- type: object
- required:
- - class
- - template
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - class
- x-kubernetes-list-type: map
- machinePools:
- description: |-
- machinePools is a list of machine pool classes that can be used to create
- a set of worker nodes.
- items:
- description: |-
- MachinePoolClass serves as a template to define a pool of worker nodes of the cluster
- provisioned using `ClusterClass`.
- properties:
- class:
- description: |-
- class denotes a type of machine pool present in the cluster,
- this name MUST be unique within a ClusterClass and can be referenced
- in the Cluster to create a managed MachinePool.
- type: string
- failureDomains:
- description: |-
- failureDomains is the list of failure domains the MachinePool should be attached to.
- Must match a key in the FailureDomains map stored on the cluster object.
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
- items:
- type: string
- type: array
- minReadySeconds:
- description: |-
- Minimum number of seconds for which a newly created machine pool should
- be ready.
- Defaults to 0 (machine will be considered available as soon as it
- is ready)
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
- format: int32
- type: integer
- namingStrategy:
- description: namingStrategy allows changing the naming pattern
- used when creating the MachinePool.
- properties:
- template:
- description: |-
- template defines the template to use for generating the name of the MachinePool object.
- If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`.
- If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will
- get concatenated with a random suffix of length 5.
- The templating mechanism provides the following arguments:
- * `.cluster.name`: The name of the cluster object.
- * `.random`: A random alphanumeric string, without vowels, of length 5.
- * `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name).
- type: string
- type: object
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
- hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
- type: string
- template:
- description: |-
- template is a local struct containing a collection of templates for creation of
- MachinePools objects representing a pool of worker nodes.
- properties:
- bootstrap:
- description: |-
- bootstrap contains the bootstrap template reference to be used
- for the creation of the Machines in the MachinePool.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- infrastructure:
- description: |-
- infrastructure contains the infrastructure template reference to be used
- for the creation of the MachinePool.
- properties:
- ref:
- description: |-
- ref is a required reference to a custom resource
- offered by a provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - ref
- type: object
- metadata:
- description: |-
- metadata is the metadata applied to the MachinePool.
- At runtime this metadata is merged with the corresponding metadata from the topology.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- required:
- - bootstrap
- - infrastructure
- type: object
- required:
- - class
- - template
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - class
- x-kubernetes-list-type: map
- type: object
- type: object
- status:
- description: ClusterClassStatus defines the observed state of the ClusterClass.
- properties:
- conditions:
- description: conditions defines current observed state of the ClusterClass.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in ClusterClass's status with the V1Beta2 version.
- properties:
- conditions:
- description: |-
- conditions represents the observations of a ClusterClass's current state.
- Known condition types are VariablesReady, RefVersionsUpToDate, Paused.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- type: object
- variables:
- description: variables is a list of ClusterClassStatusVariable that
- are defined for the ClusterClass.
- items:
- description: ClusterClassStatusVariable defines a variable which
- appears in the status of a ClusterClass.
- properties:
- definitions:
- description: definitions is a list of definitions for a variable.
- items:
- description: ClusterClassStatusVariableDefinition defines
- a variable which appears in the status of a ClusterClass.
- properties:
- from:
- description: |-
- from specifies the origin of the variable definition.
- This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass
- for variables discovered from a DiscoverVariables runtime extensions.
- type: string
- metadata:
- description: |-
- metadata is the metadata of a variable.
- It can be used to add additional data for higher level tools to
- a ClusterClassVariable.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map that can be used to store and
- retrieve arbitrary metadata.
- They are not queryable.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) variables.
- type: object
- type: object
- required:
- description: |-
- required specifies if the variable is required.
- Note: this applies to the variable as a whole and thus the
- top-level object defined in the schema. If nested fields are
- required, this will be specified inside the schema.
- type: boolean
- schema:
- description: schema defines the schema of the variable.
- properties:
- openAPIV3Schema:
- description: |-
- openAPIV3Schema defines the schema of a variable via OpenAPI v3
- schema. The schema is a subset of the schema used in
- Kubernetes CRDs.
- properties:
- additionalProperties:
- description: |-
- additionalProperties specifies the schema of values in a map (keys are always strings).
- NOTE: Can only be set if type is object.
- NOTE: AdditionalProperties is mutually exclusive with Properties.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- allOf:
- description: |-
- allOf specifies that the variable must validate against all of the subschemas in the array.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- anyOf:
- description: |-
- anyOf specifies that the variable must validate against one or more of the subschemas in the array.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- default:
- description: |-
- default is the default value of the variable.
- NOTE: Can be set for all types.
- x-kubernetes-preserve-unknown-fields: true
- description:
- description: description is a human-readable description
- of this variable.
- type: string
- enum:
- description: |-
- enum is the list of valid values of the variable.
- NOTE: Can be set for all types.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- example:
- description: example is an example for this variable.
- x-kubernetes-preserve-unknown-fields: true
- exclusiveMaximum:
- description: |-
- exclusiveMaximum specifies if the Maximum is exclusive.
- NOTE: Can only be set if type is integer or number.
- type: boolean
- exclusiveMinimum:
- description: |-
- exclusiveMinimum specifies if the Minimum is exclusive.
- NOTE: Can only be set if type is integer or number.
- type: boolean
- format:
- description: |-
- format is an OpenAPI v3 format string. Unknown formats are ignored.
- For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using)
- https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go
- NOTE: Can only be set if type is string.
- type: string
- items:
- description: |-
- items specifies fields of an array.
- NOTE: Can only be set if type is array.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- maxItems:
- description: |-
- maxItems is the max length of an array variable.
- NOTE: Can only be set if type is array.
- format: int64
- type: integer
- maxLength:
- description: |-
- maxLength is the max length of a string variable.
- NOTE: Can only be set if type is string.
- format: int64
- type: integer
- maxProperties:
- description: |-
- maxProperties is the maximum amount of entries in a map or properties in an object.
- NOTE: Can only be set if type is object.
- format: int64
- type: integer
- maximum:
- description: |-
- maximum is the maximum of an integer or number variable.
- If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum.
- If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum.
- NOTE: Can only be set if type is integer or number.
- format: int64
- type: integer
- minItems:
- description: |-
- minItems is the min length of an array variable.
- NOTE: Can only be set if type is array.
- format: int64
- type: integer
- minLength:
- description: |-
- minLength is the min length of a string variable.
- NOTE: Can only be set if type is string.
- format: int64
- type: integer
- minProperties:
- description: |-
- minProperties is the minimum amount of entries in a map or properties in an object.
- NOTE: Can only be set if type is object.
- format: int64
- type: integer
- minimum:
- description: |-
- minimum is the minimum of an integer or number variable.
- If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum.
- If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum.
- NOTE: Can only be set if type is integer or number.
- format: int64
- type: integer
- not:
- description: |-
- not specifies that the variable must not validate against the subschema.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- oneOf:
- description: |-
- oneOf specifies that the variable must validate against exactly one of the subschemas in the array.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- pattern:
- description: |-
- pattern is the regex which a string variable must match.
- NOTE: Can only be set if type is string.
- type: string
- properties:
- description: |-
- properties specifies fields of an object.
- NOTE: Can only be set if type is object.
- NOTE: Properties is mutually exclusive with AdditionalProperties.
- NOTE: This field uses PreserveUnknownFields and Schemaless,
- because recursive validation is not possible.
- x-kubernetes-preserve-unknown-fields: true
- required:
- description: |-
- required specifies which fields of an object are required.
- NOTE: Can only be set if type is object.
- items:
- type: string
- type: array
- type:
- description: |-
- type is the type of the variable.
- Valid values are: object, array, string, integer, number or boolean.
- type: string
- uniqueItems:
- description: |-
- uniqueItems specifies if items in an array must be unique.
- NOTE: Can only be set if type is array.
- type: boolean
- x-kubernetes-int-or-string:
- description: |-
- x-kubernetes-int-or-string specifies that this value is
- either an integer or a string. If this is true, an empty
- type is allowed and type as child of anyOf is permitted
- if following one of the following patterns:
-
- 1) anyOf:
- - type: integer
- - type: string
- 2) allOf:
- - anyOf:
- - type: integer
- - type: string
- - ... zero or more
- type: boolean
- x-kubernetes-preserve-unknown-fields:
- description: |-
- x-kubernetes-preserve-unknown-fields allows setting fields in a variable object
- which are not defined in the variable schema. This affects fields recursively,
- except if nested properties or additionalProperties are specified in the schema.
- type: boolean
- x-kubernetes-validations:
- description: x-kubernetes-validations describes
- a list of validation rules written in the CEL
- expression language.
- items:
- description: ValidationRule describes a validation
- rule written in the CEL expression language.
- properties:
- fieldPath:
- description: |-
- fieldPath represents the field path returned when the validation fails.
- It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.
- e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`
- If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`
- It does not support list numeric index.
- It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.
- Numeric index of array is not supported.
- For field name which contains special characters, use `['specialName']` to refer the field name.
- e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`
- type: string
- message:
- description: |-
- message represents the message displayed when validation fails. The message is required if the Rule contains
- line breaks. The message must not contain line breaks.
- If unset, the message is "failed rule: {Rule}".
- e.g. "must be a URL with the host matching spec.host"
- type: string
- messageExpression:
- description: |-
- messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
- Since messageExpression is used as a failure message, it must evaluate to a string.
- If both message and messageExpression are present on a rule, then messageExpression will be used if validation
- fails. If messageExpression results in a runtime error, the validation failure message is produced
- as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
- that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset.
- messageExpression has access to all the same variables as the rule; the only difference is the return type.
- Example:
- "x must be less than max ("+string(self.max)+")"
- type: string
- reason:
- default: FieldValueInvalid
- description: |-
- reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.
- The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate".
- If not set, default to use "FieldValueInvalid".
- All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.
- enum:
- - FieldValueInvalid
- - FieldValueForbidden
- - FieldValueRequired
- - FieldValueDuplicate
- type: string
- rule:
- description: "rule represents the expression
- which will be evaluated by CEL.\nref:
- https://github.com/google/cel-spec\nThe
- Rule is scoped to the location of the
- x-kubernetes-validations extension in
- the schema.\nThe `self` variable in the
- CEL expression is bound to the scoped
- value.\nIf the Rule is scoped to an object
- with properties, the accessible properties
- of the object are field selectable\nvia
- `self.field` and field presence can be
- checked via `has(self.field)`.\nIf the
- Rule is scoped to an object with additionalProperties
- (i.e. a map) the value of the map\nare
- accessible via `self[mapKey]`, map containment
- can be checked via `mapKey in self` and
- all entries of the map\nare accessible
- via CEL macros and functions such as `self.all(...)`.\nIf
- the Rule is scoped to an array, the elements
- of the array are accessible via `self[i]`
- and also by macros and\nfunctions.\nIf
- the Rule is scoped to a scalar, `self`
- is bound to the scalar value.\nExamples:\n-
- Rule scoped to a map of objects: {\"rule\":
- \"self.components['Widget'].priority <
- 10\"}\n- Rule scoped to a list of integers:
- {\"rule\": \"self.values.all(value, value
- >= 0 && value < 100)\"}\n- Rule scoped
- to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown
- data preserved in custom resources via
- x-kubernetes-preserve-unknown-fields is
- not accessible in CEL\nexpressions. This
- includes:\n- Unknown field values that
- are preserved by object schemas with x-kubernetes-preserve-unknown-fields.\n-
- Object properties where the property schema
- is of an \"unknown type\". An \"unknown
- type\" is recursively defined as:\n -
- A schema with no type and x-kubernetes-preserve-unknown-fields
- set to true\n - An array where the items
- schema is of an \"unknown type\"\n -
- An object where the additionalProperties
- schema is of an \"unknown type\"\n\nOnly
- property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`
- are accessible.\nAccessible property names
- are escaped according to the following
- rules when accessed in the expression:\n-
- '__' escapes to '__underscores__'\n- '.'
- escapes to '__dot__'\n- '-' escapes to
- '__dash__'\n- '/' escapes to '__slash__'\n-
- Property names that exactly match a CEL
- RESERVED keyword escape to '__{keyword}__'.
- The keywords are:\n\t \"true\", \"false\",
- \"null\", \"in\", \"as\", \"break\", \"const\",
- \"continue\", \"else\", \"for\", \"function\",
- \"if\",\n\t \"import\", \"let\", \"loop\",
- \"package\", \"namespace\", \"return\".\nExamples:\n
- \ - Rule accessing a property named \"namespace\":
- {\"rule\": \"self.__namespace__ > 0\"}\n
- \ - Rule accessing a property named \"x-prop\":
- {\"rule\": \"self.x__dash__prop > 0\"}\n
- \ - Rule accessing a property named \"redact__d\":
- {\"rule\": \"self.redact__underscores__d
- > 0\"}\n\nIf `rule` makes use of the `oldSelf`
- variable it is implicitly a\n`transition
- rule`.\n\nBy default, the `oldSelf` variable
- is the same type as `self`.\n\nTransition
- rules by default are applied only on UPDATE
- requests and are\nskipped if an old value
- could not be found."
- type: string
- required:
- - rule
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - rule
- x-kubernetes-list-type: map
- x-metadata:
- description: |-
- x-metadata is the metadata of a variable or a nested field within a variable.
- It can be used to add additional data for higher level tools.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map that can be used to store and
- retrieve arbitrary metadata.
- They are not queryable.
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) variables.
- type: object
- type: object
- type: object
- required:
- - openAPIV3Schema
- type: object
- required:
- - from
- - required
- - schema
- type: object
- type: array
- definitionsConflict:
- description: definitionsConflict specifies whether or not there
- are conflicting definitions for a single variable name.
- type: boolean
- name:
- description: name is the name of the variable.
- type: string
- required:
- - definitions
- - name
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: clusterresourcesetbindings.addons.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: addons.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: ClusterResourceSetBinding
- listKind: ClusterResourceSetBindingList
- plural: clusterresourcesetbindings
- singular: clusterresourcesetbinding
- scope: Namespaced
- versions:
- - deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterResourceSetBindingSpec defines the desired state of
- ClusterResourceSetBinding.
- properties:
- bindings:
- description: bindings is a list of ClusterResourceSets and their resources.
- items:
- description: ResourceSetBinding keeps info on all of the resources
- in a ClusterResourceSet.
- properties:
- clusterResourceSetName:
- description: clusterResourceSetName is the name of the ClusterResourceSet
- that is applied to the owner cluster of the binding.
- type: string
- resources:
- description: resources is a list of resources that the ClusterResourceSet
- has.
- items:
- description: ResourceBinding shows the status of a resource
- that belongs to a ClusterResourceSet matched by the owner
- cluster of the ClusterResourceSetBinding object.
- properties:
- applied:
- description: applied is to track if a resource is applied
- to the cluster or not.
- type: boolean
- hash:
- description: |-
- hash is the hash of a resource's data. This can be used to decide if a resource is changed.
- For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.
- type: string
- kind:
- description: 'kind of the resource. Supported kinds are:
- Secrets and ConfigMaps.'
- enum:
- - Secret
- - ConfigMap
- type: string
- lastAppliedTime:
- description: lastAppliedTime identifies when this resource
- was last applied to the cluster.
- format: date-time
- type: string
- name:
- description: name of the resource that is in the same
- namespace with ClusterResourceSet object.
- minLength: 1
- type: string
- required:
- - applied
- - kind
- - name
- type: object
- type: array
- required:
- - clusterResourceSetName
- type: object
- type: array
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of ClusterResourceSetBinding
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterResourceSetBindingSpec defines the desired state of
- ClusterResourceSetBinding.
- properties:
- bindings:
- description: bindings is a list of ClusterResourceSets and their resources.
- items:
- description: ResourceSetBinding keeps info on all of the resources
- in a ClusterResourceSet.
- properties:
- clusterResourceSetName:
- description: clusterResourceSetName is the name of the ClusterResourceSet
- that is applied to the owner cluster of the binding.
- type: string
- resources:
- description: resources is a list of resources that the ClusterResourceSet
- has.
- items:
- description: ResourceBinding shows the status of a resource
- that belongs to a ClusterResourceSet matched by the owner
- cluster of the ClusterResourceSetBinding object.
- properties:
- applied:
- description: applied is to track if a resource is applied
- to the cluster or not.
- type: boolean
- hash:
- description: |-
- hash is the hash of a resource's data. This can be used to decide if a resource is changed.
- For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.
- type: string
- kind:
- description: 'kind of the resource. Supported kinds are:
- Secrets and ConfigMaps.'
- enum:
- - Secret
- - ConfigMap
- type: string
- lastAppliedTime:
- description: lastAppliedTime identifies when this resource
- was last applied to the cluster.
- format: date-time
- type: string
- name:
- description: name of the resource that is in the same
- namespace with ClusterResourceSet object.
- minLength: 1
- type: string
- required:
- - applied
- - kind
- - name
- type: object
- type: array
- required:
- - clusterResourceSetName
- type: object
- type: array
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of ClusterResourceSetBinding
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: ClusterResourceSetBinding lists all matching ClusterResourceSets
- with the cluster it belongs to.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterResourceSetBindingSpec defines the desired state of
- ClusterResourceSetBinding.
- properties:
- bindings:
- description: bindings is a list of ClusterResourceSets and their resources.
- items:
- description: ResourceSetBinding keeps info on all of the resources
- in a ClusterResourceSet.
- properties:
- clusterResourceSetName:
- description: clusterResourceSetName is the name of the ClusterResourceSet
- that is applied to the owner cluster of the binding.
- type: string
- resources:
- description: resources is a list of resources that the ClusterResourceSet
- has.
- items:
- description: ResourceBinding shows the status of a resource
- that belongs to a ClusterResourceSet matched by the owner
- cluster of the ClusterResourceSetBinding object.
- properties:
- applied:
- description: applied is to track if a resource is applied
- to the cluster or not.
- type: boolean
- hash:
- description: |-
- hash is the hash of a resource's data. This can be used to decide if a resource is changed.
- For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.
- type: string
- kind:
- description: 'kind of the resource. Supported kinds are:
- Secrets and ConfigMaps.'
- enum:
- - Secret
- - ConfigMap
- type: string
- lastAppliedTime:
- description: lastAppliedTime identifies when this resource
- was last applied to the cluster.
- format: date-time
- type: string
- name:
- description: name of the resource that is in the same
- namespace with ClusterResourceSet object.
- minLength: 1
- type: string
- required:
- - applied
- - kind
- - name
- type: object
- type: array
- required:
- - clusterResourceSetName
- type: object
- type: array
- clusterName:
- description: |-
- clusterName is the name of the Cluster this binding applies to.
- Note: this field mandatory in v1beta2.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: clusterresourcesets.addons.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: addons.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: ClusterResourceSet
- listKind: ClusterResourceSetList
- plural: clusterresourcesets
- singular: clusterresourceset
- scope: Namespaced
- versions:
- - deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- ClusterResourceSet is the Schema for the clusterresourcesets API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
- properties:
- clusterSelector:
- description: |-
- Label selector for Clusters. The Clusters that are
- selected by this will be the ones affected by this ClusterResourceSet.
- It must match the Cluster labels. This field is immutable.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- resources:
- description: resources is a list of Secrets/ConfigMaps where each
- contains 1 or more resources to be applied to remote clusters.
- items:
- description: ResourceRef specifies a resource.
- properties:
- kind:
- description: 'kind of the resource. Supported kinds are: Secrets
- and ConfigMaps.'
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: name of the resource that is in the same namespace
- with ClusterResourceSet object.
- minLength: 1
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- strategy:
- description: strategy is the strategy to be used during applying resources.
- Defaults to ApplyOnce. This field is immutable.
- enum:
- - ApplyOnce
- type: string
- required:
- - clusterSelector
- type: object
- status:
- description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
- properties:
- conditions:
- description: conditions defines current state of the ClusterResourceSet.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: observedGeneration reflects the generation of the most
- recently observed ClusterResourceSet.
- format: int64
- type: integer
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of ClusterResourceSet
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- ClusterResourceSet is the Schema for the clusterresourcesets API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
- properties:
- clusterSelector:
- description: |-
- Label selector for Clusters. The Clusters that are
- selected by this will be the ones affected by this ClusterResourceSet.
- It must match the Cluster labels. This field is immutable.
- Label selector cannot be empty.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- resources:
- description: resources is a list of Secrets/ConfigMaps where each
- contains 1 or more resources to be applied to remote clusters.
- items:
- description: ResourceRef specifies a resource.
- properties:
- kind:
- description: 'kind of the resource. Supported kinds are: Secrets
- and ConfigMaps.'
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: name of the resource that is in the same namespace
- with ClusterResourceSet object.
- minLength: 1
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- strategy:
- description: strategy is the strategy to be used during applying resources.
- Defaults to ApplyOnce. This field is immutable.
- enum:
- - ApplyOnce
- type: string
- required:
- - clusterSelector
- type: object
- status:
- description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
- properties:
- conditions:
- description: conditions defines current state of the ClusterResourceSet.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: observedGeneration reflects the generation of the most
- recently observed ClusterResourceSet.
- format: int64
- type: integer
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of ClusterResourceSet
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: ClusterResourceSet is the Schema for the clusterresourcesets
- API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
- properties:
- clusterSelector:
- description: |-
- Label selector for Clusters. The Clusters that are
- selected by this will be the ones affected by this ClusterResourceSet.
- It must match the Cluster labels. This field is immutable.
- Label selector cannot be empty.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- resources:
- description: resources is a list of Secrets/ConfigMaps where each
- contains 1 or more resources to be applied to remote clusters.
- items:
- description: ResourceRef specifies a resource.
- properties:
- kind:
- description: 'kind of the resource. Supported kinds are: Secrets
- and ConfigMaps.'
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: name of the resource that is in the same namespace
- with ClusterResourceSet object.
- minLength: 1
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- strategy:
- description: strategy is the strategy to be used during applying resources.
- Defaults to ApplyOnce. This field is immutable.
- enum:
- - ApplyOnce
- - Reconcile
- type: string
- required:
- - clusterSelector
- type: object
- status:
- description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
- properties:
- conditions:
- description: conditions defines current state of the ClusterResourceSet.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: observedGeneration reflects the generation of the most
- recently observed ClusterResourceSet.
- format: int64
- type: integer
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in ClusterResourceSet's status with the V1Beta2 version.
- properties:
- conditions:
- description: |-
- conditions represents the observations of a ClusterResourceSet's current state.
- Known condition types are ResourceSetApplied, Deleting.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: clusters.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: Cluster
- listKind: ClusterList
- plural: clusters
- shortNames:
- - cl
- singular: cluster
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
- jsonPath: .status.phase
- name: Phase
- type: string
- deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: Cluster is the Schema for the clusters API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterSpec defines the desired state of Cluster.
- properties:
- clusterNetwork:
- description: Cluster network configuration.
- properties:
- apiServerPort:
- description: |-
- apiServerPort specifies the port the API Server should bind to.
- Defaults to 6443.
- format: int32
- type: integer
- pods:
- description: The network ranges from which Pod networks are allocated.
- properties:
- cidrBlocks:
- items:
- type: string
- type: array
- required:
- - cidrBlocks
- type: object
- serviceDomain:
- description: Domain name for services.
- type: string
- services:
- description: The network ranges from which service VIPs are allocated.
- properties:
- cidrBlocks:
- items:
- type: string
- type: array
- required:
- - cidrBlocks
- type: object
- type: object
- controlPlaneEndpoint:
- description: controlPlaneEndpoint represents the endpoint used to
- communicate with the control plane.
- properties:
- host:
- description: The hostname on which the API server is serving.
- type: string
- port:
- description: The port on which the API server is serving.
- format: int32
- type: integer
- required:
- - host
- - port
- type: object
- controlPlaneRef:
- description: |-
- controlPlaneRef is an optional reference to a provider-specific resource that holds
- the details for provisioning the Control Plane for a Cluster.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- infrastructureRef:
- description: |-
- infrastructureRef is a reference to a provider-specific resource that holds the details
- for provisioning infrastructure for a cluster in said provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- paused:
- description: paused can be used to prevent controllers from processing
- the Cluster and all its associated objects.
- type: boolean
- type: object
- status:
- description: ClusterStatus defines the observed state of Cluster.
- properties:
- conditions:
- description: conditions defines current service state of the cluster.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- controlPlaneInitialized:
- description: controlPlaneInitialized defines if the control plane
- has been initialized.
- type: boolean
- controlPlaneReady:
- description: controlPlaneReady defines if the control plane is ready.
- type: boolean
- failureDomains:
- additionalProperties:
- description: |-
- FailureDomainSpec is the Schema for Cluster API failure domains.
- It allows controllers to understand how many failure domains a cluster can optionally span across.
- properties:
- attributes:
- additionalProperties:
- type: string
- description: attributes is a free form map of attributes an
- infrastructure provider might use or require.
- type: object
- controlPlane:
- description: controlPlane determines if this failure domain
- is suitable for use by control plane machines.
- type: boolean
- type: object
- description: failureDomains is a slice of failure domain objects synced
- from the infrastructure provider.
- type: object
- failureMessage:
- description: |-
- failureMessage indicates that there is a fatal problem reconciling the
- state, and will be set to a descriptive error message.
- type: string
- failureReason:
- description: |-
- failureReason indicates that there is a fatal problem reconciling the
- state, and will be set to a token value suitable for
- programmatic interpretation.
- type: string
- infrastructureReady:
- description: infrastructureReady is the state of the infrastructure
- provider.
- type: boolean
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- phase:
- description: |-
- phase represents the current phase of cluster actuation.
- E.g. Pending, Running, Terminating, Failed etc.
- type: string
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of Cluster
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
- jsonPath: .status.phase
- name: Phase
- type: string
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- Cluster is the Schema for the clusters API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterSpec defines the desired state of Cluster.
- properties:
- clusterNetwork:
- description: Cluster network configuration.
- properties:
- apiServerPort:
- description: |-
- apiServerPort specifies the port the API Server should bind to.
- Defaults to 6443.
- format: int32
- type: integer
- pods:
- description: The network ranges from which Pod networks are allocated.
- properties:
- cidrBlocks:
- items:
- type: string
- type: array
- required:
- - cidrBlocks
- type: object
- serviceDomain:
- description: Domain name for services.
- type: string
- services:
- description: The network ranges from which service VIPs are allocated.
- properties:
- cidrBlocks:
- items:
- type: string
- type: array
- required:
- - cidrBlocks
- type: object
- type: object
- controlPlaneEndpoint:
- description: controlPlaneEndpoint represents the endpoint used to
- communicate with the control plane.
- properties:
- host:
- description: The hostname on which the API server is serving.
- type: string
- port:
- description: The port on which the API server is serving.
- format: int32
- type: integer
- required:
- - host
- - port
- type: object
- controlPlaneRef:
- description: |-
- controlPlaneRef is an optional reference to a provider-specific resource that holds
- the details for provisioning the Control Plane for a Cluster.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- infrastructureRef:
- description: |-
- infrastructureRef is a reference to a provider-specific resource that holds the details
- for provisioning infrastructure for a cluster in said provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- paused:
- description: paused can be used to prevent controllers from processing
- the Cluster and all its associated objects.
- type: boolean
- topology:
- description: |-
- This encapsulates the topology for the cluster.
- NOTE: It is required to enable the ClusterTopology
- feature gate flag to activate managed topologies support;
- this feature is highly experimental, and parts of it might still be not implemented.
- properties:
- class:
- description: The name of the ClusterClass object to create the
- topology.
- type: string
- controlPlane:
- description: controlPlane describes the cluster control plane.
- properties:
- metadata:
- description: |-
- metadata is the metadata applied to the machines of the ControlPlane.
- At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
-
- This field is supported if and only if the control plane provider template
- referenced in the ClusterClass is Machine based.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- replicas:
- description: |-
- replicas is the number of control plane nodes.
- If the value is nil, the ControlPlane object is created without the number of Replicas
- and it's assumed that the control plane controller does not implement support for this field.
- When specified against a control plane provider that lacks support for this field, this value will be ignored.
- format: int32
- type: integer
- type: object
- rolloutAfter:
- description: |-
- rolloutAfter performs a rollout of the entire cluster one component at a time,
- control plane first and then machine deployments.
- format: date-time
- type: string
- version:
- description: The Kubernetes version of the cluster.
- type: string
- workers:
- description: |-
- workers encapsulates the different constructs that form the worker nodes
- for the cluster.
- properties:
- machineDeployments:
- description: machineDeployments is a list of machine deployments
- in the cluster.
- items:
- description: |-
- MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology.
- This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.
- properties:
- class:
- description: |-
- class is the name of the MachineDeploymentClass used to create the set of worker nodes.
- This should match one of the deployment classes defined in the ClusterClass object
- mentioned in the `Cluster.Spec.Class` field.
- type: string
- metadata:
- description: |-
- metadata is the metadata applied to the machines of the MachineDeployment.
- At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- name:
- description: |-
- name is the unique identifier for this MachineDeploymentTopology.
- The value is used with other unique identifiers to create a MachineDeployment's Name
- (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length,
- the values are hashed together.
- type: string
- replicas:
- description: |-
- replicas is the number of worker nodes belonging to this set.
- If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to zero)
- and it's assumed that an external entity (like cluster autoscaler) is responsible for the management
- of this value.
- format: int32
- type: integer
- required:
- - class
- - name
- type: object
- type: array
- type: object
- required:
- - class
- - version
- type: object
- type: object
- status:
- description: ClusterStatus defines the observed state of Cluster.
- properties:
- conditions:
- description: conditions defines current service state of the cluster.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- controlPlaneReady:
- description: controlPlaneReady defines if the control plane is ready.
- type: boolean
- failureDomains:
- additionalProperties:
- description: |-
- FailureDomainSpec is the Schema for Cluster API failure domains.
- It allows controllers to understand how many failure domains a cluster can optionally span across.
- properties:
- attributes:
- additionalProperties:
- type: string
- description: attributes is a free form map of attributes an
- infrastructure provider might use or require.
- type: object
- controlPlane:
- description: controlPlane determines if this failure domain
- is suitable for use by control plane machines.
- type: boolean
- type: object
- description: failureDomains is a slice of failure domain objects synced
- from the infrastructure provider.
- type: object
- failureMessage:
- description: |-
- failureMessage indicates that there is a fatal problem reconciling the
- state, and will be set to a descriptive error message.
- type: string
- failureReason:
- description: |-
- failureReason indicates that there is a fatal problem reconciling the
- state, and will be set to a token value suitable for
- programmatic interpretation.
- type: string
- infrastructureReady:
- description: infrastructureReady is the state of the infrastructure
- provider.
- type: boolean
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- phase:
- description: |-
- phase represents the current phase of cluster actuation.
- E.g. Pending, Running, Terminating, Failed etc.
- type: string
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: ClusterClass of this Cluster, empty if the Cluster is not using
- a ClusterClass
- jsonPath: .spec.topology.class
- name: ClusterClass
- type: string
- - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Time duration since creation of Cluster
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Kubernetes version associated with this Cluster
- jsonPath: .spec.topology.version
- name: Version
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Cluster is the Schema for the clusters API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ClusterSpec defines the desired state of Cluster.
- properties:
- availabilityGates:
- description: |-
- availabilityGates specifies additional conditions to include when evaluating Cluster Available condition.
-
- NOTE: this field is considered only for computing v1beta2 conditions.
- items:
- description: ClusterAvailabilityGate contains the type of a Cluster
- condition to be used as availability gate.
- properties:
- conditionType:
- description: |-
- conditionType refers to a positive polarity condition (status true means good) with matching type in the Cluster's condition list.
- If the conditions doesn't exist, it will be treated as unknown.
- Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates.
- maxLength: 316
- minLength: 1
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - conditionType
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - conditionType
- x-kubernetes-list-type: map
- clusterNetwork:
- description: Cluster network configuration.
- properties:
- apiServerPort:
- description: |-
- apiServerPort specifies the port the API Server should bind to.
- Defaults to 6443.
- format: int32
- type: integer
- pods:
- description: The network ranges from which Pod networks are allocated.
- properties:
- cidrBlocks:
- items:
- type: string
- type: array
- required:
- - cidrBlocks
- type: object
- serviceDomain:
- description: Domain name for services.
- type: string
- services:
- description: The network ranges from which service VIPs are allocated.
- properties:
- cidrBlocks:
- items:
- type: string
- type: array
- required:
- - cidrBlocks
- type: object
- type: object
- controlPlaneEndpoint:
- description: controlPlaneEndpoint represents the endpoint used to
- communicate with the control plane.
- properties:
- host:
- description: The hostname on which the API server is serving.
- type: string
- port:
- description: The port on which the API server is serving.
- format: int32
- type: integer
- required:
- - host
- - port
- type: object
- controlPlaneRef:
- description: |-
- controlPlaneRef is an optional reference to a provider-specific resource that holds
- the details for provisioning the Control Plane for a Cluster.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- infrastructureRef:
- description: |-
- infrastructureRef is a reference to a provider-specific resource that holds the details
- for provisioning infrastructure for a cluster in said provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- paused:
- description: paused can be used to prevent controllers from processing
- the Cluster and all its associated objects.
- type: boolean
- topology:
- description: |-
- This encapsulates the topology for the cluster.
- NOTE: It is required to enable the ClusterTopology
- feature gate flag to activate managed topologies support;
- this feature is highly experimental, and parts of it might still be not implemented.
- properties:
- class:
- description: The name of the ClusterClass object to create the
- topology.
- type: string
- classNamespace:
- description: |-
- classNamespace is the namespace of the ClusterClass object to create the topology.
- If the namespace is empty or not set, it is defaulted to the namespace of the cluster object.
- Value must follow the DNS1123Subdomain syntax.
- maxLength: 253
- minLength: 1
- pattern: ^[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9](?:[-a-z0-9]*[a-z0-9])?)*$
- type: string
- controlPlane:
- description: controlPlane describes the cluster control plane.
- properties:
- machineHealthCheck:
- description: |-
- machineHealthCheck allows to enable, disable and override
- the MachineHealthCheck configuration in the ClusterClass for this control plane.
- properties:
- enable:
- description: |-
- enable controls if a MachineHealthCheck should be created for the target machines.
-
- If false: No MachineHealthCheck will be created.
-
- If not set(default): A MachineHealthCheck will be created if it is defined here or
- in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created.
-
- If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will
- block if `enable` is true and no MachineHealthCheck definition is available.
- type: boolean
- maxUnhealthy:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
- "selector" are not healthy.
- x-kubernetes-int-or-string: true
- nodeStartupTimeout:
- description: |-
- nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
- to consider a Machine unhealthy if a corresponding Node isn't associated
- through a `Spec.ProviderID` field.
-
- The duration set in this field is compared to the greatest of:
- - Cluster's infrastructure ready condition timestamp (if and when available)
- - Control Plane's initialized condition timestamp (if and when available)
- - Machine's infrastructure ready condition timestamp (if and when available)
- - Machine's metadata creation timestamp
-
- Defaults to 10 minutes.
- If you wish to disable this feature, set the value explicitly to 0.
- type: string
- remediationTemplate:
- description: |-
- remediationTemplate is a reference to a remediation template
- provided by an infrastructure provider.
-
- This field is completely optional, when filled, the MachineHealthCheck controller
- creates a new object from the template referenced and hands off remediation of the machine to
- a controller that lives outside of Cluster API.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- unhealthyConditions:
- description: |-
- unhealthyConditions contains a list of the conditions that determine
- whether a node is considered unhealthy. The conditions are combined in a
- logical OR, i.e. if any of the conditions is met, the node is unhealthy.
- items:
- description: |-
- UnhealthyCondition represents a Node condition type and value with a timeout
- specified as a duration. When the named condition has been in the given
- status for at least the timeout value, a node is considered unhealthy.
- properties:
- status:
- minLength: 1
- type: string
- timeout:
- type: string
- type:
- minLength: 1
- type: string
- required:
- - status
- - timeout
- - type
- type: object
- type: array
- unhealthyRange:
- description: |-
- Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
- is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
- Eg. "[3-5]" - This means that remediation will be allowed only when:
- (a) there are at least 3 unhealthy machines (and)
- (b) there are at most 5 unhealthy machines
- pattern: ^\[[0-9]+-[0-9]+\]$
- type: string
- type: object
- metadata:
- description: |-
- metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane
- if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it
- is applied only to the ControlPlane.
- At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- type: string
- replicas:
- description: |-
- replicas is the number of control plane nodes.
- If the value is nil, the ControlPlane object is created without the number of Replicas
- and it's assumed that the control plane controller does not implement support for this field.
- When specified against a control plane provider that lacks support for this field, this value will be ignored.
- format: int32
- type: integer
- variables:
- description: variables can be used to customize the ControlPlane
- through patches.
- properties:
- overrides:
- description: overrides can be used to override Cluster
- level variables.
- items:
- description: |-
- ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
- Variable definition in the ClusterClass `status` variables.
- properties:
- definitionFrom:
- description: |-
- definitionFrom specifies where the definition of this Variable is from.
-
- Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
- type: string
- name:
- description: name of the variable.
- type: string
- value:
- description: |-
- value of the variable.
- Note: the value will be validated against the schema of the corresponding ClusterClassVariable
- from the ClusterClass.
- Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
- hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
- i.e. it is not possible to have no type field.
- Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
- x-kubernetes-preserve-unknown-fields: true
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- type: object
- type: object
- rolloutAfter:
- description: |-
- rolloutAfter performs a rollout of the entire cluster one component at a time,
- control plane first and then machine deployments.
-
- Deprecated: This field has no function and is going to be removed in the next apiVersion.
- format: date-time
- type: string
- variables:
- description: |-
- variables can be used to customize the Cluster through
- patches. They must comply to the corresponding
- VariableClasses defined in the ClusterClass.
- items:
- description: |-
- ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
- Variable definition in the ClusterClass `status` variables.
- properties:
- definitionFrom:
- description: |-
- definitionFrom specifies where the definition of this Variable is from.
-
- Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
- type: string
- name:
- description: name of the variable.
- type: string
- value:
- description: |-
- value of the variable.
- Note: the value will be validated against the schema of the corresponding ClusterClassVariable
- from the ClusterClass.
- Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
- hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
- i.e. it is not possible to have no type field.
- Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
- x-kubernetes-preserve-unknown-fields: true
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- version:
- description: The Kubernetes version of the cluster.
- type: string
- workers:
- description: |-
- workers encapsulates the different constructs that form the worker nodes
- for the cluster.
- properties:
- machineDeployments:
- description: machineDeployments is a list of machine deployments
- in the cluster.
- items:
- description: |-
- MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology.
- This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.
- properties:
- class:
- description: |-
- class is the name of the MachineDeploymentClass used to create the set of worker nodes.
- This should match one of the deployment classes defined in the ClusterClass object
- mentioned in the `Cluster.Spec.Class` field.
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machines will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- machineHealthCheck:
- description: |-
- machineHealthCheck allows to enable, disable and override
- the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment.
- properties:
- enable:
- description: |-
- enable controls if a MachineHealthCheck should be created for the target machines.
-
- If false: No MachineHealthCheck will be created.
-
- If not set(default): A MachineHealthCheck will be created if it is defined here or
- in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created.
-
- If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will
- block if `enable` is true and no MachineHealthCheck definition is available.
- type: boolean
- maxUnhealthy:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
- "selector" are not healthy.
- x-kubernetes-int-or-string: true
- nodeStartupTimeout:
- description: |-
- nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
- to consider a Machine unhealthy if a corresponding Node isn't associated
- through a `Spec.ProviderID` field.
-
- The duration set in this field is compared to the greatest of:
- - Cluster's infrastructure ready condition timestamp (if and when available)
- - Control Plane's initialized condition timestamp (if and when available)
- - Machine's infrastructure ready condition timestamp (if and when available)
- - Machine's metadata creation timestamp
-
- Defaults to 10 minutes.
- If you wish to disable this feature, set the value explicitly to 0.
- type: string
- remediationTemplate:
- description: |-
- remediationTemplate is a reference to a remediation template
- provided by an infrastructure provider.
-
- This field is completely optional, when filled, the MachineHealthCheck controller
- creates a new object from the template referenced and hands off remediation of the machine to
- a controller that lives outside of Cluster API.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- unhealthyConditions:
- description: |-
- unhealthyConditions contains a list of the conditions that determine
- whether a node is considered unhealthy. The conditions are combined in a
- logical OR, i.e. if any of the conditions is met, the node is unhealthy.
- items:
- description: |-
- UnhealthyCondition represents a Node condition type and value with a timeout
- specified as a duration. When the named condition has been in the given
- status for at least the timeout value, a node is considered unhealthy.
- properties:
- status:
- minLength: 1
- type: string
- timeout:
- type: string
- type:
- minLength: 1
- type: string
- required:
- - status
- - timeout
- - type
- type: object
- type: array
- unhealthyRange:
- description: |-
- Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
- is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
- Eg. "[3-5]" - This means that remediation will be allowed only when:
- (a) there are at least 3 unhealthy machines (and)
- (b) there are at most 5 unhealthy machines
- pattern: ^\[[0-9]+-[0-9]+\]$
- type: string
- type: object
- metadata:
- description: |-
- metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment.
- At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- minReadySeconds:
- description: |-
- Minimum number of seconds for which a newly created machine should
- be ready.
- Defaults to 0 (machine will be considered available as soon as it
- is ready)
- format: int32
- type: integer
- name:
- description: |-
- name is the unique identifier for this MachineDeploymentTopology.
- The value is used with other unique identifiers to create a MachineDeployment's Name
- (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length,
- the values are hashed together.
- type: string
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- type: string
- replicas:
- description: |-
- replicas is the number of worker nodes belonging to this set.
- If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1)
- and it's assumed that an external entity (like cluster autoscaler) is responsible for the management
- of this value.
- format: int32
- type: integer
- strategy:
- description: |-
- The deployment strategy to use to replace existing machines with
- new ones.
- properties:
- remediation:
- description: |-
- remediation controls the strategy of remediating unhealthy machines
- and how remediating operations should occur during the lifecycle of the dependant MachineSets.
- properties:
- maxInFlight:
- anyOf:
- - type: integer
- - type: string
- description: |-
- maxInFlight determines how many in flight remediations should happen at the same time.
-
- Remediation only happens on the MachineSet with the most current revision, while
- older MachineSets (usually present during rollout operations) aren't allowed to remediate.
-
- Note: In general (independent of remediations), unhealthy machines are always
- prioritized during scale down operations over healthy ones.
-
- MaxInFlight can be set to a fixed number or a percentage.
- Example: when this is set to 20%, the MachineSet controller deletes at most 20% of
- the desired replicas.
-
- If not set, remediation is limited to all machines (bounded by replicas)
- under the active MachineSet's management.
- x-kubernetes-int-or-string: true
- type: object
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- MachineDeploymentStrategyType = RollingUpdate.
- properties:
- deletePolicy:
- description: |-
- deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
- Valid values are "Random, "Newest", "Oldest"
- When no value is supplied, the default DeletePolicy of MachineSet is used
- enum:
- - Random
- - Newest
- - Oldest
- type: string
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be scheduled above the
- desired number of machines.
- Value can be an absolute number (ex: 5) or a percentage of
- desired machines (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 1.
- Example: when this is set to 30%, the new MachineSet can be scaled
- up immediately when the rolling update starts, such that the total
- number of old and new machines do not exceed 130% of desired
- machines. Once old machines have been killed, new MachineSet can
- be scaled up further, ensuring that total number of machines running
- at any time during the update is at most 130% of desired machines.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired
- machines (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 0.
- Example: when this is set to 30%, the old MachineSet can be scaled
- down to 70% of desired machines immediately when the rolling update
- starts. Once new machines are ready, old MachineSet can be scaled
- down further, followed by scaling up the new MachineSet, ensuring
- that the total number of machines available at all times
- during the update is at least 70% of desired machines.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of deployment. Allowed values are RollingUpdate and OnDelete.
- The default is RollingUpdate.
- enum:
- - RollingUpdate
- - OnDelete
- type: string
- type: object
- variables:
- description: variables can be used to customize the
- MachineDeployment through patches.
- properties:
- overrides:
- description: overrides can be used to override Cluster
- level variables.
- items:
- description: |-
- ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
- Variable definition in the ClusterClass `status` variables.
- properties:
- definitionFrom:
- description: |-
- definitionFrom specifies where the definition of this Variable is from.
-
- Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
- type: string
- name:
- description: name of the variable.
- type: string
- value:
- description: |-
- value of the variable.
- Note: the value will be validated against the schema of the corresponding ClusterClassVariable
- from the ClusterClass.
- Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
- hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
- i.e. it is not possible to have no type field.
- Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
- x-kubernetes-preserve-unknown-fields: true
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- type: object
- required:
- - class
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- machinePools:
- description: machinePools is a list of machine pools in the
- cluster.
- items:
- description: |-
- MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology.
- This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller.
- properties:
- class:
- description: |-
- class is the name of the MachinePoolClass used to create the pool of worker nodes.
- This should match one of the deployment classes defined in the ClusterClass object
- mentioned in the `Cluster.Spec.Class` field.
- type: string
- failureDomains:
- description: |-
- failureDomains is the list of failure domains the machine pool will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- items:
- type: string
- type: array
- metadata:
- description: |-
- metadata is the metadata applied to the MachinePool.
- At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- minReadySeconds:
- description: |-
- Minimum number of seconds for which a newly created machine pool should
- be ready.
- Defaults to 0 (machine will be considered available as soon as it
- is ready)
- format: int32
- type: integer
- name:
- description: |-
- name is the unique identifier for this MachinePoolTopology.
- The value is used with other unique identifiers to create a MachinePool's Name
- (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length,
- the values are hashed together.
- type: string
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool
- hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- type: string
- replicas:
- description: |-
- replicas is the number of nodes belonging to this pool.
- If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1)
- and it's assumed that an external entity (like cluster autoscaler) is responsible for the management
- of this value.
- format: int32
- type: integer
- variables:
- description: variables can be used to customize the
- MachinePool through patches.
- properties:
- overrides:
- description: overrides can be used to override Cluster
- level variables.
- items:
- description: |-
- ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
- Variable definition in the ClusterClass `status` variables.
- properties:
- definitionFrom:
- description: |-
- definitionFrom specifies where the definition of this Variable is from.
-
- Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
- type: string
- name:
- description: name of the variable.
- type: string
- value:
- description: |-
- value of the variable.
- Note: the value will be validated against the schema of the corresponding ClusterClassVariable
- from the ClusterClass.
- Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
- hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
- i.e. it is not possible to have no type field.
- Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
- x-kubernetes-preserve-unknown-fields: true
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- type: object
- required:
- - class
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- type: object
- required:
- - class
- - version
- type: object
- type: object
- status:
- description: ClusterStatus defines the observed state of Cluster.
- properties:
- conditions:
- description: conditions defines current service state of the cluster.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- controlPlaneReady:
- description: |-
- controlPlaneReady denotes if the control plane became ready during initial provisioning
- to receive requests.
- NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
- The value of this field is never updated after provisioning is completed. Please use conditions
- to check the operational state of the control plane.
- type: boolean
- failureDomains:
- additionalProperties:
- description: |-
- FailureDomainSpec is the Schema for Cluster API failure domains.
- It allows controllers to understand how many failure domains a cluster can optionally span across.
- properties:
- attributes:
- additionalProperties:
- type: string
- description: attributes is a free form map of attributes an
- infrastructure provider might use or require.
- type: object
- controlPlane:
- description: controlPlane determines if this failure domain
- is suitable for use by control plane machines.
- type: boolean
- type: object
- description: failureDomains is a slice of failure domain objects synced
- from the infrastructure provider.
- type: object
- failureMessage:
- description: |-
- failureMessage indicates that there is a fatal problem reconciling the
- state, and will be set to a descriptive error message.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- failureReason:
- description: |-
- failureReason indicates that there is a fatal problem reconciling the
- state, and will be set to a token value suitable for
- programmatic interpretation.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- infrastructureReady:
- description: infrastructureReady is the state of the infrastructure
- provider.
- type: boolean
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- phase:
- description: |-
- phase represents the current phase of cluster actuation.
- E.g. Pending, Running, Terminating, Failed etc.
- type: string
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in Cluster's status with the V1Beta2 version.
- properties:
- conditions:
- description: |-
- conditions represents the observations of a Cluster's current state.
- Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady
- MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused.
- Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- controlPlane:
- description: controlPlane groups all the observations about Cluster's
- ControlPlane current state.
- properties:
- availableReplicas:
- description: availableReplicas is the total number of available
- control plane machines in this cluster. A machine is considered
- available when Machine's Available condition is true.
- format: int32
- type: integer
- desiredReplicas:
- description: desiredReplicas is the total number of desired
- control plane machines in this cluster.
- format: int32
- type: integer
- readyReplicas:
- description: readyReplicas is the total number of ready control
- plane machines in this cluster. A machine is considered
- ready when Machine's Ready condition is true.
- format: int32
- type: integer
- replicas:
- description: |-
- replicas is the total number of control plane machines in this cluster.
- NOTE: replicas also includes machines still being provisioned or being deleted.
- format: int32
- type: integer
- upToDateReplicas:
- description: upToDateReplicas is the number of up-to-date
- control plane machines in this cluster. A machine is considered
- up-to-date when Machine's UpToDate condition is true.
- format: int32
- type: integer
- type: object
- workers:
- description: workers groups all the observations about Cluster's
- Workers current state.
- properties:
- availableReplicas:
- description: availableReplicas is the total number of available
- worker machines in this cluster. A machine is considered
- available when Machine's Available condition is true.
- format: int32
- type: integer
- desiredReplicas:
- description: desiredReplicas is the total number of desired
- worker machines in this cluster.
- format: int32
- type: integer
- readyReplicas:
- description: readyReplicas is the total number of ready worker
- machines in this cluster. A machine is considered ready
- when Machine's Ready condition is true.
- format: int32
- type: integer
- replicas:
- description: |-
- replicas is the total number of worker machines in this cluster.
- NOTE: replicas also includes machines still being provisioned or being deleted.
- format: int32
- type: integer
- upToDateReplicas:
- description: upToDateReplicas is the number of up-to-date
- worker machines in this cluster. A machine is considered
- up-to-date when Machine's UpToDate condition is true.
- format: int32
- type: integer
- type: object
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: extensionconfigs.runtime.cluster.x-k8s.io
-spec:
- group: runtime.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: ExtensionConfig
- listKind: ExtensionConfigList
- plural: extensionconfigs
- shortNames:
- - ext
- singular: extensionconfig
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - description: Time duration since creation of ExtensionConfig
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: ExtensionConfig is the Schema for the ExtensionConfig API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ExtensionConfigSpec is the desired state of the ExtensionConfig
- properties:
- clientConfig:
- description: clientConfig defines how to communicate with the Extension
- server.
- properties:
- caBundle:
- description: caBundle is a PEM encoded CA bundle which will be
- used to validate the Extension server's server certificate.
- format: byte
- type: string
- service:
- description: |-
- service is a reference to the Kubernetes service for the Extension server.
- Note: Exactly one of `url` or `service` must be specified.
-
- If the Extension server is running within a cluster, then you should use `service`.
- properties:
- name:
- description: name is the name of the service.
- type: string
- namespace:
- description: namespace is the namespace of the service.
- type: string
- path:
- description: |-
- path is an optional URL path and if present may be any string permissible in
- a URL. If a path is set it will be used as prefix to the hook-specific path.
- type: string
- port:
- description: |-
- port is the port on the service that's hosting the Extension server.
- Defaults to 443.
- Port should be a valid port number (1-65535, inclusive).
- format: int32
- type: integer
- required:
- - name
- - namespace
- type: object
- url:
- description: |-
- url gives the location of the Extension server, in standard URL form
- (`scheme://host:port/path`).
- Note: Exactly one of `url` or `service` must be specified.
-
- The scheme must be "https".
-
- The `host` should not refer to a service running in the cluster; use
- the `service` field instead.
-
- A path is optional, and if present may be any string permissible in
- a URL. If a path is set it will be used as prefix to the hook-specific path.
-
- Attempting to use a user or basic auth e.g. "user:password@" is not
- allowed. Fragments ("#...") and query parameters ("?...") are not
- allowed either.
- type: string
- type: object
- namespaceSelector:
- description: |-
- namespaceSelector decides whether to call the hook for an object based
- on whether the namespace for that object matches the selector.
- Defaults to the empty LabelSelector, which matches all objects.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- settings:
- additionalProperties:
- type: string
- description: |-
- settings defines key value pairs to be passed to all calls
- to all supported RuntimeExtensions.
- Note: Settings can be overridden on the ClusterClass.
- type: object
- required:
- - clientConfig
- type: object
- status:
- description: ExtensionConfigStatus is the current state of the ExtensionConfig
- properties:
- conditions:
- description: conditions define the current service state of the ExtensionConfig.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- handlers:
- description: handlers defines the current ExtensionHandlers supported
- by an Extension.
- items:
- description: ExtensionHandler specifies the details of a handler
- for a particular runtime hook registered by an Extension server.
- properties:
- failurePolicy:
- description: |-
- failurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client.
- Defaults to Fail if not set.
- type: string
- name:
- description: name is the unique name of the ExtensionHandler.
- type: string
- requestHook:
- description: requestHook defines the versioned runtime hook
- which this ExtensionHandler serves.
- properties:
- apiVersion:
- description: apiVersion is the group and version of the
- Hook.
- type: string
- hook:
- description: hook is the name of the hook.
- type: string
- required:
- - apiVersion
- - hook
- type: object
- timeoutSeconds:
- description: |-
- timeoutSeconds defines the timeout duration for client calls to the ExtensionHandler.
- Defaults to 10 is not set.
- format: int32
- type: integer
- required:
- - name
- - requestHook
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: ipaddressclaims.ipam.cluster.x-k8s.io
-spec:
- group: ipam.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: IPAddressClaim
- listKind: IPAddressClaimList
- plural: ipaddressclaims
- singular: ipaddressclaim
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Name of the pool to allocate an address from
- jsonPath: .spec.poolRef.name
- name: Pool Name
- type: string
- - description: Kind of the pool to allocate an address from
- jsonPath: .spec.poolRef.kind
- name: Pool Kind
- type: string
- - description: Time duration since creation of IPAdressClaim
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: IPAddressClaim is the Schema for the ipaddressclaim API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: IPAddressClaimSpec is the desired state of an IPAddressClaim.
- properties:
- poolRef:
- description: poolRef is a reference to the pool from which an IP address
- should be created.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- required:
- - poolRef
- type: object
- status:
- description: IPAddressClaimStatus is the observed status of a IPAddressClaim.
- properties:
- addressRef:
- description: addressRef is a reference to the address that was created
- for this claim.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- conditions:
- description: conditions summarises the current state of the IPAddressClaim
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Name of the pool to allocate an address from
- jsonPath: .spec.poolRef.name
- name: Pool Name
- type: string
- - description: Kind of the pool to allocate an address from
- jsonPath: .spec.poolRef.kind
- name: Pool Kind
- type: string
- - description: Time duration since creation of IPAdressClaim
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: IPAddressClaim is the Schema for the ipaddressclaim API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: IPAddressClaimSpec is the desired state of an IPAddressClaim.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- type: string
- poolRef:
- description: poolRef is a reference to the pool from which an IP address
- should be created.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- required:
- - poolRef
- type: object
- status:
- description: IPAddressClaimStatus is the observed status of a IPAddressClaim.
- properties:
- addressRef:
- description: addressRef is a reference to the address that was created
- for this claim.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- conditions:
- description: conditions summarises the current state of the IPAddressClaim
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: ipaddresses.ipam.cluster.x-k8s.io
-spec:
- group: ipam.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: IPAddress
- listKind: IPAddressList
- plural: ipaddresses
- singular: ipaddress
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Address
- jsonPath: .spec.address
- name: Address
- type: string
- - description: Name of the pool the address is from
- jsonPath: .spec.poolRef.name
- name: Pool Name
- type: string
- - description: Kind of the pool the address is from
- jsonPath: .spec.poolRef.kind
- name: Pool Kind
- type: string
- - description: Time duration since creation of IPAdress
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: IPAddress is the Schema for the ipaddress API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: IPAddressSpec is the desired state of an IPAddress.
- properties:
- address:
- description: address is the IP address.
- type: string
- claimRef:
- description: claimRef is a reference to the claim this IPAddress was
- created for.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- gateway:
- description: gateway is the network gateway of the network the address
- is from.
- type: string
- poolRef:
- description: poolRef is a reference to the pool that this IPAddress
- was created from.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: prefix is the prefix of the address.
- type: integer
- required:
- - address
- - claimRef
- - poolRef
- - prefix
- type: object
- type: object
- served: true
- storage: false
- subresources: {}
- - additionalPrinterColumns:
- - description: Address
- jsonPath: .spec.address
- name: Address
- type: string
- - description: Name of the pool the address is from
- jsonPath: .spec.poolRef.name
- name: Pool Name
- type: string
- - description: Kind of the pool the address is from
- jsonPath: .spec.poolRef.kind
- name: Pool Kind
- type: string
- - description: Time duration since creation of IPAdress
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: IPAddress is the Schema for the ipaddress API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: IPAddressSpec is the desired state of an IPAddress.
- properties:
- address:
- description: address is the IP address.
- type: string
- claimRef:
- description: claimRef is a reference to the claim this IPAddress was
- created for.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- gateway:
- description: gateway is the network gateway of the network the address
- is from.
- type: string
- poolRef:
- description: poolRef is a reference to the pool that this IPAddress
- was created from.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: prefix is the prefix of the address.
- type: integer
- required:
- - address
- - claimRef
- - poolRef
- - prefix
- type: object
- type: object
- served: true
- storage: true
- subresources: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: machinedeployments.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: MachineDeployment
- listKind: MachineDeploymentList
- plural: machinedeployments
- shortNames:
- - md
- singular: machinedeployment
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Total number of non-terminated machines targeted by this MachineDeployment
- jsonPath: .status.replicas
- name: Replicas
- type: integer
- - description: Total number of ready machines targeted by this MachineDeployment
- jsonPath: .status.readyReplicas
- name: Ready
- type: integer
- - description: Total number of non-terminated machines targeted by this deployment
- that have the desired template spec
- jsonPath: .status.updatedReplicas
- name: Updated
- type: integer
- - description: Total number of unavailable machines targeted by this MachineDeployment
- jsonPath: .status.unavailableReplicas
- name: Unavailable
- type: integer
- deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- MachineDeployment is the Schema for the machinedeployments API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachineDeploymentSpec defines the desired state of MachineDeployment.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- minReadySeconds:
- description: |-
- Minimum number of seconds for which a newly created machine should
- be ready.
- Defaults to 0 (machine will be considered available as soon as it
- is ready)
- format: int32
- type: integer
- paused:
- description: Indicates that the deployment is paused.
- type: boolean
- progressDeadlineSeconds:
- description: |-
- The maximum time in seconds for a deployment to make progress before it
- is considered to be failed. The deployment controller will continue to
- process failed deployments and a condition with a ProgressDeadlineExceeded
- reason will be surfaced in the deployment status. Note that progress will
- not be estimated during the time a deployment is paused. Defaults to 600s.
- format: int32
- type: integer
- replicas:
- description: |-
- Number of desired machines. Defaults to 1.
- This is a pointer to distinguish between explicit zero and not specified.
- format: int32
- type: integer
- revisionHistoryLimit:
- description: |-
- The number of old MachineSets to retain to allow rollback.
- This is a pointer to distinguish between explicit zero and not specified.
- Defaults to 1.
- format: int32
- type: integer
- selector:
- description: |-
- Label selector for machines. Existing MachineSets whose machines are
- selected by this will be the ones affected by this deployment.
- It must match the machine template's labels.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- strategy:
- description: |-
- The deployment strategy to use to replace existing machines with
- new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- MachineDeploymentStrategyType = RollingUpdate.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be scheduled above the
- desired number of machines.
- Value can be an absolute number (ex: 5) or a percentage of
- desired machines (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 1.
- Example: when this is set to 30%, the new MachineSet can be scaled
- up immediately when the rolling update starts, such that the total
- number of old and new machines do not exceed 130% of desired
- machines. Once old machines have been killed, new MachineSet can
- be scaled up further, ensuring that total number of machines running
- at any time during the update is at most 130% of desired machines.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired
- machines (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 0.
- Example: when this is set to 30%, the old MachineSet can be scaled
- down to 70% of desired machines immediately when the rolling update
- starts. Once new machines are ready, old MachineSet can be scaled
- down further, followed by scaling up the new MachineSet, ensuring
- that the total number of machines available at all times
- during the update is at least 70% of desired machines.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of deployment. Currently the only supported strategy is
- "RollingUpdate".
- Default is RollingUpdate.
- type: string
- type: object
- template:
- description: template describes the machines that will be created.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- generateName:
- description: |-
- generateName is an optional prefix, used by the server, to generate a unique
- name ONLY IF the Name field has not been provided.
- If this field is used, the name returned to the client will be different
- than the name passed. This value will also be combined with a unique suffix.
- The provided value has the same validation rules as the Name field,
- and may be truncated by the length of the suffix required to make the value
- unique on the server.
-
- If this field is specified and the generated name exists, the server will
- NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
- ServerTimeout indicating a unique name could not be found in the time allotted, and the client
- should retry (optionally after the time indicated in the Retry-After header).
-
- Applied only if Name is not specified.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
-
- Deprecated: This field has no function and is going to be removed in a next release.
- type: string
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- name:
- description: |-
- name must be unique within a namespace. Is required when creating resources, although
- some resources may allow a client to request the generation of an appropriate name
- automatically. Name is primarily intended for creation idempotence and configuration
- definition.
- Cannot be updated.
- More info: http://kubernetes.io/docs/user-guide/identifiers#names
-
- Deprecated: This field has no function and is going to be removed in a next release.
- type: string
- namespace:
- description: |-
- namespace defines the space within each name must be unique. An empty namespace is
- equivalent to the "default" namespace, but "default" is the canonical representation.
- Not all objects are required to be scoped to a namespace - the value of this field for
- those objects will be empty.
-
- Must be a DNS_LABEL.
- Cannot be updated.
- More info: http://kubernetes.io/docs/user-guide/namespaces
-
- Deprecated: This field has no function and is going to be removed in a next release.
- type: string
- ownerReferences:
- description: |-
- List of objects depended by this object. If ALL objects in the list have
- been deleted, this object will be garbage collected. If this object is managed by a controller,
- then an entry in this list will point to this controller, with the controller field set to true.
- There cannot be more than one managing controller.
-
- Deprecated: This field has no function and is going to be removed in a next release.
- items:
- description: |-
- OwnerReference contains enough information to let you identify an owning
- object. An owning object must be in the same namespace as the dependent, or
- be cluster-scoped, so there is no namespace field.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- blockOwnerDeletion:
- description: |-
- If true, AND if the owner has the "foregroundDeletion" finalizer, then
- the owner cannot be deleted from the key-value store until this
- reference is removed.
- See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
- for how the garbage collector interacts with this field and enforces the foreground deletion.
- Defaults to false.
- To set this field, a user needs "delete" permission of the owner,
- otherwise 422 (Unprocessable Entity) will be returned.
- type: boolean
- controller:
- description: If true, this reference points to the managing
- controller.
- type: boolean
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- type: string
- required:
- - apiVersion
- - kind
- - name
- - uid
- type: object
- x-kubernetes-map-type: atomic
- type: array
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the machine.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.Data without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- data:
- description: |-
- data contains the bootstrap data, such as cloud-init details scripts.
- If nil, the Machine should remain in the Pending state.
-
- Deprecated: Switch to DataSecretName.
- type: string
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object
- belongs to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- type: object
- required:
- - clusterName
- - selector
- - template
- type: object
- status:
- description: MachineDeploymentStatus defines the observed state of MachineDeployment.
- properties:
- availableReplicas:
- description: |-
- Total number of available machines (ready for at least minReadySeconds)
- targeted by this deployment.
- format: int32
- type: integer
- observedGeneration:
- description: The generation observed by the deployment controller.
- format: int64
- type: integer
- phase:
- description: phase represents the current phase of a MachineDeployment
- (ScalingUp, ScalingDown, Running, Failed, or Unknown).
- type: string
- readyReplicas:
- description: Total number of ready machines targeted by this deployment.
- format: int32
- type: integer
- replicas:
- description: |-
- Total number of non-terminated machines targeted by this deployment
- (their labels match the selector).
- format: int32
- type: integer
- selector:
- description: |-
- selector is the same as the label selector but in the string format to avoid introspection
- by clients. The string will be in the same format as the query-param syntax.
- More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
- type: string
- unavailableReplicas:
- description: |-
- Total number of unavailable machines targeted by this deployment.
- This is the total number of machines that are still required for
- the deployment to have 100% available capacity. They may either
- be machines that are running but not yet available or machines
- that still have not been created.
- format: int32
- type: integer
- updatedReplicas:
- description: |-
- Total number of non-terminated machines targeted by this deployment
- that have the desired template spec.
- format: int32
- type: integer
- type: object
- type: object
- served: false
- storage: false
- subresources:
- scale:
- labelSelectorPath: .status.selector
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .spec.clusterName
- name: Cluster
- type: string
- - description: Time duration since creation of MachineDeployment
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Total number of non-terminated machines targeted by this MachineDeployment
- jsonPath: .status.replicas
- name: Replicas
- type: integer
- - description: Total number of ready machines targeted by this MachineDeployment
- jsonPath: .status.readyReplicas
- name: Ready
- type: integer
- - description: Total number of non-terminated machines targeted by this deployment
- that have the desired template spec
- jsonPath: .status.updatedReplicas
- name: Updated
- type: integer
- - description: Total number of unavailable machines targeted by this MachineDeployment
- jsonPath: .status.unavailableReplicas
- name: Unavailable
- type: integer
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- MachineDeployment is the Schema for the machinedeployments API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachineDeploymentSpec defines the desired state of MachineDeployment.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- minReadySeconds:
- description: |-
- Minimum number of seconds for which a newly created machine should
- be ready.
- Defaults to 0 (machine will be considered available as soon as it
- is ready)
- format: int32
- type: integer
- paused:
- description: Indicates that the deployment is paused.
- type: boolean
- progressDeadlineSeconds:
- description: |-
- The maximum time in seconds for a deployment to make progress before it
- is considered to be failed. The deployment controller will continue to
- process failed deployments and a condition with a ProgressDeadlineExceeded
- reason will be surfaced in the deployment status. Note that progress will
- not be estimated during the time a deployment is paused. Defaults to 600s.
- format: int32
- type: integer
- replicas:
- default: 1
- description: |-
- Number of desired machines. Defaults to 1.
- This is a pointer to distinguish between explicit zero and not specified.
- format: int32
- type: integer
- revisionHistoryLimit:
- description: |-
- The number of old MachineSets to retain to allow rollback.
- This is a pointer to distinguish between explicit zero and not specified.
- Defaults to 1.
- format: int32
- type: integer
- selector:
- description: |-
- Label selector for machines. Existing MachineSets whose machines are
- selected by this will be the ones affected by this deployment.
- It must match the machine template's labels.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- strategy:
- description: |-
- The deployment strategy to use to replace existing machines with
- new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- MachineDeploymentStrategyType = RollingUpdate.
- properties:
- deletePolicy:
- description: |-
- deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
- Valid values are "Random, "Newest", "Oldest"
- When no value is supplied, the default DeletePolicy of MachineSet is used
- enum:
- - Random
- - Newest
- - Oldest
- type: string
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be scheduled above the
- desired number of machines.
- Value can be an absolute number (ex: 5) or a percentage of
- desired machines (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 1.
- Example: when this is set to 30%, the new MachineSet can be scaled
- up immediately when the rolling update starts, such that the total
- number of old and new machines do not exceed 130% of desired
- machines. Once old machines have been killed, new MachineSet can
- be scaled up further, ensuring that total number of machines running
- at any time during the update is at most 130% of desired machines.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired
- machines (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 0.
- Example: when this is set to 30%, the old MachineSet can be scaled
- down to 70% of desired machines immediately when the rolling update
- starts. Once new machines are ready, old MachineSet can be scaled
- down further, followed by scaling up the new MachineSet, ensuring
- that the total number of machines available at all times
- during the update is at least 70% of desired machines.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of deployment.
- Default is RollingUpdate.
- enum:
- - RollingUpdate
- - OnDelete
- type: string
- type: object
- template:
- description: template describes the machines that will be created.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the machine.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.DataSecretName without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object
- belongs to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- type: object
- required:
- - clusterName
- - selector
- - template
- type: object
- status:
- description: MachineDeploymentStatus defines the observed state of MachineDeployment.
- properties:
- availableReplicas:
- description: |-
- Total number of available machines (ready for at least minReadySeconds)
- targeted by this deployment.
- format: int32
- type: integer
- conditions:
- description: conditions defines current service state of the MachineDeployment.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: The generation observed by the deployment controller.
- format: int64
- type: integer
- phase:
- description: phase represents the current phase of a MachineDeployment
- (ScalingUp, ScalingDown, Running, Failed, or Unknown).
- type: string
- readyReplicas:
- description: Total number of ready machines targeted by this deployment.
- format: int32
- type: integer
- replicas:
- description: |-
- Total number of non-terminated machines targeted by this deployment
- (their labels match the selector).
- format: int32
- type: integer
- selector:
- description: |-
- selector is the same as the label selector but in the string format to avoid introspection
- by clients. The string will be in the same format as the query-param syntax.
- More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
- type: string
- unavailableReplicas:
- description: |-
- Total number of unavailable machines targeted by this deployment.
- This is the total number of machines that are still required for
- the deployment to have 100% available capacity. They may either
- be machines that are running but not yet available or machines
- that still have not been created.
- format: int32
- type: integer
- updatedReplicas:
- description: |-
- Total number of non-terminated machines targeted by this deployment
- that have the desired template spec.
- format: int32
- type: integer
- type: object
- type: object
- served: false
- storage: false
- subresources:
- scale:
- labelSelectorPath: .status.selector
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .spec.clusterName
- name: Cluster
- type: string
- - description: Total number of machines desired by this MachineDeployment
- jsonPath: .spec.replicas
- name: Desired
- priority: 10
- type: integer
- - description: Total number of non-terminated machines targeted by this MachineDeployment
- jsonPath: .status.replicas
- name: Replicas
- type: integer
- - description: Total number of ready machines targeted by this MachineDeployment
- jsonPath: .status.readyReplicas
- name: Ready
- type: integer
- - description: Total number of non-terminated machines targeted by this deployment
- that have the desired template spec
- jsonPath: .status.updatedReplicas
- name: Updated
- type: integer
- - description: Total number of unavailable machines targeted by this MachineDeployment
- jsonPath: .status.unavailableReplicas
- name: Unavailable
- type: integer
- - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Time duration since creation of MachineDeployment
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Kubernetes version associated with this MachineDeployment
- jsonPath: .spec.template.spec.version
- name: Version
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: MachineDeployment is the Schema for the machinedeployments API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachineDeploymentSpec defines the desired state of MachineDeployment.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- minReadySeconds:
- description: |-
- minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available.
- Defaults to 0 (machine will be considered available as soon as the Node is ready)
- format: int32
- type: integer
- paused:
- description: Indicates that the deployment is paused.
- type: boolean
- progressDeadlineSeconds:
- description: |-
- The maximum time in seconds for a deployment to make progress before it
- is considered to be failed. The deployment controller will continue to
- process failed deployments and a condition with a ProgressDeadlineExceeded
- reason will be surfaced in the deployment status. Note that progress will
- not be estimated during the time a deployment is paused. Defaults to 600s.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details.
- format: int32
- type: integer
- replicas:
- description: |-
- Number of desired machines.
- This is a pointer to distinguish between explicit zero and not specified.
-
- Defaults to:
- * if the Kubernetes autoscaler min size and max size annotations are set:
- - if it's a new MachineDeployment, use min size
- - if the replicas field of the old MachineDeployment is < min size, use min size
- - if the replicas field of the old MachineDeployment is > max size, use max size
- - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD
- * otherwise use 1
- Note: Defaulting will be run whenever the replicas field is not set:
- * A new MachineDeployment is created with replicas not set.
- * On an existing MachineDeployment the replicas field was first set and is now unset.
- Those cases are especially relevant for the following Kubernetes autoscaler use cases:
- * A new MachineDeployment is created and replicas should be managed by the autoscaler
- * An existing MachineDeployment which initially wasn't controlled by the autoscaler
- should be later controlled by the autoscaler
- format: int32
- type: integer
- revisionHistoryLimit:
- description: |-
- The number of old MachineSets to retain to allow rollback.
- This is a pointer to distinguish between explicit zero and not specified.
- Defaults to 1.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10479 for more details.
- format: int32
- type: integer
- rolloutAfter:
- description: |-
- rolloutAfter is a field to indicate a rollout should be performed
- after the specified time even if no changes have been made to the
- MachineDeployment.
- Example: In the YAML the time can be specified in the RFC3339 format.
- To specify the rolloutAfter target as March 9, 2023, at 9 am UTC
- use "2023-03-09T09:00:00Z".
- format: date-time
- type: string
- selector:
- description: |-
- Label selector for machines. Existing MachineSets whose machines are
- selected by this will be the ones affected by this deployment.
- It must match the machine template's labels.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- strategy:
- description: |-
- The deployment strategy to use to replace existing machines with
- new ones.
- properties:
- remediation:
- description: |-
- remediation controls the strategy of remediating unhealthy machines
- and how remediating operations should occur during the lifecycle of the dependant MachineSets.
- properties:
- maxInFlight:
- anyOf:
- - type: integer
- - type: string
- description: |-
- maxInFlight determines how many in flight remediations should happen at the same time.
-
- Remediation only happens on the MachineSet with the most current revision, while
- older MachineSets (usually present during rollout operations) aren't allowed to remediate.
-
- Note: In general (independent of remediations), unhealthy machines are always
- prioritized during scale down operations over healthy ones.
-
- MaxInFlight can be set to a fixed number or a percentage.
- Example: when this is set to 20%, the MachineSet controller deletes at most 20% of
- the desired replicas.
-
- If not set, remediation is limited to all machines (bounded by replicas)
- under the active MachineSet's management.
- x-kubernetes-int-or-string: true
- type: object
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- MachineDeploymentStrategyType = RollingUpdate.
- properties:
- deletePolicy:
- description: |-
- deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
- Valid values are "Random, "Newest", "Oldest"
- When no value is supplied, the default DeletePolicy of MachineSet is used
- enum:
- - Random
- - Newest
- - Oldest
- type: string
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be scheduled above the
- desired number of machines.
- Value can be an absolute number (ex: 5) or a percentage of
- desired machines (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 1.
- Example: when this is set to 30%, the new MachineSet can be scaled
- up immediately when the rolling update starts, such that the total
- number of old and new machines do not exceed 130% of desired
- machines. Once old machines have been killed, new MachineSet can
- be scaled up further, ensuring that total number of machines running
- at any time during the update is at most 130% of desired machines.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired
- machines (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 0.
- Example: when this is set to 30%, the old MachineSet can be scaled
- down to 70% of desired machines immediately when the rolling update
- starts. Once new machines are ready, old MachineSet can be scaled
- down further, followed by scaling up the new MachineSet, ensuring
- that the total number of machines available at all times
- during the update is at least 70% of desired machines.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of deployment. Allowed values are RollingUpdate and OnDelete.
- The default is RollingUpdate.
- enum:
- - RollingUpdate
- - OnDelete
- type: string
- type: object
- template:
- description: template describes the machines that will be created.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the machine.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.DataSecretName without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object
- belongs to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- readinessGates:
- description: |-
- readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
-
- This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
- Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
- for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
-
- Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
- they can include the status of those components with a new condition and add this condition to ReadinessGates.
-
- NOTE: This field is considered only for computing v1beta2 conditions.
- NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
- readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
- readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
- This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
- items:
- description: MachineReadinessGate contains the type of a
- Machine condition to be used as a readiness gate.
- properties:
- conditionType:
- description: |-
- conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
- If the conditions doesn't exist, it will be treated as unknown.
- Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
- maxLength: 316
- minLength: 1
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - conditionType
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - conditionType
- x-kubernetes-list-type: map
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- type: object
- required:
- - clusterName
- - selector
- - template
- type: object
- status:
- description: MachineDeploymentStatus defines the observed state of MachineDeployment.
- properties:
- availableReplicas:
- description: |-
- Total number of available machines (ready for at least minReadySeconds)
- targeted by this deployment.
- format: int32
- type: integer
- conditions:
- description: conditions defines current service state of the MachineDeployment.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: The generation observed by the deployment controller.
- format: int64
- type: integer
- phase:
- description: phase represents the current phase of a MachineDeployment
- (ScalingUp, ScalingDown, Running, Failed, or Unknown).
- type: string
- readyReplicas:
- description: Total number of ready machines targeted by this deployment.
- format: int32
- type: integer
- replicas:
- description: |-
- Total number of non-terminated machines targeted by this deployment
- (their labels match the selector).
- format: int32
- type: integer
- selector:
- description: |-
- selector is the same as the label selector but in the string format to avoid introspection
- by clients. The string will be in the same format as the query-param syntax.
- More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
- type: string
- unavailableReplicas:
- description: |-
- Total number of unavailable machines targeted by this deployment.
- This is the total number of machines that are still required for
- the deployment to have 100% available capacity. They may either
- be machines that are running but not yet available or machines
- that still have not been created.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- format: int32
- type: integer
- updatedReplicas:
- description: |-
- Total number of non-terminated machines targeted by this deployment
- that have the desired template spec.
- format: int32
- type: integer
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in MachineDeployment's status with the V1Beta2 version.
- properties:
- availableReplicas:
- description: availableReplicas is the number of available replicas
- for this MachineDeployment. A machine is considered available
- when Machine's Available condition is true.
- format: int32
- type: integer
- conditions:
- description: |-
- conditions represents the observations of a MachineDeployment's current state.
- Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- readyReplicas:
- description: readyReplicas is the number of ready replicas for
- this MachineDeployment. A machine is considered ready when Machine's
- Ready condition is true.
- format: int32
- type: integer
- upToDateReplicas:
- description: upToDateReplicas is the number of up-to-date replicas
- targeted by this deployment. A machine is considered up-to-date
- when Machine's UpToDate condition is true.
- format: int32
- type: integer
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- scale:
- labelSelectorPath: .status.selector
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: machinedrainrules.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: MachineDrainRule
- listKind: MachineDrainRuleList
- plural: machinedrainrules
- singular: machinedrainrule
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Drain behavior
- jsonPath: .spec.drain.behavior
- name: Behavior
- type: string
- - description: Drain order
- jsonPath: .spec.drain.order
- name: Order
- type: string
- - description: Time duration since creation of the MachineDrainRule
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: MachineDrainRule is the Schema for the MachineDrainRule API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: spec defines the spec of a MachineDrainRule.
- properties:
- drain:
- description: drain configures if and how Pods are drained.
- properties:
- behavior:
- description: |-
- behavior defines the drain behavior.
- Can be either "Drain", "Skip", or "WaitCompleted".
- "Drain" means that the Pods to which this MachineDrainRule applies will be drained.
- If behavior is set to "Drain" the order in which Pods are drained can be configured
- with the order field. When draining Pods of a Node the Pods will be grouped by order
- and one group after another will be drained (by increasing order). Cluster API will
- wait until all Pods of a group are terminated / removed from the Node before starting
- with the next group.
- "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain.
- "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted
- and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0.
- enum:
- - Drain
- - Skip
- - WaitCompleted
- type: string
- order:
- description: |-
- order defines the order in which Pods are drained.
- Pods with higher order are drained after Pods with lower order.
- order can only be set if behavior is set to "Drain".
- If order is not set, 0 will be used.
- Valid values for order are from -2147483648 to 2147483647 (inclusive).
- format: int32
- type: integer
- required:
- - behavior
- type: object
- machines:
- description: |-
- machines defines to which Machines this MachineDrainRule should be applied.
-
- If machines is not set, the MachineDrainRule applies to all Machines in the Namespace.
- If machines contains multiple selectors, the results are ORed.
- Within a single Machine selector the results of selector and clusterSelector are ANDed.
- Machines will be selected from all Clusters in the Namespace unless otherwise
- restricted with the clusterSelector.
-
- Example: Selects control plane Machines in all Clusters or
- Machines with label "os" == "linux" in Clusters with label
- "stage" == "production".
-
- - selector:
- matchExpressions:
- - key: cluster.x-k8s.io/control-plane
- operator: Exists
- - selector:
- matchLabels:
- os: linux
- clusterSelector:
- matchExpressions:
- - key: stage
- operator: In
- values:
- - production
- items:
- description: MachineDrainRuleMachineSelector defines to which Machines
- this MachineDrainRule should be applied.
- minProperties: 1
- properties:
- clusterSelector:
- description: |-
- clusterSelector is a label selector which selects Machines by the labels of
- their Clusters.
- This field follows standard label selector semantics; if not present or
- empty, it selects Machines of all Clusters.
-
- If selector is also set, then the selector as a whole selects
- Machines matching selector belonging to Clusters selected by clusterSelector.
- If selector is not set, it selects all Machines belonging to Clusters
- selected by clusterSelector.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- selector:
- description: |-
- selector is a label selector which selects Machines by their labels.
- This field follows standard label selector semantics; if not present or
- empty, it selects all Machines.
-
- If clusterSelector is also set, then the selector as a whole selects
- Machines matching selector belonging to Clusters selected by clusterSelector.
- If clusterSelector is not set, it selects all Machines matching selector in
- all Clusters.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- type: object
- maxItems: 32
- minItems: 1
- type: array
- x-kubernetes-list-type: atomic
- pods:
- description: |-
- pods defines to which Pods this MachineDrainRule should be applied.
-
- If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces.
- If pods contains multiple selectors, the results are ORed.
- Within a single Pod selector the results of selector and namespaceSelector are ANDed.
- Pods will be selected from all Namespaces unless otherwise
- restricted with the namespaceSelector.
-
- Example: Selects Pods with label "app" == "logging" in all Namespaces or
- Pods with label "app" == "prometheus" in the "monitoring"
- Namespace.
-
- - selector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - logging
- - selector:
- matchLabels:
- app: prometheus
- namespaceSelector:
- matchLabels:
- kubernetes.io/metadata.name: monitoring
- items:
- description: MachineDrainRulePodSelector defines to which Pods this
- MachineDrainRule should be applied.
- minProperties: 1
- properties:
- namespaceSelector:
- description: |-
- namespaceSelector is a label selector which selects Pods by the labels of
- their Namespaces.
- This field follows standard label selector semantics; if not present or
- empty, it selects Pods of all Namespaces.
-
- If selector is also set, then the selector as a whole selects
- Pods matching selector in Namespaces selected by namespaceSelector.
- If selector is not set, it selects all Pods in Namespaces selected by
- namespaceSelector.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- selector:
- description: |-
- selector is a label selector which selects Pods by their labels.
- This field follows standard label selector semantics; if not present or
- empty, it selects all Pods.
-
- If namespaceSelector is also set, then the selector as a whole selects
- Pods matching selector in Namespaces selected by namespaceSelector.
- If namespaceSelector is not set, it selects all Pods matching selector in
- all Namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- type: object
- maxItems: 32
- minItems: 1
- type: array
- x-kubernetes-list-type: atomic
- required:
- - drain
- type: object
- required:
- - metadata
- - spec
- type: object
- served: true
- storage: true
- subresources: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: machinehealthchecks.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: MachineHealthCheck
- listKind: MachineHealthCheckList
- plural: machinehealthchecks
- shortNames:
- - mhc
- - mhcs
- singular: machinehealthcheck
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Maximum number of unhealthy machines allowed
- jsonPath: .spec.maxUnhealthy
- name: MaxUnhealthy
- type: string
- - description: Number of machines currently monitored
- jsonPath: .status.expectedMachines
- name: ExpectedMachines
- type: integer
- - description: Current observed healthy machines
- jsonPath: .status.currentHealthy
- name: CurrentHealthy
- type: integer
- deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- MachineHealthCheck is the Schema for the machinehealthchecks API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: Specification of machine health check policy
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- maxUnhealthy:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
- "selector" are not healthy.
- x-kubernetes-int-or-string: true
- nodeStartupTimeout:
- description: |-
- Machines older than this duration without a node will be considered to have
- failed and will be remediated.
- type: string
- remediationTemplate:
- description: |-
- remediationTemplate is a reference to a remediation template
- provided by an infrastructure provider.
-
- This field is completely optional, when filled, the MachineHealthCheck controller
- creates a new object from the template referenced and hands off remediation of the machine to
- a controller that lives outside of Cluster API.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- selector:
- description: Label selector to match machines whose health will be
- exercised
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- unhealthyConditions:
- description: |-
- unhealthyConditions contains a list of the conditions that determine
- whether a node is considered unhealthy. The conditions are combined in a
- logical OR, i.e. if any of the conditions is met, the node is unhealthy.
- items:
- description: |-
- UnhealthyCondition represents a Node condition type and value with a timeout
- specified as a duration. When the named condition has been in the given
- status for at least the timeout value, a node is considered unhealthy.
- properties:
- status:
- minLength: 1
- type: string
- timeout:
- type: string
- type:
- minLength: 1
- type: string
- required:
- - status
- - timeout
- - type
- type: object
- minItems: 1
- type: array
- required:
- - clusterName
- - selector
- - unhealthyConditions
- type: object
- status:
- description: Most recently observed status of MachineHealthCheck resource
- properties:
- conditions:
- description: conditions defines current service state of the MachineHealthCheck.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- currentHealthy:
- description: total number of healthy machines counted by this machine
- health check
- format: int32
- minimum: 0
- type: integer
- expectedMachines:
- description: total number of machines counted by this machine health
- check
- format: int32
- minimum: 0
- type: integer
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- remediationsAllowed:
- description: |-
- remediationsAllowed is the number of further remediations allowed by this machine health check before
- maxUnhealthy short circuiting will be applied
- format: int32
- minimum: 0
- type: integer
- targets:
- description: targets shows the current list of machines the machine
- health check is watching
- items:
- type: string
- type: array
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .spec.clusterName
- name: Cluster
- type: string
- - description: Time duration since creation of MachineHealthCheck
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Maximum number of unhealthy machines allowed
- jsonPath: .spec.maxUnhealthy
- name: MaxUnhealthy
- type: string
- - description: Number of machines currently monitored
- jsonPath: .status.expectedMachines
- name: ExpectedMachines
- type: integer
- - description: Current observed healthy machines
- jsonPath: .status.currentHealthy
- name: CurrentHealthy
- type: integer
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- MachineHealthCheck is the Schema for the machinehealthchecks API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: Specification of machine health check policy
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- maxUnhealthy:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
- "selector" are not healthy.
- x-kubernetes-int-or-string: true
- nodeStartupTimeout:
- description: |-
- Machines older than this duration without a node will be considered to have
- failed and will be remediated.
- If not set, this value is defaulted to 10 minutes.
- If you wish to disable this feature, set the value explicitly to 0.
- type: string
- remediationTemplate:
- description: |-
- remediationTemplate is a reference to a remediation template
- provided by an infrastructure provider.
-
- This field is completely optional, when filled, the MachineHealthCheck controller
- creates a new object from the template referenced and hands off remediation of the machine to
- a controller that lives outside of Cluster API.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- selector:
- description: Label selector to match machines whose health will be
- exercised
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- unhealthyConditions:
- description: |-
- unhealthyConditions contains a list of the conditions that determine
- whether a node is considered unhealthy. The conditions are combined in a
- logical OR, i.e. if any of the conditions is met, the node is unhealthy.
- items:
- description: |-
- UnhealthyCondition represents a Node condition type and value with a timeout
- specified as a duration. When the named condition has been in the given
- status for at least the timeout value, a node is considered unhealthy.
- properties:
- status:
- minLength: 1
- type: string
- timeout:
- type: string
- type:
- minLength: 1
- type: string
- required:
- - status
- - timeout
- - type
- type: object
- minItems: 1
- type: array
- unhealthyRange:
- description: |-
- Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
- is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
- Eg. "[3-5]" - This means that remediation will be allowed only when:
- (a) there are at least 3 unhealthy machines (and)
- (b) there are at most 5 unhealthy machines
- pattern: ^\[[0-9]+-[0-9]+\]$
- type: string
- required:
- - clusterName
- - selector
- - unhealthyConditions
- type: object
- status:
- description: Most recently observed status of MachineHealthCheck resource
- properties:
- conditions:
- description: conditions defines current service state of the MachineHealthCheck.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- currentHealthy:
- description: total number of healthy machines counted by this machine
- health check
- format: int32
- minimum: 0
- type: integer
- expectedMachines:
- description: total number of machines counted by this machine health
- check
- format: int32
- minimum: 0
- type: integer
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- remediationsAllowed:
- description: |-
- remediationsAllowed is the number of further remediations allowed by this machine health check before
- maxUnhealthy short circuiting will be applied
- format: int32
- minimum: 0
- type: integer
- targets:
- description: targets shows the current list of machines the machine
- health check is watching
- items:
- type: string
- type: array
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .spec.clusterName
- name: Cluster
- type: string
- - description: Number of machines currently monitored
- jsonPath: .status.expectedMachines
- name: ExpectedMachines
- type: integer
- - description: Maximum number of unhealthy machines allowed
- jsonPath: .spec.maxUnhealthy
- name: MaxUnhealthy
- type: string
- - description: Current observed healthy machines
- jsonPath: .status.currentHealthy
- name: CurrentHealthy
- type: integer
- - description: Time duration since creation of MachineHealthCheck
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: MachineHealthCheck is the Schema for the machinehealthchecks
- API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: Specification of machine health check policy
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- maxUnhealthy:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
- "selector" are not healthy.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details.
- x-kubernetes-int-or-string: true
- nodeStartupTimeout:
- description: |-
- nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
- to consider a Machine unhealthy if a corresponding Node isn't associated
- through a `Spec.ProviderID` field.
-
- The duration set in this field is compared to the greatest of:
- - Cluster's infrastructure ready condition timestamp (if and when available)
- - Control Plane's initialized condition timestamp (if and when available)
- - Machine's infrastructure ready condition timestamp (if and when available)
- - Machine's metadata creation timestamp
-
- Defaults to 10 minutes.
- If you wish to disable this feature, set the value explicitly to 0.
- type: string
- remediationTemplate:
- description: |-
- remediationTemplate is a reference to a remediation template
- provided by an infrastructure provider.
-
- This field is completely optional, when filled, the MachineHealthCheck controller
- creates a new object from the template referenced and hands off remediation of the machine to
- a controller that lives outside of Cluster API.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- selector:
- description: Label selector to match machines whose health will be
- exercised
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- unhealthyConditions:
- description: |-
- unhealthyConditions contains a list of the conditions that determine
- whether a node is considered unhealthy. The conditions are combined in a
- logical OR, i.e. if any of the conditions is met, the node is unhealthy.
- items:
- description: |-
- UnhealthyCondition represents a Node condition type and value with a timeout
- specified as a duration. When the named condition has been in the given
- status for at least the timeout value, a node is considered unhealthy.
- properties:
- status:
- minLength: 1
- type: string
- timeout:
- type: string
- type:
- minLength: 1
- type: string
- required:
- - status
- - timeout
- - type
- type: object
- type: array
- unhealthyRange:
- description: |-
- Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
- is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
- Eg. "[3-5]" - This means that remediation will be allowed only when:
- (a) there are at least 3 unhealthy machines (and)
- (b) there are at most 5 unhealthy machines
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details.
- pattern: ^\[[0-9]+-[0-9]+\]$
- type: string
- required:
- - clusterName
- - selector
- type: object
- status:
- description: Most recently observed status of MachineHealthCheck resource
- properties:
- conditions:
- description: conditions defines current service state of the MachineHealthCheck.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- currentHealthy:
- description: total number of healthy machines counted by this machine
- health check
- format: int32
- minimum: 0
- type: integer
- expectedMachines:
- description: total number of machines counted by this machine health
- check
- format: int32
- minimum: 0
- type: integer
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- remediationsAllowed:
- description: |-
- remediationsAllowed is the number of further remediations allowed by this machine health check before
- maxUnhealthy short circuiting will be applied
- format: int32
- minimum: 0
- type: integer
- targets:
- description: targets shows the current list of machines the machine
- health check is watching
- items:
- type: string
- type: array
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in MachineHealthCheck's status with the V1Beta2 version.
- properties:
- conditions:
- description: |-
- conditions represents the observations of a MachineHealthCheck's current state.
- Known condition types are RemediationAllowed, Paused.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: machinepools.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: MachinePool
- listKind: MachinePoolList
- plural: machinepools
- shortNames:
- - mp
- singular: machinepool
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: MachinePool replicas count
- jsonPath: .status.replicas
- name: Replicas
- type: string
- - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
- etc
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Kubernetes version associated with this MachinePool
- jsonPath: .spec.template.spec.version
- name: Version
- type: string
- deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- MachinePool is the Schema for the machinepools API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachinePoolSpec defines the desired state of MachinePool.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- failureDomains:
- description: failureDomains is the list of failure domains this MachinePool
- should be attached to.
- items:
- type: string
- type: array
- minReadySeconds:
- description: |-
- Minimum number of seconds for which a newly created machine instances should
- be ready.
- Defaults to 0 (machine instance will be considered available as soon as it
- is ready)
- format: int32
- type: integer
- providerIDList:
- description: |-
- providerIDList are the identification IDs of machine instances provided by the provider.
- This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.
- items:
- type: string
- type: array
- replicas:
- description: |-
- Number of desired machines. Defaults to 1.
- This is a pointer to distinguish between explicit zero and not specified.
- format: int32
- type: integer
- strategy:
- description: |-
- The deployment strategy to use to replace existing machine instances with
- new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- MachineDeploymentStrategyType = RollingUpdate.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be scheduled above the
- desired number of machines.
- Value can be an absolute number (ex: 5) or a percentage of
- desired machines (ex: 10%).
- This can not be 0 if MaxUnavailable is 0.
- Absolute number is calculated from percentage by rounding up.
- Defaults to 1.
- Example: when this is set to 30%, the new MachineSet can be scaled
- up immediately when the rolling update starts, such that the total
- number of old and new machines do not exceed 130% of desired
- machines. Once old machines have been killed, new MachineSet can
- be scaled up further, ensuring that total number of machines running
- at any time during the update is at most 130% of desired machines.
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of machines that can be unavailable during the update.
- Value can be an absolute number (ex: 5) or a percentage of desired
- machines (ex: 10%).
- Absolute number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0.
- Defaults to 0.
- Example: when this is set to 30%, the old MachineSet can be scaled
- down to 70% of desired machines immediately when the rolling update
- starts. Once new machines are ready, old MachineSet can be scaled
- down further, followed by scaling up the new MachineSet, ensuring
- that the total number of machines available at all times
- during the update is at least 70% of desired machines.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of deployment. Currently the only supported strategy is
- "RollingUpdate".
- Default is RollingUpdate.
- type: string
- type: object
- template:
- description: template describes the machines that will be created.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- generateName:
- description: |-
- generateName is an optional prefix, used by the server, to generate a unique
- name ONLY IF the Name field has not been provided.
- If this field is used, the name returned to the client will be different
- than the name passed. This value will also be combined with a unique suffix.
- The provided value has the same validation rules as the Name field,
- and may be truncated by the length of the suffix required to make the value
- unique on the server.
-
- If this field is specified and the generated name exists, the server will
- NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
- ServerTimeout indicating a unique name could not be found in the time allotted, and the client
- should retry (optionally after the time indicated in the Retry-After header).
-
- Applied only if Name is not specified.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
-
- Deprecated: This field has no function and is going to be removed in a next release.
- type: string
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- name:
- description: |-
- name must be unique within a namespace. Is required when creating resources, although
- some resources may allow a client to request the generation of an appropriate name
- automatically. Name is primarily intended for creation idempotence and configuration
- definition.
- Cannot be updated.
- More info: http://kubernetes.io/docs/user-guide/identifiers#names
-
- Deprecated: This field has no function and is going to be removed in a next release.
- type: string
- namespace:
- description: |-
- namespace defines the space within each name must be unique. An empty namespace is
- equivalent to the "default" namespace, but "default" is the canonical representation.
- Not all objects are required to be scoped to a namespace - the value of this field for
- those objects will be empty.
-
- Must be a DNS_LABEL.
- Cannot be updated.
- More info: http://kubernetes.io/docs/user-guide/namespaces
-
- Deprecated: This field has no function and is going to be removed in a next release.
- type: string
- ownerReferences:
- description: |-
- List of objects depended by this object. If ALL objects in the list have
- been deleted, this object will be garbage collected. If this object is managed by a controller,
- then an entry in this list will point to this controller, with the controller field set to true.
- There cannot be more than one managing controller.
-
- Deprecated: This field has no function and is going to be removed in a next release.
- items:
- description: |-
- OwnerReference contains enough information to let you identify an owning
- object. An owning object must be in the same namespace as the dependent, or
- be cluster-scoped, so there is no namespace field.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- blockOwnerDeletion:
- description: |-
- If true, AND if the owner has the "foregroundDeletion" finalizer, then
- the owner cannot be deleted from the key-value store until this
- reference is removed.
- See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
- for how the garbage collector interacts with this field and enforces the foreground deletion.
- Defaults to false.
- To set this field, a user needs "delete" permission of the owner,
- otherwise 422 (Unprocessable Entity) will be returned.
- type: boolean
- controller:
- description: If true, this reference points to the managing
- controller.
- type: boolean
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- type: string
- required:
- - apiVersion
- - kind
- - name
- - uid
- type: object
- x-kubernetes-map-type: atomic
- type: array
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the machine.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.Data without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- data:
- description: |-
- data contains the bootstrap data, such as cloud-init details scripts.
- If nil, the Machine should remain in the Pending state.
-
- Deprecated: Switch to DataSecretName.
- type: string
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object
- belongs to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- type: object
- required:
- - clusterName
- - template
- type: object
- status:
- description: MachinePoolStatus defines the observed state of MachinePool.
- properties:
- availableReplicas:
- description: The number of available replicas (ready for at least
- minReadySeconds) for this MachinePool.
- format: int32
- type: integer
- bootstrapReady:
- description: bootstrapReady is the state of the bootstrap provider.
- type: boolean
- conditions:
- description: conditions define the current service state of the MachinePool.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- failureMessage indicates that there is a problem reconciling the state,
- and will be set to a descriptive error message.
- type: string
- failureReason:
- description: |-
- failureReason indicates that there is a problem reconciling the state, and
- will be set to a token value suitable for programmatic interpretation.
- type: string
- infrastructureReady:
- description: infrastructureReady is the state of the infrastructure
- provider.
- type: boolean
- nodeRefs:
- description: nodeRefs will point to the corresponding Nodes if it
- they exist.
- items:
- description: ObjectReference contains enough information to let
- you inspect or modify the referred object.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- phase:
- description: |-
- phase represents the current phase of cluster actuation.
- E.g. Pending, Running, Terminating, Failed etc.
- type: string
- readyReplicas:
- description: The number of ready replicas for this MachinePool. A
- machine is considered ready when the node has been created and is
- "Ready".
- format: int32
- type: integer
- replicas:
- description: replicas is the most recently observed number of replicas.
- format: int32
- type: integer
- unavailableReplicas:
- description: |-
- Total number of unavailable machine instances targeted by this machine pool.
- This is the total number of machine instances that are still required for
- the machine pool to have 100% available capacity. They may either
- be machine instances that are running but not yet available or machine instances
- that still have not been created.
- format: int32
- type: integer
- type: object
- type: object
- served: false
- storage: false
- subresources:
- scale:
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of MachinePool
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: MachinePool replicas count
- jsonPath: .status.replicas
- name: Replicas
- type: string
- - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
- etc
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Kubernetes version associated with this MachinePool
- jsonPath: .spec.template.spec.version
- name: Version
- type: string
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- MachinePool is the Schema for the machinepools API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachinePoolSpec defines the desired state of MachinePool.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- failureDomains:
- description: failureDomains is the list of failure domains this MachinePool
- should be attached to.
- items:
- type: string
- type: array
- minReadySeconds:
- description: |-
- Minimum number of seconds for which a newly created machine instances should
- be ready.
- Defaults to 0 (machine instance will be considered available as soon as it
- is ready)
- format: int32
- type: integer
- providerIDList:
- description: |-
- providerIDList are the identification IDs of machine instances provided by the provider.
- This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.
- items:
- type: string
- type: array
- replicas:
- description: |-
- Number of desired machines. Defaults to 1.
- This is a pointer to distinguish between explicit zero and not specified.
- format: int32
- type: integer
- template:
- description: template describes the machines that will be created.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the machine.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.DataSecretName without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object
- belongs to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- type: object
- required:
- - clusterName
- - template
- type: object
- status:
- description: MachinePoolStatus defines the observed state of MachinePool.
- properties:
- availableReplicas:
- description: The number of available replicas (ready for at least
- minReadySeconds) for this MachinePool.
- format: int32
- type: integer
- bootstrapReady:
- description: bootstrapReady is the state of the bootstrap provider.
- type: boolean
- conditions:
- description: conditions define the current service state of the MachinePool.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- failureMessage indicates that there is a problem reconciling the state,
- and will be set to a descriptive error message.
- type: string
- failureReason:
- description: |-
- failureReason indicates that there is a problem reconciling the state, and
- will be set to a token value suitable for programmatic interpretation.
- type: string
- infrastructureReady:
- description: infrastructureReady is the state of the infrastructure
- provider.
- type: boolean
- nodeRefs:
- description: nodeRefs will point to the corresponding Nodes if it
- they exist.
- items:
- description: ObjectReference contains enough information to let
- you inspect or modify the referred object.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- phase:
- description: |-
- phase represents the current phase of cluster actuation.
- E.g. Pending, Running, Terminating, Failed etc.
- type: string
- readyReplicas:
- description: The number of ready replicas for this MachinePool. A
- machine is considered ready when the node has been created and is
- "Ready".
- format: int32
- type: integer
- replicas:
- description: replicas is the most recently observed number of replicas.
- format: int32
- type: integer
- unavailableReplicas:
- description: |-
- Total number of unavailable machine instances targeted by this machine pool.
- This is the total number of machine instances that are still required for
- the machine pool to have 100% available capacity. They may either
- be machine instances that are running but not yet available or machine instances
- that still have not been created.
- format: int32
- type: integer
- type: object
- type: object
- served: false
- storage: false
- subresources:
- scale:
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .spec.clusterName
- name: Cluster
- type: string
- - description: Total number of machines desired by this MachinePool
- jsonPath: .spec.replicas
- name: Desired
- priority: 10
- type: integer
- - description: MachinePool replicas count
- jsonPath: .status.replicas
- name: Replicas
- type: string
- - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
- etc
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Time duration since creation of MachinePool
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Kubernetes version associated with this MachinePool
- jsonPath: .spec.template.spec.version
- name: Version
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: MachinePool is the Schema for the machinepools API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachinePoolSpec defines the desired state of MachinePool.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- failureDomains:
- description: failureDomains is the list of failure domains this MachinePool
- should be attached to.
- items:
- type: string
- type: array
- minReadySeconds:
- description: |-
- Minimum number of seconds for which a newly created machine instances should
- be ready.
- Defaults to 0 (machine instance will be considered available as soon as it
- is ready)
- format: int32
- type: integer
- providerIDList:
- description: |-
- providerIDList are the identification IDs of machine instances provided by the provider.
- This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.
- items:
- type: string
- type: array
- replicas:
- description: |-
- Number of desired machines. Defaults to 1.
- This is a pointer to distinguish between explicit zero and not specified.
- format: int32
- type: integer
- template:
- description: template describes the machines that will be created.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the machine.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.DataSecretName without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object
- belongs to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- readinessGates:
- description: |-
- readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
-
- This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
- Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
- for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
-
- Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
- they can include the status of those components with a new condition and add this condition to ReadinessGates.
-
- NOTE: This field is considered only for computing v1beta2 conditions.
- NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
- readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
- readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
- This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
- items:
- description: MachineReadinessGate contains the type of a
- Machine condition to be used as a readiness gate.
- properties:
- conditionType:
- description: |-
- conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
- If the conditions doesn't exist, it will be treated as unknown.
- Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
- maxLength: 316
- minLength: 1
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - conditionType
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - conditionType
- x-kubernetes-list-type: map
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- type: object
- required:
- - clusterName
- - template
- type: object
- status:
- description: MachinePoolStatus defines the observed state of MachinePool.
- properties:
- availableReplicas:
- description: The number of available replicas (ready for at least
- minReadySeconds) for this MachinePool.
- format: int32
- type: integer
- bootstrapReady:
- description: bootstrapReady is the state of the bootstrap provider.
- type: boolean
- conditions:
- description: conditions define the current service state of the MachinePool.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- failureMessage indicates that there is a problem reconciling the state,
- and will be set to a descriptive error message.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- failureReason:
- description: |-
- failureReason indicates that there is a problem reconciling the state, and
- will be set to a token value suitable for programmatic interpretation.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- infrastructureReady:
- description: infrastructureReady is the state of the infrastructure
- provider.
- type: boolean
- nodeRefs:
- description: nodeRefs will point to the corresponding Nodes if it
- they exist.
- items:
- description: ObjectReference contains enough information to let
- you inspect or modify the referred object.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- phase:
- description: |-
- phase represents the current phase of cluster actuation.
- E.g. Pending, Running, Terminating, Failed etc.
- type: string
- readyReplicas:
- description: The number of ready replicas for this MachinePool. A
- machine is considered ready when the node has been created and is
- "Ready".
- format: int32
- type: integer
- replicas:
- description: replicas is the most recently observed number of replicas.
- format: int32
- type: integer
- unavailableReplicas:
- description: |-
- Total number of unavailable machine instances targeted by this machine pool.
- This is the total number of machine instances that are still required for
- the machine pool to have 100% available capacity. They may either
- be machine instances that are running but not yet available or machine instances
- that still have not been created.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- format: int32
- type: integer
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in MachinePool's status with the V1Beta2 version.
- properties:
- availableReplicas:
- description: availableReplicas is the number of available replicas
- for this MachinePool. A machine is considered available when
- Machine's Available condition is true.
- format: int32
- type: integer
- conditions:
- description: |-
- conditions represents the observations of a MachinePool's current state.
- Known condition types are Available, BootstrapConfigReady, InfrastructureReady, MachinesReady, MachinesUpToDate,
- ScalingUp, ScalingDown, Remediating, Deleting, Paused.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- readyReplicas:
- description: readyReplicas is the number of ready replicas for
- this MachinePool. A machine is considered ready when Machine's
- Ready condition is true.
- format: int32
- type: integer
- upToDateReplicas:
- description: upToDateReplicas is the number of up-to-date replicas
- targeted by this MachinePool. A machine is considered up-to-date
- when Machine's UpToDate condition is true.
- format: int32
- type: integer
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- scale:
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: machines.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: Machine
- listKind: MachineList
- plural: machines
- shortNames:
- - ma
- singular: machine
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Provider ID
- jsonPath: .spec.providerID
- name: ProviderID
- type: string
- - description: Machine status such as Terminating/Pending/Running/Failed etc
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Kubernetes version associated with this Machine
- jsonPath: .spec.version
- name: Version
- type: string
- - description: Node name associated with this machine
- jsonPath: .status.nodeRef.name
- name: NodeName
- priority: 1
- type: string
- deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- Machine is the Schema for the machines API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachineSpec defines the desired state of Machine.
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.Data without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- data:
- description: |-
- data contains the bootstrap data, such as cloud-init details scripts.
- If nil, the Machine should remain in the Pending state.
-
- Deprecated: Switch to DataSecretName.
- type: string
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- status:
- description: MachineStatus defines the observed state of Machine.
- properties:
- addresses:
- description: |-
- addresses is a list of addresses assigned to the machine.
- This field is copied from the infrastructure provider reference.
- items:
- description: MachineAddress contains information for the node's
- address.
- properties:
- address:
- description: The machine address.
- type: string
- type:
- description: Machine address type, one of Hostname, ExternalIP
- or InternalIP.
- type: string
- required:
- - address
- - type
- type: object
- type: array
- bootstrapReady:
- description: bootstrapReady is the state of the bootstrap provider.
- type: boolean
- conditions:
- description: conditions defines current service state of the Machine.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- failureMessage will be set in the event that there is a terminal problem
- reconciling the Machine and will contain a more verbose string suitable
- for logging and human consumption.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the Machine's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the Machine object and/or logged in the
- controller's output.
- type: string
- failureReason:
- description: |-
- failureReason will be set in the event that there is a terminal problem
- reconciling the Machine and will contain a succinct value suitable
- for machine interpretation.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the Machine's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the Machine object and/or logged in the
- controller's output.
- type: string
- infrastructureReady:
- description: infrastructureReady is the state of the infrastructure
- provider.
- type: boolean
- lastUpdated:
- description: lastUpdated identifies when the phase of the Machine
- last transitioned.
- format: date-time
- type: string
- nodeRef:
- description: nodeRef will point to the corresponding Node if it exists.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- phase:
- description: |-
- phase represents the current phase of machine actuation.
- E.g. Pending, Running, Terminating, Failed etc.
- type: string
- version:
- description: |-
- version specifies the current version of Kubernetes running
- on the corresponding Node. This is meant to be a means of bubbling
- up status from the Node to the Machine.
- It is entirely optional, but useful for end-user UX if it’s present.
- type: string
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .spec.clusterName
- name: Cluster
- type: string
- - description: Time duration since creation of Machine
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Provider ID
- jsonPath: .spec.providerID
- name: ProviderID
- type: string
- - description: Machine status such as Terminating/Pending/Running/Failed etc
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Kubernetes version associated with this Machine
- jsonPath: .spec.version
- name: Version
- type: string
- - description: Node name associated with this machine
- jsonPath: .status.nodeRef.name
- name: NodeName
- priority: 1
- type: string
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- Machine is the Schema for the machines API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachineSpec defines the desired state of Machine.
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.DataSecretName without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- status:
- description: MachineStatus defines the observed state of Machine.
- properties:
- addresses:
- description: |-
- addresses is a list of addresses assigned to the machine.
- This field is copied from the infrastructure provider reference.
- items:
- description: MachineAddress contains information for the node's
- address.
- properties:
- address:
- description: The machine address.
- type: string
- type:
- description: Machine address type, one of Hostname, ExternalIP
- or InternalIP.
- type: string
- required:
- - address
- - type
- type: object
- type: array
- bootstrapReady:
- description: bootstrapReady is the state of the bootstrap provider.
- type: boolean
- conditions:
- description: conditions defines current service state of the Machine.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- failureMessage will be set in the event that there is a terminal problem
- reconciling the Machine and will contain a more verbose string suitable
- for logging and human consumption.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the Machine's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the Machine object and/or logged in the
- controller's output.
- type: string
- failureReason:
- description: |-
- failureReason will be set in the event that there is a terminal problem
- reconciling the Machine and will contain a succinct value suitable
- for machine interpretation.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the Machine's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the Machine object and/or logged in the
- controller's output.
- type: string
- infrastructureReady:
- description: infrastructureReady is the state of the infrastructure
- provider.
- type: boolean
- lastUpdated:
- description: lastUpdated identifies when the phase of the Machine
- last transitioned.
- format: date-time
- type: string
- nodeInfo:
- description: |-
- nodeInfo is a set of ids/uuids to uniquely identify the node.
- More info: https://kubernetes.io/docs/concepts/nodes/node/#info
- properties:
- architecture:
- description: The Architecture reported by the node
- type: string
- bootID:
- description: Boot ID reported by the node.
- type: string
- containerRuntimeVersion:
- description: ContainerRuntime Version reported by the node through
- runtime remote API (e.g. containerd://1.4.2).
- type: string
- kernelVersion:
- description: Kernel Version reported by the node from 'uname -r'
- (e.g. 3.16.0-0.bpo.4-amd64).
- type: string
- kubeProxyVersion:
- description: 'Deprecated: KubeProxy Version reported by the node.'
- type: string
- kubeletVersion:
- description: Kubelet Version reported by the node.
- type: string
- machineID:
- description: |-
- MachineID reported by the node. For unique machine identification
- in the cluster this field is preferred. Learn more from man(5)
- machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
- type: string
- operatingSystem:
- description: The Operating System reported by the node
- type: string
- osImage:
- description: OS Image reported by the node from /etc/os-release
- (e.g. Debian GNU/Linux 7 (wheezy)).
- type: string
- systemUUID:
- description: |-
- SystemUUID reported by the node. For unique machine identification
- MachineID is preferred. This field is specific to Red Hat hosts
- https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
- type: string
- required:
- - architecture
- - bootID
- - containerRuntimeVersion
- - kernelVersion
- - kubeProxyVersion
- - kubeletVersion
- - machineID
- - operatingSystem
- - osImage
- - systemUUID
- type: object
- nodeRef:
- description: nodeRef will point to the corresponding Node if it exists.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- phase:
- description: |-
- phase represents the current phase of machine actuation.
- E.g. Pending, Running, Terminating, Failed etc.
- type: string
- version:
- description: |-
- version specifies the current version of Kubernetes running
- on the corresponding Node. This is meant to be a means of bubbling
- up status from the Node to the Machine.
- It is entirely optional, but useful for end-user UX if it’s present.
- type: string
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .spec.clusterName
- name: Cluster
- type: string
- - description: Node name associated with this machine
- jsonPath: .status.nodeRef.name
- name: NodeName
- type: string
- - description: Provider ID
- jsonPath: .spec.providerID
- name: ProviderID
- type: string
- - description: Machine status such as Terminating/Pending/Running/Failed etc
- jsonPath: .status.phase
- name: Phase
- type: string
- - description: Time duration since creation of Machine
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Kubernetes version associated with this Machine
- jsonPath: .spec.version
- name: Version
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Machine is the Schema for the machines API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachineSpec defines the desired state of Machine.
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.DataSecretName without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- readinessGates:
- description: |-
- readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
-
- This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
- Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
- for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
-
- Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
- they can include the status of those components with a new condition and add this condition to ReadinessGates.
-
- NOTE: This field is considered only for computing v1beta2 conditions.
- NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
- readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
- readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
- This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
- items:
- description: MachineReadinessGate contains the type of a Machine
- condition to be used as a readiness gate.
- properties:
- conditionType:
- description: |-
- conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
- If the conditions doesn't exist, it will be treated as unknown.
- Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
- maxLength: 316
- minLength: 1
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - conditionType
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - conditionType
- x-kubernetes-list-type: map
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- status:
- description: MachineStatus defines the observed state of Machine.
- properties:
- addresses:
- description: |-
- addresses is a list of addresses assigned to the machine.
- This field is copied from the infrastructure provider reference.
- items:
- description: MachineAddress contains information for the node's
- address.
- properties:
- address:
- description: The machine address.
- type: string
- type:
- description: Machine address type, one of Hostname, ExternalIP,
- InternalIP, ExternalDNS or InternalDNS.
- type: string
- required:
- - address
- - type
- type: object
- type: array
- bootstrapReady:
- description: bootstrapReady is the state of the bootstrap provider.
- type: boolean
- certificatesExpiryDate:
- description: |-
- certificatesExpiryDate is the expiry date of the machine certificates.
- This value is only set for control plane machines.
- format: date-time
- type: string
- conditions:
- description: conditions defines current service state of the Machine.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- deletion:
- description: |-
- deletion contains information relating to removal of the Machine.
- Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started.
- properties:
- nodeDrainStartTime:
- description: |-
- nodeDrainStartTime is the time when the drain of the node started and is used to determine
- if the NodeDrainTimeout is exceeded.
- Only present when the Machine has a deletionTimestamp and draining the node had been started.
- format: date-time
- type: string
- waitForNodeVolumeDetachStartTime:
- description: |-
- waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started
- and is used to determine if the NodeVolumeDetachTimeout is exceeded.
- Detaching volumes from nodes is usually done by CSI implementations and the current state
- is observed from the node's `.Status.VolumesAttached` field.
- Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started.
- format: date-time
- type: string
- type: object
- failureMessage:
- description: |-
- failureMessage will be set in the event that there is a terminal problem
- reconciling the Machine and will contain a more verbose string suitable
- for logging and human consumption.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the Machine's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the Machine object and/or logged in the
- controller's output.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- failureReason:
- description: |-
- failureReason will be set in the event that there is a terminal problem
- reconciling the Machine and will contain a succinct value suitable
- for machine interpretation.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the Machine's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the Machine object and/or logged in the
- controller's output.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- infrastructureReady:
- description: infrastructureReady is the state of the infrastructure
- provider.
- type: boolean
- lastUpdated:
- description: lastUpdated identifies when the phase of the Machine
- last transitioned.
- format: date-time
- type: string
- nodeInfo:
- description: |-
- nodeInfo is a set of ids/uuids to uniquely identify the node.
- More info: https://kubernetes.io/docs/concepts/nodes/node/#info
- properties:
- architecture:
- description: The Architecture reported by the node
- type: string
- bootID:
- description: Boot ID reported by the node.
- type: string
- containerRuntimeVersion:
- description: ContainerRuntime Version reported by the node through
- runtime remote API (e.g. containerd://1.4.2).
- type: string
- kernelVersion:
- description: Kernel Version reported by the node from 'uname -r'
- (e.g. 3.16.0-0.bpo.4-amd64).
- type: string
- kubeProxyVersion:
- description: 'Deprecated: KubeProxy Version reported by the node.'
- type: string
- kubeletVersion:
- description: Kubelet Version reported by the node.
- type: string
- machineID:
- description: |-
- MachineID reported by the node. For unique machine identification
- in the cluster this field is preferred. Learn more from man(5)
- machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
- type: string
- operatingSystem:
- description: The Operating System reported by the node
- type: string
- osImage:
- description: OS Image reported by the node from /etc/os-release
- (e.g. Debian GNU/Linux 7 (wheezy)).
- type: string
- systemUUID:
- description: |-
- SystemUUID reported by the node. For unique machine identification
- MachineID is preferred. This field is specific to Red Hat hosts
- https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
- type: string
- required:
- - architecture
- - bootID
- - containerRuntimeVersion
- - kernelVersion
- - kubeProxyVersion
- - kubeletVersion
- - machineID
- - operatingSystem
- - osImage
- - systemUUID
- type: object
- nodeRef:
- description: nodeRef will point to the corresponding Node if it exists.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- phase:
- description: |-
- phase represents the current phase of machine actuation.
- E.g. Pending, Running, Terminating, Failed etc.
- type: string
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in Machine's status with the V1Beta2 version.
- properties:
- conditions:
- description: |-
- conditions represents the observations of a Machine's current state.
- Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady,
- NodeHealthy, Deleting, Paused.
- If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added.
- Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions:
- APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: machinesets.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: MachineSet
- listKind: MachineSetList
- plural: machinesets
- shortNames:
- - ms
- singular: machineset
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Total number of non-terminated machines targeted by this machineset
- jsonPath: .status.replicas
- name: Replicas
- type: integer
- - description: Total number of available machines (ready for at least minReadySeconds)
- jsonPath: .status.availableReplicas
- name: Available
- type: integer
- - description: Total number of ready machines targeted by this machineset.
- jsonPath: .status.readyReplicas
- name: Ready
- type: integer
- deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- MachineSet is the Schema for the machinesets API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachineSetSpec defines the desired state of MachineSet.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- deletePolicy:
- description: |-
- deletePolicy defines the policy used to identify nodes to delete when downscaling.
- Defaults to "Random". Valid values are "Random, "Newest", "Oldest"
- enum:
- - Random
- - Newest
- - Oldest
- type: string
- minReadySeconds:
- description: |-
- minReadySeconds is the minimum number of seconds for which a newly created machine should be ready.
- Defaults to 0 (machine will be considered available as soon as it is ready)
- format: int32
- type: integer
- replicas:
- description: |-
- replicas is the number of desired replicas.
- This is a pointer to distinguish between explicit zero and unspecified.
- Defaults to 1.
- format: int32
- type: integer
- selector:
- description: |-
- selector is a label query over machines that should match the replica count.
- Label keys and values that must match in order to be controlled by this MachineSet.
- It must match the machine template's labels.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- template:
- description: |-
- template is the object that describes the machine that will be created if
- insufficient replicas are detected.
- Object references to custom resources are treated as templates.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- generateName:
- description: |-
- generateName is an optional prefix, used by the server, to generate a unique
- name ONLY IF the Name field has not been provided.
- If this field is used, the name returned to the client will be different
- than the name passed. This value will also be combined with a unique suffix.
- The provided value has the same validation rules as the Name field,
- and may be truncated by the length of the suffix required to make the value
- unique on the server.
-
- If this field is specified and the generated name exists, the server will
- NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
- ServerTimeout indicating a unique name could not be found in the time allotted, and the client
- should retry (optionally after the time indicated in the Retry-After header).
-
- Applied only if Name is not specified.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
-
- Deprecated: This field has no function and is going to be removed in a next release.
- type: string
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- name:
- description: |-
- name must be unique within a namespace. Is required when creating resources, although
- some resources may allow a client to request the generation of an appropriate name
- automatically. Name is primarily intended for creation idempotence and configuration
- definition.
- Cannot be updated.
- More info: http://kubernetes.io/docs/user-guide/identifiers#names
-
- Deprecated: This field has no function and is going to be removed in a next release.
- type: string
- namespace:
- description: |-
- namespace defines the space within each name must be unique. An empty namespace is
- equivalent to the "default" namespace, but "default" is the canonical representation.
- Not all objects are required to be scoped to a namespace - the value of this field for
- those objects will be empty.
-
- Must be a DNS_LABEL.
- Cannot be updated.
- More info: http://kubernetes.io/docs/user-guide/namespaces
-
- Deprecated: This field has no function and is going to be removed in a next release.
- type: string
- ownerReferences:
- description: |-
- List of objects depended by this object. If ALL objects in the list have
- been deleted, this object will be garbage collected. If this object is managed by a controller,
- then an entry in this list will point to this controller, with the controller field set to true.
- There cannot be more than one managing controller.
-
- Deprecated: This field has no function and is going to be removed in a next release.
- items:
- description: |-
- OwnerReference contains enough information to let you identify an owning
- object. An owning object must be in the same namespace as the dependent, or
- be cluster-scoped, so there is no namespace field.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- blockOwnerDeletion:
- description: |-
- If true, AND if the owner has the "foregroundDeletion" finalizer, then
- the owner cannot be deleted from the key-value store until this
- reference is removed.
- See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
- for how the garbage collector interacts with this field and enforces the foreground deletion.
- Defaults to false.
- To set this field, a user needs "delete" permission of the owner,
- otherwise 422 (Unprocessable Entity) will be returned.
- type: boolean
- controller:
- description: If true, this reference points to the managing
- controller.
- type: boolean
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
- type: string
- required:
- - apiVersion
- - kind
- - name
- - uid
- type: object
- x-kubernetes-map-type: atomic
- type: array
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the machine.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.Data without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- data:
- description: |-
- data contains the bootstrap data, such as cloud-init details scripts.
- If nil, the Machine should remain in the Pending state.
-
- Deprecated: Switch to DataSecretName.
- type: string
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object
- belongs to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- type: object
- required:
- - clusterName
- - selector
- type: object
- status:
- description: MachineSetStatus defines the observed state of MachineSet.
- properties:
- availableReplicas:
- description: The number of available replicas (ready for at least
- minReadySeconds) for this MachineSet.
- format: int32
- type: integer
- failureMessage:
- type: string
- failureReason:
- description: |-
- In the event that there is a terminal problem reconciling the
- replicas, both FailureReason and FailureMessage will be set. FailureReason
- will be populated with a succinct value suitable for machine
- interpretation, while FailureMessage will contain a more verbose
- string suitable for logging and human consumption.
-
- These fields should not be set for transitive errors that a
- controller faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the MachineTemplate's spec or the configuration of
- the machine controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the machine controller, or the
- responsible machine controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the MachineSet object and/or logged in the
- controller's output.
- type: string
- fullyLabeledReplicas:
- description: The number of replicas that have labels matching the
- labels of the machine template of the MachineSet.
- format: int32
- type: integer
- observedGeneration:
- description: observedGeneration reflects the generation of the most
- recently observed MachineSet.
- format: int64
- type: integer
- readyReplicas:
- description: The number of ready replicas for this MachineSet. A machine
- is considered ready when the node has been created and is "Ready".
- format: int32
- type: integer
- replicas:
- description: replicas is the most recently observed number of replicas.
- format: int32
- type: integer
- selector:
- description: |-
- selector is the same as the label selector but in the string format to avoid introspection
- by clients. The string will be in the same format as the query-param syntax.
- More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
- type: string
- type: object
- type: object
- served: false
- storage: false
- subresources:
- scale:
- labelSelectorPath: .status.selector
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .spec.clusterName
- name: Cluster
- type: string
- - description: Time duration since creation of MachineSet
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Total number of non-terminated machines targeted by this machineset
- jsonPath: .status.replicas
- name: Replicas
- type: integer
- - description: Total number of available machines (ready for at least minReadySeconds)
- jsonPath: .status.availableReplicas
- name: Available
- type: integer
- - description: Total number of ready machines targeted by this machineset.
- jsonPath: .status.readyReplicas
- name: Ready
- type: integer
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- MachineSet is the Schema for the machinesets API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachineSetSpec defines the desired state of MachineSet.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- deletePolicy:
- description: |-
- deletePolicy defines the policy used to identify nodes to delete when downscaling.
- Defaults to "Random". Valid values are "Random, "Newest", "Oldest"
- enum:
- - Random
- - Newest
- - Oldest
- type: string
- minReadySeconds:
- description: |-
- minReadySeconds is the minimum number of seconds for which a newly created machine should be ready.
- Defaults to 0 (machine will be considered available as soon as it is ready)
- format: int32
- type: integer
- replicas:
- default: 1
- description: |-
- replicas is the number of desired replicas.
- This is a pointer to distinguish between explicit zero and unspecified.
- Defaults to 1.
- format: int32
- type: integer
- selector:
- description: |-
- selector is a label query over machines that should match the replica count.
- Label keys and values that must match in order to be controlled by this MachineSet.
- It must match the machine template's labels.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- template:
- description: |-
- template is the object that describes the machine that will be created if
- insufficient replicas are detected.
- Object references to custom resources are treated as templates.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the machine.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.DataSecretName without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object
- belongs to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- type: object
- required:
- - clusterName
- - selector
- type: object
- status:
- description: MachineSetStatus defines the observed state of MachineSet.
- properties:
- availableReplicas:
- description: The number of available replicas (ready for at least
- minReadySeconds) for this MachineSet.
- format: int32
- type: integer
- conditions:
- description: conditions defines current service state of the MachineSet.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- failureMessage:
- type: string
- failureReason:
- description: |-
- In the event that there is a terminal problem reconciling the
- replicas, both FailureReason and FailureMessage will be set. FailureReason
- will be populated with a succinct value suitable for machine
- interpretation, while FailureMessage will contain a more verbose
- string suitable for logging and human consumption.
-
- These fields should not be set for transitive errors that a
- controller faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the MachineTemplate's spec or the configuration of
- the machine controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the machine controller, or the
- responsible machine controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the MachineSet object and/or logged in the
- controller's output.
- type: string
- fullyLabeledReplicas:
- description: The number of replicas that have labels matching the
- labels of the machine template of the MachineSet.
- format: int32
- type: integer
- observedGeneration:
- description: observedGeneration reflects the generation of the most
- recently observed MachineSet.
- format: int64
- type: integer
- readyReplicas:
- description: The number of ready replicas for this MachineSet. A machine
- is considered ready when the node has been created and is "Ready".
- format: int32
- type: integer
- replicas:
- description: replicas is the most recently observed number of replicas.
- format: int32
- type: integer
- selector:
- description: |-
- selector is the same as the label selector but in the string format to avoid introspection
- by clients. The string will be in the same format as the query-param syntax.
- More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
- type: string
- type: object
- type: object
- served: false
- storage: false
- subresources:
- scale:
- labelSelectorPath: .status.selector
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .spec.clusterName
- name: Cluster
- type: string
- - description: Total number of machines desired by this machineset
- jsonPath: .spec.replicas
- name: Desired
- priority: 10
- type: integer
- - description: Total number of non-terminated machines targeted by this machineset
- jsonPath: .status.replicas
- name: Replicas
- type: integer
- - description: Total number of ready machines targeted by this machineset.
- jsonPath: .status.readyReplicas
- name: Ready
- type: integer
- - description: Total number of available machines (ready for at least minReadySeconds)
- jsonPath: .status.availableReplicas
- name: Available
- type: integer
- - description: Time duration since creation of MachineSet
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Kubernetes version associated with this MachineSet
- jsonPath: .spec.template.spec.version
- name: Version
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: MachineSet is the Schema for the machinesets API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: MachineSetSpec defines the desired state of MachineSet.
- properties:
- clusterName:
- description: clusterName is the name of the Cluster this object belongs
- to.
- minLength: 1
- type: string
- deletePolicy:
- description: |-
- deletePolicy defines the policy used to identify nodes to delete when downscaling.
- Defaults to "Random". Valid values are "Random, "Newest", "Oldest"
- enum:
- - Random
- - Newest
- - Oldest
- type: string
- minReadySeconds:
- description: |-
- minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available.
- Defaults to 0 (machine will be considered available as soon as the Node is ready)
- format: int32
- type: integer
- replicas:
- description: |-
- replicas is the number of desired replicas.
- This is a pointer to distinguish between explicit zero and unspecified.
-
- Defaults to:
- * if the Kubernetes autoscaler min size and max size annotations are set:
- - if it's a new MachineSet, use min size
- - if the replicas field of the old MachineSet is < min size, use min size
- - if the replicas field of the old MachineSet is > max size, use max size
- - if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS
- * otherwise use 1
- Note: Defaulting will be run whenever the replicas field is not set:
- * A new MachineSet is created with replicas not set.
- * On an existing MachineSet the replicas field was first set and is now unset.
- Those cases are especially relevant for the following Kubernetes autoscaler use cases:
- * A new MachineSet is created and replicas should be managed by the autoscaler
- * An existing MachineSet which initially wasn't controlled by the autoscaler
- should be later controlled by the autoscaler
- format: int32
- type: integer
- selector:
- description: |-
- selector is a label query over machines that should match the replica count.
- Label keys and values that must match in order to be controlled by this MachineSet.
- It must match the machine template's labels.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- required:
- - key
- - operator
- type: object
- type: array
- x-kubernetes-list-type: atomic
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- template:
- description: |-
- template is the object that describes the machine that will be created if
- insufficient replicas are detected.
- Object references to custom resources are treated as templates.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the machine.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- bootstrap:
- description: |-
- bootstrap is a reference to a local struct which encapsulates
- fields to configure the Machine’s bootstrapping mechanism.
- properties:
- configRef:
- description: |-
- configRef is a reference to a bootstrap provider-specific resource
- that holds configuration details. The reference is optional to
- allow users/operators to specify Bootstrap.DataSecretName without
- the need of a controller.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- dataSecretName:
- description: |-
- dataSecretName is the name of the secret that stores the bootstrap data script.
- If nil, the Machine should remain in the Pending state.
- type: string
- type: object
- clusterName:
- description: clusterName is the name of the Cluster this object
- belongs to.
- minLength: 1
- type: string
- failureDomain:
- description: |-
- failureDomain is the failure domain the machine will be created in.
- Must match a key in the FailureDomains map stored on the cluster object.
- type: string
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- Defaults to 10 seconds.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- type: string
- providerID:
- description: |-
- providerID is the identification ID of the machine provided by the provider.
- This field must match the provider ID as seen on the node object corresponding to this machine.
- This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
- with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
- machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
- generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
- able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
- and then a comparison is done to find out unregistered machines and are marked for delete.
- This field will be set by the actuators and consumed by higher level entities like autoscaler that will
- be interfacing with cluster-api as generic provider.
- type: string
- readinessGates:
- description: |-
- readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
-
- This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
- Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
- for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
-
- Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
- they can include the status of those components with a new condition and add this condition to ReadinessGates.
-
- NOTE: This field is considered only for computing v1beta2 conditions.
- NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
- readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
- readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
- This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
- items:
- description: MachineReadinessGate contains the type of a
- Machine condition to be used as a readiness gate.
- properties:
- conditionType:
- description: |-
- conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
- If the conditions doesn't exist, it will be treated as unknown.
- Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
- maxLength: 316
- minLength: 1
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - conditionType
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - conditionType
- x-kubernetes-list-type: map
- version:
- description: |-
- version defines the desired Kubernetes version.
- This field is meant to be optionally used by bootstrap providers.
- type: string
- required:
- - bootstrap
- - clusterName
- - infrastructureRef
- type: object
- type: object
- required:
- - clusterName
- - selector
- type: object
- status:
- description: MachineSetStatus defines the observed state of MachineSet.
- properties:
- availableReplicas:
- description: The number of available replicas (ready for at least
- minReadySeconds) for this MachineSet.
- format: int32
- type: integer
- conditions:
- description: conditions defines current service state of the MachineSet.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: 'Deprecated: This field is deprecated and is going to
- be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md
- for more details.'
- type: string
- failureReason:
- description: |-
- In the event that there is a terminal problem reconciling the
- replicas, both FailureReason and FailureMessage will be set. FailureReason
- will be populated with a succinct value suitable for machine
- interpretation, while FailureMessage will contain a more verbose
- string suitable for logging and human consumption.
-
- These fields should not be set for transitive errors that a
- controller faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the MachineTemplate's spec or the configuration of
- the machine controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the machine controller, or the
- responsible machine controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the MachineSet object and/or logged in the
- controller's output.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- fullyLabeledReplicas:
- description: |-
- The number of replicas that have labels matching the labels of the machine template of the MachineSet.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- format: int32
- type: integer
- observedGeneration:
- description: observedGeneration reflects the generation of the most
- recently observed MachineSet.
- format: int64
- type: integer
- readyReplicas:
- description: The number of ready replicas for this MachineSet. A machine
- is considered ready when the node has been created and is "Ready".
- format: int32
- type: integer
- replicas:
- description: replicas is the most recently observed number of replicas.
- format: int32
- type: integer
- selector:
- description: |-
- selector is the same as the label selector but in the string format to avoid introspection
- by clients. The string will be in the same format as the query-param syntax.
- More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
- type: string
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in MachineSet's status with the V1Beta2 version.
- properties:
- availableReplicas:
- description: availableReplicas is the number of available replicas
- for this MachineSet. A machine is considered available when
- Machine's Available condition is true.
- format: int32
- type: integer
- conditions:
- description: |-
- conditions represents the observations of a MachineSet's current state.
- Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- readyReplicas:
- description: readyReplicas is the number of ready replicas for
- this MachineSet. A machine is considered ready when Machine's
- Ready condition is true.
- format: int32
- type: integer
- upToDateReplicas:
- description: upToDateReplicas is the number of up-to-date replicas
- for this MachineSet. A machine is considered up-to-date when
- Machine's UpToDate condition is true.
- format: int32
- type: integer
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- scale:
- labelSelectorPath: .status.selector
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-manager
- namespace: capi-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-leader-election-role
- namespace: capi-system
-rules:
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-aggregationRule:
- clusterRoleSelectors:
- - matchLabels:
- cluster.x-k8s.io/aggregate-to-manager: "true"
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-aggregated-manager-role
-rules: []
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- cluster.x-k8s.io/aggregate-to-manager: "true"
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-manager-role
-rules:
-- apiGroups:
- - ""
- resources:
- - namespaces
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - addons.cluster.x-k8s.io
- resources:
- - clusterresourcesets/finalizers
- - clusterresourcesets/status
- verbs:
- - get
- - patch
- - update
-- apiGroups:
- - addons.cluster.x-k8s.io
- - bootstrap.cluster.x-k8s.io
- - controlplane.cluster.x-k8s.io
- - infrastructure.cluster.x-k8s.io
- resources:
- - '*'
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
-- apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
-- apiGroups:
- - cluster.x-k8s.io
- resources:
- - clusterclasses
- - clusterclasses/status
- - clusters
- - clusters/finalizers
- - clusters/status
- - machinehealthchecks/finalizers
- - machinehealthchecks/status
- verbs:
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - cluster.x-k8s.io
- resources:
- - machinedeployments
- - machinedeployments/finalizers
- - machinedeployments/status
- - machinehealthchecks
- - machinepools
- - machinepools/finalizers
- - machinepools/status
- - machines
- - machines/finalizers
- - machines/status
- - machinesets
- - machinesets/finalizers
- - machinesets/status
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - cluster.x-k8s.io
- resources:
- - machinedrainrules
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ipam.cluster.x-k8s.io
- resources:
- - ipaddressclaims
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - runtime.cluster.x-k8s.io
- resources:
- - extensionconfigs
- - extensionconfigs/status
- verbs:
- - get
- - list
- - patch
- - update
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-leader-election-rolebinding
- namespace: capi-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: capi-leader-election-role
-subjects:
-- kind: ServiceAccount
- name: capi-manager
- namespace: capi-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-manager-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: capi-aggregated-manager-role
-subjects:
-- kind: ServiceAccount
- name: capi-manager
- namespace: capi-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-webhook-service
- namespace: capi-system
-spec:
- ports:
- - port: 443
- targetPort: webhook-server
- selector:
- cluster.x-k8s.io/provider: cluster-api
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- control-plane: controller-manager
- name: capi-controller-manager
- namespace: capi-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- cluster.x-k8s.io/provider: cluster-api
- control-plane: controller-manager
- strategy: {}
- template:
- metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- control-plane: controller-manager
- spec:
- containers:
- - args:
- - --leader-elect
- - --diagnostics-address=:8443
- - --insecure-diagnostics=false
- - --use-deprecated-infra-machine-naming=false
- - --feature-gates=MachinePool=true,ClusterResourceSet=true,ClusterTopology=false,RuntimeSDK=false,MachineSetPreflightChecks=true,MachineWaitForVolumeDetachConsiderVolumeAttachments=true
- command:
- - /manager
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_UID
- valueFrom:
- fieldRef:
- fieldPath: metadata.uid
- image: registry.k8s.io/cluster-api/cluster-api-controller:v1.9.5
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9443
- name: webhook-server
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- - containerPort: 8443
- name: metrics
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources: {}
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- runAsGroup: 65532
- runAsUser: 65532
- terminationMessagePolicy: FallbackToLogsOnError
- volumeMounts:
- - mountPath: /tmp/k8s-webhook-server/serving-certs
- name: cert
- readOnly: true
- securityContext:
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: capi-manager
- terminationGracePeriodSeconds: 10
- tolerations:
- - effect: NoSchedule
- key: node-role.kubernetes.io/master
- - effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
- volumes:
- - name: cert
- secret:
- secretName: capi-webhook-service-cert
-status: {}
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-mutating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /mutate-cluster-x-k8s-io-v1beta1-cluster
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.cluster.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - clusters
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.clusterclass.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - clusterclasses
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /mutate-cluster-x-k8s-io-v1beta1-machine
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.machine.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machines
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.machinedeployment.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machinedeployments
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.machinehealthcheck.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machinehealthchecks
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /mutate-cluster-x-k8s-io-v1beta1-machineset
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.machineset.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machinesets
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.extensionconfig.runtime.addons.cluster.x-k8s.io
- rules:
- - apiGroups:
- - runtime.cluster.x-k8s.io
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - extensionconfigs
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /mutate-cluster-x-k8s-io-v1beta1-machinepool
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.machinepool.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machinepools
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.clusterresourceset.addons.cluster.x-k8s.io
- rules:
- - apiGroups:
- - addons.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - clusterresourcesets
- sideEffects: None
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: cluster-api
- clusterctl.cluster.x-k8s.io: ""
- name: capi-validating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-cluster-x-k8s-io-v1beta1-cluster
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.cluster.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - clusters
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-cluster-x-k8s-io-v1beta1-clusterclass
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.clusterclass.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - clusterclasses
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-cluster-x-k8s-io-v1beta1-machine
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.machine.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machines
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.machinedeployment.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machinedeployments
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-cluster-x-k8s-io-v1beta1-machinedrainrule
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.machinedrainrule.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machinedrainrules
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.machinehealthcheck.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machinehealthchecks
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-cluster-x-k8s-io-v1beta1-machineset
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.machineset.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machinesets
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.extensionconfig.runtime.cluster.x-k8s.io
- rules:
- - apiGroups:
- - runtime.cluster.x-k8s.io
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - extensionconfigs
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-cluster-x-k8s-io-v1beta1-machinepool
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.machinepool.cluster.x-k8s.io
- rules:
- - apiGroups:
- - cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - machinepools
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.clusterresourceset.addons.cluster.x-k8s.io
- rules:
- - apiGroups:
- - addons.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - clusterresourcesets
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io
- rules:
- - apiGroups:
- - addons.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - clusterresourcesetbindings
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddress
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.ipaddress.ipam.cluster.x-k8s.io
- rules:
- - apiGroups:
- - ipam.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - ipaddresses
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-webhook-service
- namespace: capi-system
- path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddressclaim
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.ipaddressclaim.ipam.cluster.x-k8s.io
- rules:
- - apiGroups:
- - ipam.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - ipaddressclaims
- sideEffects: None
+++ /dev/null
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- control-plane: controller-manager
- name: capi-kubeadm-bootstrap-system
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-selfsigned-issuer
- namespace: capi-kubeadm-bootstrap-system
-spec:
- selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-serving-cert
- namespace: capi-kubeadm-bootstrap-system
-spec:
- dnsNames:
- - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc
- - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local
- issuerRef:
- kind: Issuer
- name: capi-kubeadm-bootstrap-selfsigned-issuer
- secretName: capi-kubeadm-bootstrap-webhook-service-cert
- subject:
- organizations:
- - k8s-sig-cluster-lifecycle
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- cluster.x-k8s.io/v1beta1: v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: kubeadmconfigs.bootstrap.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-kubeadm-bootstrap-webhook-service
- namespace: capi-kubeadm-bootstrap-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: bootstrap.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: KubeadmConfig
- listKind: KubeadmConfigList
- plural: kubeadmconfigs
- singular: kubeadmconfig
- scope: Namespaced
- versions:
- - deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- KubeadmConfig is the Schema for the kubeadmconfigs API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: |-
- KubeadmConfigSpec defines the desired state of KubeadmConfig.
- Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration are
- the configurations necessary for the init command
- properties:
- apiServer:
- description: APIServer contains extra settings for the API server
- control plane component
- properties:
- certSANs:
- description: CertSANs sets extra Subject Alternative Names
- for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: ExtraArgs is an extra set of flags to pass to
- the control plane component.
- type: object
- extraVolumes:
- description: ExtraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- HostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: MountPath is the path inside the pod where
- hostPath will be mounted.
- type: string
- name:
- description: Name of the volume inside the pod template.
- type: string
- pathType:
- description: PathType is the type of the HostPath.
- type: string
- readOnly:
- description: ReadOnly controls write access to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: TimeoutForControlPlane controls the timeout that
- we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- CertificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: ControllerManager contains extra settings for the
- controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: ExtraArgs is an extra set of flags to pass to
- the control plane component.
- type: object
- extraVolumes:
- description: ExtraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- HostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: MountPath is the path inside the pod where
- hostPath will be mounted.
- type: string
- name:
- description: Name of the volume inside the pod template.
- type: string
- pathType:
- description: PathType is the type of the HostPath.
- type: string
- readOnly:
- description: ReadOnly controls write access to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: DNS defines the options for the DNS add-on installed
- in the cluster.
- properties:
- imageRepository:
- description: |-
- ImageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- ImageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type:
- description: Type defines the DNS add-on to be used
- type: string
- type: object
- etcd:
- description: |-
- Etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- External describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- CAFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- CertFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: Endpoints of etcd members. Required for ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- KeyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- Local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- DataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- ExtraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- imageRepository:
- description: |-
- ImageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- ImageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: PeerCertSANs sets extra Subject Alternative
- Names for the etcd peer signing cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: ServerCertSANs sets extra Subject Alternative
- Names for the etcd server signing cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: FeatureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- ImageRepository sets the container registry to pull images from.
- If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io`
- will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- KubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- Networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: DNSDomain is the dns domain used by k8s services.
- Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- PodSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- ServiceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: Scheduler contains extra settings for the scheduler
- control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: ExtraArgs is an extra set of flags to pass to
- the control plane component.
- type: object
- extraVolumes:
- description: ExtraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- HostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: MountPath is the path inside the pod where
- hostPath will be mounted.
- type: string
- name:
- description: Name of the volume inside the pod template.
- type: string
- pathType:
- description: PathType is the type of the HostPath.
- type: string
- readOnly:
- description: ReadOnly controls write access to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- useHyperKubeImage:
- description: UseHyperKubeImage controls if hyperkube should be
- used for Kubernetes components instead of their respective separate
- images
- type: boolean
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation of partition
- tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file systems to
- setup.
- items:
- description: Filesystem defines the file systems to be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options to add to the
- command for creating the file system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system type.
- type: string
- label:
- description: label specifies the file system label to be
- used. If set to None, no label is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition to use.
- The valid options are: "auto|any", "auto", "any", "none",
- and <NUM>, where NUM is the actual partition number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the partitions to
- setup.
- items:
- description: Partition defines how to create and layout a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed to user_data
- upon creation.
- items:
- description: File defines the input for generating write_files in
- cloud-init.
- properties:
- content:
- description: content is the actual content of the file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source of content to
- populate the file.
- properties:
- secret:
- description: secret represents a secret that should populate
- this file.
- properties:
- key:
- description: key is the key in the secret's data map
- for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of the file contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the file, e.g.
- "root:root".
- type: string
- path:
- description: path specifies the full path on disk where to store
- the file.
- type: string
- permissions:
- description: permissions specifies the permissions to assign
- to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the bootstrap data
- enum:
- - cloud-config
- type: string
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration are
- the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap token, stored
- as a Secret in the cluster.
- properties:
- description:
- description: |-
- Description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- Expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- Groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- Token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- TTL defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- Usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: AdvertiseAddress sets the IP address for the
- API server to advertise.
- type: string
- bindPort:
- description: |-
- BindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- required:
- - advertiseAddress
- - bindPort
- type: object
- nodeRegistration:
- description: |-
- NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: CRISocket is used to retrieve container runtime
- info. This information will be annotated to the Node API
- object, for later re-use
- type: string
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied to
- a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the taint
- key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration for the
- join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- CACertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- ControlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: LocalAPIEndpoint represents the endpoint of the
- API server instance to be deployed on this node.
- properties:
- advertiseAddress:
- description: AdvertiseAddress sets the IP address for
- the API server to advertise.
- type: string
- bindPort:
- description: |-
- BindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- required:
- - advertiseAddress
- - bindPort
- type: object
- type: object
- discovery:
- description: Discovery specifies the options for the kubelet to
- use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- BootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: APIServerEndpoint is an IP or domain name
- to the API server from which info will be fetched.
- type: string
- caCertHashes:
- description: |-
- CACertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- Token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- UnsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- - unsafeSkipCAVerification
- type: object
- file:
- description: |-
- File is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfigPath:
- description: KubeConfigPath is used to specify the actual
- file path or URL to the kubeconfig file from which to
- load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: Timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- TLSBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: CRISocket is used to retrieve container runtime
- info. This information will be annotated to the Node API
- object, for later re-use
- type: string
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied to
- a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the taint
- key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- mounts:
- description: mounts specifies a list of mount points to be setup.
- items:
- description: MountPoints defines input for generated mounts in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands to run after
- kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands to run before
- kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated user in cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for the user
- type: string
- groups:
- description: groups specifies the additional groups for the
- user
- type: string
- homeDir:
- description: homeDir specifies the home directory to use for
- the user
- type: string
- inactive:
- description: inactive specifies whether to mark the user as
- inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password login should
- be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password for the user
- type: string
- primaryGroup:
- description: primaryGroup specifies the primary group for the
- user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list of ssh authorized
- keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- status:
- description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
- properties:
- bootstrapData:
- description: |-
- bootstrapData will be a cloud-init script for now.
-
- Deprecated: Switch to DataSecretName.
- format: byte
- type: string
- conditions:
- description: conditions defines current service state of the KubeadmConfig.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- dataSecretName:
- description: dataSecretName is the name of the secret that stores
- the bootstrap data script.
- type: string
- failureMessage:
- description: failureMessage will be set on non-retryable errors
- type: string
- failureReason:
- description: failureReason will be set on non-retryable errors
- type: string
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- ready:
- description: ready indicates the BootstrapData field is ready to be
- consumed
- type: boolean
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of KubeadmConfig
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- KubeadmConfig is the Schema for the kubeadmconfigs API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: |-
- KubeadmConfigSpec defines the desired state of KubeadmConfig.
- Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration are
- the configurations necessary for the init command
- properties:
- apiServer:
- description: apiServer contains extra settings for the API server
- control plane component
- properties:
- certSANs:
- description: certSANs sets extra Subject Alternative Names
- for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass to
- the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod where
- hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: timeoutForControlPlane controls the timeout that
- we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- certificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: controllerManager contains extra settings for the
- controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass to
- the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod where
- hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: dns defines the options for the DNS add-on installed
- in the cluster.
- properties:
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type: object
- etcd:
- description: |-
- etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- external describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- caFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- certFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: endpoints of etcd members. Required for ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- keyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- dataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- extraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: peerCertSANs sets extra Subject Alternative
- Names for the etcd peer signing cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: serverCertSANs sets extra Subject Alternative
- Names for the etcd server signing cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: featureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
- will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- kubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: dnsDomain is the dns domain used by k8s services.
- Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- podSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- serviceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: scheduler contains extra settings for the scheduler
- control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass to
- the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod where
- hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation of partition
- tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file systems to
- setup.
- items:
- description: Filesystem defines the file systems to be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options to add to the
- command for creating the file system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system type.
- type: string
- label:
- description: label specifies the file system label to be
- used. If set to None, no label is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition to use.
- The valid options are: "auto|any", "auto", "any", "none",
- and <NUM>, where NUM is the actual partition number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the partitions to
- setup.
- items:
- description: Partition defines how to create and layout a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed to user_data
- upon creation.
- items:
- description: File defines the input for generating write_files in
- cloud-init.
- properties:
- content:
- description: content is the actual content of the file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source of content to
- populate the file.
- properties:
- secret:
- description: secret represents a secret that should populate
- this file.
- properties:
- key:
- description: key is the key in the secret's data map
- for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of the file contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the file, e.g.
- "root:root".
- type: string
- path:
- description: path specifies the full path on disk where to store
- the file.
- type: string
- permissions:
- description: permissions specifies the permissions to assign
- to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the bootstrap data
- enum:
- - cloud-config
- type: string
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration are
- the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap token, stored
- as a Secret in the cluster.
- properties:
- description:
- description: |-
- description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- ttl defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address for the
- API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container runtime
- info. This information will be annotated to the Node API
- object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice of pre-flight
- errors to be ignored when the current node is registered.
- items:
- type: string
- type: array
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied to
- a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the taint
- key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration for the
- join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- caCertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- controlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: localAPIEndpoint represents the endpoint of the
- API server instance to be deployed on this node.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address for
- the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- type: object
- discovery:
- description: discovery specifies the options for the kubelet to
- use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- bootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: apiServerEndpoint is an IP or domain name
- to the API server from which info will be fetched.
- type: string
- caCertHashes:
- description: |-
- caCertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- unsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- type: object
- file:
- description: |-
- file is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfigPath:
- description: kubeConfigPath is used to specify the actual
- file path or URL to the kubeconfig file from which to
- load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- tlsBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container runtime
- info. This information will be annotated to the Node API
- object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice of pre-flight
- errors to be ignored when the current node is registered.
- items:
- type: string
- type: array
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied to
- a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the taint
- key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- mounts:
- description: mounts specifies a list of mount points to be setup.
- items:
- description: MountPoints defines input for generated mounts in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands to run after
- kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands to run before
- kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated user in cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for the user
- type: string
- groups:
- description: groups specifies the additional groups for the
- user
- type: string
- homeDir:
- description: homeDir specifies the home directory to use for
- the user
- type: string
- inactive:
- description: inactive specifies whether to mark the user as
- inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password login should
- be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password for the user
- type: string
- primaryGroup:
- description: primaryGroup specifies the primary group for the
- user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list of ssh authorized
- keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- status:
- description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
- properties:
- conditions:
- description: conditions defines current service state of the KubeadmConfig.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- dataSecretName:
- description: dataSecretName is the name of the secret that stores
- the bootstrap data script.
- type: string
- failureMessage:
- description: failureMessage will be set on non-retryable errors
- type: string
- failureReason:
- description: failureReason will be set on non-retryable errors
- type: string
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- ready:
- description: ready indicates the BootstrapData field is ready to be
- consumed
- type: boolean
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
- name: Cluster
- type: string
- - description: Time duration since creation of KubeadmConfig
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: KubeadmConfig is the Schema for the kubeadmconfigs API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: |-
- KubeadmConfigSpec defines the desired state of KubeadmConfig.
- Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration are
- the configurations necessary for the init command
- properties:
- apiServer:
- description: apiServer contains extra settings for the API server
- control plane component
- properties:
- certSANs:
- description: certSANs sets extra Subject Alternative Names
- for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass to
- the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod where
- hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: timeoutForControlPlane controls the timeout that
- we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- certificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: controllerManager contains extra settings for the
- controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass to
- the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod where
- hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: dns defines the options for the DNS add-on installed
- in the cluster.
- properties:
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type: object
- etcd:
- description: |-
- etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- external describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- caFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- certFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: endpoints of etcd members. Required for ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- keyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- dataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- extraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required for
- volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the
- pod's namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: peerCertSANs sets extra Subject Alternative
- Names for the etcd peer signing cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: serverCertSANs sets extra Subject Alternative
- Names for the etcd server signing cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: featureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- * If not set, the default registry of kubeadm will be used, i.e.
- * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
- * k8s.gcr.io (old registry): all older versions
- Please note that when imageRepository is not set we don't allow upgrades to
- versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
- a newer patch version with the new registry instead (i.e. >= v1.22.17,
- >= v1.23.15, >= v1.24.9, >= v1.25.0).
- * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
- and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- kubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: dnsDomain is the dns domain used by k8s services.
- Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- podSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- serviceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: scheduler contains extra settings for the scheduler
- control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass to
- the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod where
- hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation of partition
- tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file systems to
- setup.
- items:
- description: Filesystem defines the file systems to be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options to add to the
- command for creating the file system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system type.
- type: string
- label:
- description: label specifies the file system label to be
- used. If set to None, no label is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition to use.
- The valid options are: "auto|any", "auto", "any", "none",
- and <NUM>, where NUM is the actual partition number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the partitions to
- setup.
- items:
- description: Partition defines how to create and layout a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed to user_data
- upon creation.
- items:
- description: File defines the input for generating write_files in
- cloud-init.
- properties:
- append:
- description: append specifies whether to append Content to existing
- file if Path exists.
- type: boolean
- content:
- description: content is the actual content of the file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source of content to
- populate the file.
- properties:
- secret:
- description: secret represents a secret that should populate
- this file.
- properties:
- key:
- description: key is the key in the secret's data map
- for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of the file contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the file, e.g.
- "root:root".
- type: string
- path:
- description: path specifies the full path on disk where to store
- the file.
- type: string
- permissions:
- description: permissions specifies the permissions to assign
- to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the bootstrap data
- enum:
- - cloud-config
- - ignition
- type: string
- ignition:
- description: ignition contains Ignition specific configuration.
- properties:
- containerLinuxConfig:
- description: containerLinuxConfig contains CLC specific configuration.
- properties:
- additionalConfig:
- description: |-
- additionalConfig contains additional configuration to be merged with the Ignition
- configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
-
- The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
- type: string
- strict:
- description: strict controls if AdditionalConfig should be
- strictly parsed. If so, warnings are treated as errors.
- type: boolean
- type: object
- type: object
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration are
- the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap token, stored
- as a Secret in the cluster.
- properties:
- description:
- description: |-
- description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- ttl defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address for the
- API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container runtime
- info. This information will be annotated to the Node API
- object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice of pre-flight
- errors to be ignored when the current node is registered.
- items:
- type: string
- type: array
- imagePullPolicy:
- description: |-
- imagePullPolicy specifies the policy for image pulling
- during kubeadm "init" and "join" operations. The value of
- this field must be one of "Always", "IfNotPresent" or
- "Never". Defaults to "IfNotPresent". This can be used only
- with Kubernetes version equal to 1.22 and later.
- enum:
- - Always
- - IfNotPresent
- - Never
- type: string
- imagePullSerial:
- description: |-
- imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
- This option takes effect only on Kubernetes >=1.31.0.
- Default: true (defaulted in kubeadm)
- type: boolean
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied to
- a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the taint
- key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- patches:
- description: |-
- patches contains options related to applying patches to components deployed by kubeadm during
- "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
- properties:
- directory:
- description: |-
- directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
- For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
- "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
- of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
- The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
- "suffix" is an optional string that can be used to determine which patches are applied
- first alpha-numerically.
- These files can be written into the target directory via KubeadmConfig.Files which
- specifies additional files to be created on the machine, either with content inline or
- by referencing a secret.
- type: string
- type: object
- skipPhases:
- description: |-
- skipPhases is a list of phases to skip during command execution.
- The list of phases can be obtained with the "kubeadm init --help" command.
- This option takes effect only on Kubernetes >=1.22.0.
- items:
- type: string
- type: array
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration for the
- join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- caCertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- controlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: localAPIEndpoint represents the endpoint of the
- API server instance to be deployed on this node.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address for
- the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- type: object
- discovery:
- description: discovery specifies the options for the kubelet to
- use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- bootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: apiServerEndpoint is an IP or domain name
- to the API server from which info will be fetched.
- type: string
- caCertHashes:
- description: |-
- caCertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- unsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- type: object
- file:
- description: |-
- file is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfig:
- description: |-
- kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
- The file is generated at the path specified in KubeConfigPath.
-
- Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
- Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
- properties:
- cluster:
- description: |-
- cluster contains information about how to communicate with the kubernetes cluster.
-
- By default the following fields are automatically populated:
- - Server with the Cluster's ControlPlaneEndpoint.
- - CertificateAuthorityData with the Cluster's CA certificate.
- properties:
- certificateAuthorityData:
- description: |-
- certificateAuthorityData contains PEM-encoded certificate authority certificates.
-
- Defaults to the Cluster's CA certificate if empty.
- format: byte
- type: string
- insecureSkipTLSVerify:
- description: insecureSkipTLSVerify skips the validity
- check for the server's certificate. This will
- make your HTTPS connections insecure.
- type: boolean
- proxyURL:
- description: |-
- proxyURL is the URL to the proxy to be used for all requests made by this
- client. URLs with "http", "https", and "socks5" schemes are supported. If
- this configuration is not provided or the empty string, the client
- attempts to construct a proxy configuration from http_proxy and
- https_proxy environment variables. If these environment variables are not
- set, the client does not attempt to proxy requests.
-
- socks5 proxying does not currently support spdy streaming endpoints (exec,
- attach, port forward).
- type: string
- server:
- description: |-
- server is the address of the kubernetes cluster (https://hostname:port).
-
- Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
- type: string
- tlsServerName:
- description: tlsServerName is used to check server
- certificate. If TLSServerName is empty, the
- hostname used to contact the server is used.
- type: string
- type: object
- user:
- description: |-
- user contains information that describes identity information.
- This is used to tell the kubernetes cluster who you are.
- properties:
- authProvider:
- description: authProvider specifies a custom authentication
- plugin for the kubernetes cluster.
- properties:
- config:
- additionalProperties:
- type: string
- description: config holds the parameters for
- the authentication plugin.
- type: object
- name:
- description: name is the name of the authentication
- plugin.
- type: string
- required:
- - name
- type: object
- exec:
- description: exec specifies a custom exec-based
- authentication plugin for the kubernetes cluster.
- properties:
- apiVersion:
- description: |-
- Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
- the same encoding version as the input.
- Defaults to client.authentication.k8s.io/v1 if not set.
- type: string
- args:
- description: Arguments to pass to the command
- when executing it.
- items:
- type: string
- type: array
- command:
- description: command to execute.
- type: string
- env:
- description: |-
- env defines additional environment variables to expose to the process. These
- are unioned with the host's environment, as well as variables client-go uses
- to pass argument to the plugin.
- items:
- description: |-
- KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
- credential plugin.
- properties:
- name:
- type: string
- value:
- type: string
- required:
- - name
- - value
- type: object
- type: array
- provideClusterInfo:
- description: |-
- provideClusterInfo determines whether or not to provide cluster information,
- which could potentially contain very large CA data, to this exec plugin as a
- part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
- to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
- reading this environment variable.
- type: boolean
- required:
- - command
- type: object
- type: object
- required:
- - user
- type: object
- kubeConfigPath:
- description: kubeConfigPath is used to specify the actual
- file path or URL to the kubeconfig file from which to
- load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- tlsBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container runtime
- info. This information will be annotated to the Node API
- object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice of pre-flight
- errors to be ignored when the current node is registered.
- items:
- type: string
- type: array
- imagePullPolicy:
- description: |-
- imagePullPolicy specifies the policy for image pulling
- during kubeadm "init" and "join" operations. The value of
- this field must be one of "Always", "IfNotPresent" or
- "Never". Defaults to "IfNotPresent". This can be used only
- with Kubernetes version equal to 1.22 and later.
- enum:
- - Always
- - IfNotPresent
- - Never
- type: string
- imagePullSerial:
- description: |-
- imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
- This option takes effect only on Kubernetes >=1.31.0.
- Default: true (defaulted in kubeadm)
- type: boolean
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied to
- a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the taint
- key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- patches:
- description: |-
- patches contains options related to applying patches to components deployed by kubeadm during
- "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
- properties:
- directory:
- description: |-
- directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
- For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
- "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
- of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
- The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
- "suffix" is an optional string that can be used to determine which patches are applied
- first alpha-numerically.
- These files can be written into the target directory via KubeadmConfig.Files which
- specifies additional files to be created on the machine, either with content inline or
- by referencing a secret.
- type: string
- type: object
- skipPhases:
- description: |-
- skipPhases is a list of phases to skip during command execution.
- The list of phases can be obtained with the "kubeadm init --help" command.
- This option takes effect only on Kubernetes >=1.22.0.
- items:
- type: string
- type: array
- type: object
- mounts:
- description: mounts specifies a list of mount points to be setup.
- items:
- description: MountPoints defines input for generated mounts in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands to run after
- kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands to run before
- kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-
- Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
- When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated user in cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for the user
- type: string
- groups:
- description: groups specifies the additional groups for the
- user
- type: string
- homeDir:
- description: homeDir specifies the home directory to use for
- the user
- type: string
- inactive:
- description: inactive specifies whether to mark the user as
- inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password login should
- be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password for the user
- type: string
- passwdFrom:
- description: passwdFrom is a referenced source of passwd to
- populate the passwd.
- properties:
- secret:
- description: secret represents a secret that should populate
- this password.
- properties:
- key:
- description: key is the key in the secret's data map
- for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- primaryGroup:
- description: primaryGroup specifies the primary group for the
- user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list of ssh authorized
- keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- status:
- description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
- properties:
- conditions:
- description: conditions defines current service state of the KubeadmConfig.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- dataSecretName:
- description: dataSecretName is the name of the secret that stores
- the bootstrap data script.
- type: string
- failureMessage:
- description: |-
- failureMessage will be set on non-retryable errors
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- failureReason:
- description: |-
- failureReason will be set on non-retryable errors
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- ready:
- description: ready indicates the BootstrapData field is ready to be
- consumed
- type: boolean
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in KubeadmConfig's status with the V1Beta2 version.
- properties:
- conditions:
- description: |-
- conditions represents the observations of a KubeadmConfig's current state.
- Known condition types are Ready, DataSecretAvailable, CertificatesAvailable.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- cluster.x-k8s.io/v1beta1: v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-kubeadm-bootstrap-webhook-service
- namespace: capi-kubeadm-bootstrap-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: bootstrap.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: KubeadmConfigTemplate
- listKind: KubeadmConfigTemplateList
- plural: kubeadmconfigtemplates
- singular: kubeadmconfigtemplate
- scope: Namespaced
- versions:
- - deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
- properties:
- template:
- description: KubeadmConfigTemplateResource defines the Template structure.
- properties:
- spec:
- description: |-
- KubeadmConfigSpec defines the desired state of KubeadmConfig.
- Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration
- are the configurations necessary for the init command
- properties:
- apiServer:
- description: APIServer contains extra settings for the
- API server control plane component
- properties:
- certSANs:
- description: CertSANs sets extra Subject Alternative
- Names for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: ExtraArgs is an extra set of flags to
- pass to the control plane component.
- type: object
- extraVolumes:
- description: ExtraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- HostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: MountPath is the path inside the
- pod where hostPath will be mounted.
- type: string
- name:
- description: Name of the volume inside the pod
- template.
- type: string
- pathType:
- description: PathType is the type of the HostPath.
- type: string
- readOnly:
- description: ReadOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: TimeoutForControlPlane controls the timeout
- that we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- CertificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: ControllerManager contains extra settings
- for the controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: ExtraArgs is an extra set of flags to
- pass to the control plane component.
- type: object
- extraVolumes:
- description: ExtraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- HostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: MountPath is the path inside the
- pod where hostPath will be mounted.
- type: string
- name:
- description: Name of the volume inside the pod
- template.
- type: string
- pathType:
- description: PathType is the type of the HostPath.
- type: string
- readOnly:
- description: ReadOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: DNS defines the options for the DNS add-on
- installed in the cluster.
- properties:
- imageRepository:
- description: |-
- ImageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- ImageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type:
- description: Type defines the DNS add-on to be used
- type: string
- type: object
- etcd:
- description: |-
- Etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- External describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- CAFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- CertFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: Endpoints of etcd members. Required
- for ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- KeyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- Local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- DataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- ExtraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- imageRepository:
- description: |-
- ImageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- ImageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: PeerCertSANs sets extra Subject Alternative
- Names for the etcd peer signing cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: ServerCertSANs sets extra Subject
- Alternative Names for the etcd server signing
- cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: FeatureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- ImageRepository sets the container registry to pull images from.
- If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io`
- will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- KubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- Networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: DNSDomain is the dns domain used by k8s
- services. Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- PodSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- ServiceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: Scheduler contains extra settings for the
- scheduler control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: ExtraArgs is an extra set of flags to
- pass to the control plane component.
- type: object
- extraVolumes:
- description: ExtraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- HostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: MountPath is the path inside the
- pod where hostPath will be mounted.
- type: string
- name:
- description: Name of the volume inside the pod
- template.
- type: string
- pathType:
- description: PathType is the type of the HostPath.
- type: string
- readOnly:
- description: ReadOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- useHyperKubeImage:
- description: UseHyperKubeImage controls if hyperkube should
- be used for Kubernetes components instead of their respective
- separate images
- type: boolean
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation
- of partition tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file systems
- to setup.
- items:
- description: Filesystem defines the file systems to
- be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options to
- add to the command for creating the file system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system
- type.
- type: string
- label:
- description: label specifies the file system label
- to be used. If set to None, no label is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition
- to use. The valid options are: "auto|any", "auto",
- "any", "none", and <NUM>, where NUM is the actual
- partition number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the partitions
- to setup.
- items:
- description: Partition defines how to create and layout
- a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed to user_data
- upon creation.
- items:
- description: File defines the input for generating write_files
- in cloud-init.
- properties:
- content:
- description: content is the actual content of the file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source of content
- to populate the file.
- properties:
- secret:
- description: secret represents a secret that should
- populate this file.
- properties:
- key:
- description: key is the key in the secret's
- data map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of the
- file contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the file,
- e.g. "root:root".
- type: string
- path:
- description: path specifies the full path on disk where
- to store the file.
- type: string
- permissions:
- description: permissions specifies the permissions to
- assign to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the bootstrap
- data
- enum:
- - cloud-config
- type: string
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration
- are the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap
- token, stored as a Secret in the cluster.
- properties:
- description:
- description: |-
- Description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- Expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- Groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- Token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- TTL defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- Usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: AdvertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- BindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- required:
- - advertiseAddress
- - bindPort
- type: object
- nodeRegistration:
- description: |-
- NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: CRISocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to
- the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration
- for the join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- CACertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- ControlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: LocalAPIEndpoint represents the endpoint
- of the API server instance to be deployed on this
- node.
- properties:
- advertiseAddress:
- description: AdvertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- BindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- required:
- - advertiseAddress
- - bindPort
- type: object
- type: object
- discovery:
- description: Discovery specifies the options for the kubelet
- to use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- BootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: APIServerEndpoint is an IP or domain
- name to the API server from which info will
- be fetched.
- type: string
- caCertHashes:
- description: |-
- CACertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- Token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- UnsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- - unsafeSkipCAVerification
- type: object
- file:
- description: |-
- File is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfigPath:
- description: KubeConfigPath is used to specify
- the actual file path or URL to the kubeconfig
- file from which to load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: Timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- TLSBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: CRISocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to
- the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- mounts:
- description: mounts specifies a list of mount points to be
- setup.
- items:
- description: MountPoints defines input for generated mounts
- in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands
- to run after kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands to
- run before kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated user
- in cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for the
- user
- type: string
- groups:
- description: groups specifies the additional groups
- for the user
- type: string
- homeDir:
- description: homeDir specifies the home directory to
- use for the user
- type: string
- inactive:
- description: inactive specifies whether to mark the
- user as inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password login
- should be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password for
- the user
- type: string
- primaryGroup:
- description: primaryGroup specifies the primary group
- for the user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list of ssh
- authorized keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- type: object
- required:
- - template
- type: object
- type: object
- served: false
- storage: false
- - additionalPrinterColumns:
- - description: Time duration since creation of KubeadmConfigTemplate
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
- properties:
- template:
- description: KubeadmConfigTemplateResource defines the Template structure.
- properties:
- spec:
- description: |-
- KubeadmConfigSpec defines the desired state of KubeadmConfig.
- Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration
- are the configurations necessary for the init command
- properties:
- apiServer:
- description: apiServer contains extra settings for the
- API server control plane component
- properties:
- certSANs:
- description: certSANs sets extra Subject Alternative
- Names for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to
- pass to the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the
- pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod
- template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: timeoutForControlPlane controls the timeout
- that we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- certificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: controllerManager contains extra settings
- for the controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to
- pass to the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the
- pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod
- template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: dns defines the options for the DNS add-on
- installed in the cluster.
- properties:
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type: object
- etcd:
- description: |-
- etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- external describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- caFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- certFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: endpoints of etcd members. Required
- for ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- keyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- dataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- extraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: peerCertSANs sets extra Subject Alternative
- Names for the etcd peer signing cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: serverCertSANs sets extra Subject
- Alternative Names for the etcd server signing
- cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: featureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
- will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- kubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: dnsDomain is the dns domain used by k8s
- services. Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- podSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- serviceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: scheduler contains extra settings for the
- scheduler control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to
- pass to the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the
- pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod
- template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation
- of partition tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file systems
- to setup.
- items:
- description: Filesystem defines the file systems to
- be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options to
- add to the command for creating the file system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system
- type.
- type: string
- label:
- description: label specifies the file system label
- to be used. If set to None, no label is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition
- to use. The valid options are: "auto|any", "auto",
- "any", "none", and <NUM>, where NUM is the actual
- partition number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the partitions
- to setup.
- items:
- description: Partition defines how to create and layout
- a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed to user_data
- upon creation.
- items:
- description: File defines the input for generating write_files
- in cloud-init.
- properties:
- content:
- description: content is the actual content of the file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source of content
- to populate the file.
- properties:
- secret:
- description: secret represents a secret that should
- populate this file.
- properties:
- key:
- description: key is the key in the secret's
- data map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of the
- file contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the file,
- e.g. "root:root".
- type: string
- path:
- description: path specifies the full path on disk where
- to store the file.
- type: string
- permissions:
- description: permissions specifies the permissions to
- assign to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the bootstrap
- data
- enum:
- - cloud-config
- type: string
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration
- are the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap
- token, stored as a Secret in the cluster.
- properties:
- description:
- description: |-
- description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- ttl defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice
- of pre-flight errors to be ignored when the current
- node is registered.
- items:
- type: string
- type: array
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to
- the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration
- for the join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- caCertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- controlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: localAPIEndpoint represents the endpoint
- of the API server instance to be deployed on this
- node.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- type: object
- discovery:
- description: discovery specifies the options for the kubelet
- to use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- bootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: apiServerEndpoint is an IP or domain
- name to the API server from which info will
- be fetched.
- type: string
- caCertHashes:
- description: |-
- caCertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- unsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- type: object
- file:
- description: |-
- file is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfigPath:
- description: kubeConfigPath is used to specify
- the actual file path or URL to the kubeconfig
- file from which to load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- tlsBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice
- of pre-flight errors to be ignored when the current
- node is registered.
- items:
- type: string
- type: array
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to
- the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- mounts:
- description: mounts specifies a list of mount points to be
- setup.
- items:
- description: MountPoints defines input for generated mounts
- in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands
- to run after kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands to
- run before kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated user
- in cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for the
- user
- type: string
- groups:
- description: groups specifies the additional groups
- for the user
- type: string
- homeDir:
- description: homeDir specifies the home directory to
- use for the user
- type: string
- inactive:
- description: inactive specifies whether to mark the
- user as inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password login
- should be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password for
- the user
- type: string
- primaryGroup:
- description: primaryGroup specifies the primary group
- for the user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list of ssh
- authorized keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- type: object
- required:
- - template
- type: object
- type: object
- served: false
- storage: false
- subresources: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of KubeadmConfigTemplate
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
- API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
- properties:
- template:
- description: KubeadmConfigTemplateResource defines the Template structure.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- spec:
- description: |-
- KubeadmConfigSpec defines the desired state of KubeadmConfig.
- Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration
- are the configurations necessary for the init command
- properties:
- apiServer:
- description: apiServer contains extra settings for the
- API server control plane component
- properties:
- certSANs:
- description: certSANs sets extra Subject Alternative
- Names for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to
- pass to the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults
- to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the
- pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod
- template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: timeoutForControlPlane controls the timeout
- that we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- certificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: controllerManager contains extra settings
- for the controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to
- pass to the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults
- to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the
- pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod
- template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: dns defines the options for the DNS add-on
- installed in the cluster.
- properties:
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type: object
- etcd:
- description: |-
- etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- external describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- caFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- certFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: endpoints of etcd members. Required
- for ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- keyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- dataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- extraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if value
- is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env
- vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: peerCertSANs sets extra Subject Alternative
- Names for the etcd peer signing cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: serverCertSANs sets extra Subject
- Alternative Names for the etcd server signing
- cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: featureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- * If not set, the default registry of kubeadm will be used, i.e.
- * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
- * k8s.gcr.io (old registry): all older versions
- Please note that when imageRepository is not set we don't allow upgrades to
- versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
- a newer patch version with the new registry instead (i.e. >= v1.22.17,
- >= v1.23.15, >= v1.24.9, >= v1.25.0).
- * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
- and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- kubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: dnsDomain is the dns domain used by k8s
- services. Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- podSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- serviceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: scheduler contains extra settings for the
- scheduler control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to
- pass to the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults
- to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the
- pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod
- template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation
- of partition tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file systems
- to setup.
- items:
- description: Filesystem defines the file systems to
- be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options to
- add to the command for creating the file system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system
- type.
- type: string
- label:
- description: label specifies the file system label
- to be used. If set to None, no label is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition
- to use. The valid options are: "auto|any", "auto",
- "any", "none", and <NUM>, where NUM is the actual
- partition number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the partitions
- to setup.
- items:
- description: Partition defines how to create and layout
- a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed to user_data
- upon creation.
- items:
- description: File defines the input for generating write_files
- in cloud-init.
- properties:
- append:
- description: append specifies whether to append Content
- to existing file if Path exists.
- type: boolean
- content:
- description: content is the actual content of the file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source of content
- to populate the file.
- properties:
- secret:
- description: secret represents a secret that should
- populate this file.
- properties:
- key:
- description: key is the key in the secret's
- data map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of the
- file contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the file,
- e.g. "root:root".
- type: string
- path:
- description: path specifies the full path on disk where
- to store the file.
- type: string
- permissions:
- description: permissions specifies the permissions to
- assign to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the bootstrap
- data
- enum:
- - cloud-config
- - ignition
- type: string
- ignition:
- description: ignition contains Ignition specific configuration.
- properties:
- containerLinuxConfig:
- description: containerLinuxConfig contains CLC specific
- configuration.
- properties:
- additionalConfig:
- description: |-
- additionalConfig contains additional configuration to be merged with the Ignition
- configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
-
- The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
- type: string
- strict:
- description: strict controls if AdditionalConfig should
- be strictly parsed. If so, warnings are treated
- as errors.
- type: boolean
- type: object
- type: object
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration
- are the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap
- token, stored as a Secret in the cluster.
- properties:
- description:
- description: |-
- description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- ttl defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice
- of pre-flight errors to be ignored when the current
- node is registered.
- items:
- type: string
- type: array
- imagePullPolicy:
- description: |-
- imagePullPolicy specifies the policy for image pulling
- during kubeadm "init" and "join" operations. The value of
- this field must be one of "Always", "IfNotPresent" or
- "Never". Defaults to "IfNotPresent". This can be used only
- with Kubernetes version equal to 1.22 and later.
- enum:
- - Always
- - IfNotPresent
- - Never
- type: string
- imagePullSerial:
- description: |-
- imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
- This option takes effect only on Kubernetes >=1.31.0.
- Default: true (defaulted in kubeadm)
- type: boolean
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to
- the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- patches:
- description: |-
- patches contains options related to applying patches to components deployed by kubeadm during
- "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
- properties:
- directory:
- description: |-
- directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
- For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
- "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
- of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
- The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
- "suffix" is an optional string that can be used to determine which patches are applied
- first alpha-numerically.
- These files can be written into the target directory via KubeadmConfig.Files which
- specifies additional files to be created on the machine, either with content inline or
- by referencing a secret.
- type: string
- type: object
- skipPhases:
- description: |-
- skipPhases is a list of phases to skip during command execution.
- The list of phases can be obtained with the "kubeadm init --help" command.
- This option takes effect only on Kubernetes >=1.22.0.
- items:
- type: string
- type: array
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration
- for the join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- caCertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- controlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: localAPIEndpoint represents the endpoint
- of the API server instance to be deployed on this
- node.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- type: object
- discovery:
- description: discovery specifies the options for the kubelet
- to use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- bootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: apiServerEndpoint is an IP or domain
- name to the API server from which info will
- be fetched.
- type: string
- caCertHashes:
- description: |-
- caCertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- unsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- type: object
- file:
- description: |-
- file is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfig:
- description: |-
- kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
- The file is generated at the path specified in KubeConfigPath.
-
- Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
- Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
- properties:
- cluster:
- description: |-
- cluster contains information about how to communicate with the kubernetes cluster.
-
- By default the following fields are automatically populated:
- - Server with the Cluster's ControlPlaneEndpoint.
- - CertificateAuthorityData with the Cluster's CA certificate.
- properties:
- certificateAuthorityData:
- description: |-
- certificateAuthorityData contains PEM-encoded certificate authority certificates.
-
- Defaults to the Cluster's CA certificate if empty.
- format: byte
- type: string
- insecureSkipTLSVerify:
- description: insecureSkipTLSVerify skips
- the validity check for the server's
- certificate. This will make your HTTPS
- connections insecure.
- type: boolean
- proxyURL:
- description: |-
- proxyURL is the URL to the proxy to be used for all requests made by this
- client. URLs with "http", "https", and "socks5" schemes are supported. If
- this configuration is not provided or the empty string, the client
- attempts to construct a proxy configuration from http_proxy and
- https_proxy environment variables. If these environment variables are not
- set, the client does not attempt to proxy requests.
-
- socks5 proxying does not currently support spdy streaming endpoints (exec,
- attach, port forward).
- type: string
- server:
- description: |-
- server is the address of the kubernetes cluster (https://hostname:port).
-
- Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
- type: string
- tlsServerName:
- description: tlsServerName is used to
- check server certificate. If TLSServerName
- is empty, the hostname used to contact
- the server is used.
- type: string
- type: object
- user:
- description: |-
- user contains information that describes identity information.
- This is used to tell the kubernetes cluster who you are.
- properties:
- authProvider:
- description: authProvider specifies a
- custom authentication plugin for the
- kubernetes cluster.
- properties:
- config:
- additionalProperties:
- type: string
- description: config holds the parameters
- for the authentication plugin.
- type: object
- name:
- description: name is the name of the
- authentication plugin.
- type: string
- required:
- - name
- type: object
- exec:
- description: exec specifies a custom exec-based
- authentication plugin for the kubernetes
- cluster.
- properties:
- apiVersion:
- description: |-
- Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
- the same encoding version as the input.
- Defaults to client.authentication.k8s.io/v1 if not set.
- type: string
- args:
- description: Arguments to pass to
- the command when executing it.
- items:
- type: string
- type: array
- command:
- description: command to execute.
- type: string
- env:
- description: |-
- env defines additional environment variables to expose to the process. These
- are unioned with the host's environment, as well as variables client-go uses
- to pass argument to the plugin.
- items:
- description: |-
- KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
- credential plugin.
- properties:
- name:
- type: string
- value:
- type: string
- required:
- - name
- - value
- type: object
- type: array
- provideClusterInfo:
- description: |-
- provideClusterInfo determines whether or not to provide cluster information,
- which could potentially contain very large CA data, to this exec plugin as a
- part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
- to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
- reading this environment variable.
- type: boolean
- required:
- - command
- type: object
- type: object
- required:
- - user
- type: object
- kubeConfigPath:
- description: kubeConfigPath is used to specify
- the actual file path or URL to the kubeconfig
- file from which to load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- tlsBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice
- of pre-flight errors to be ignored when the current
- node is registered.
- items:
- type: string
- type: array
- imagePullPolicy:
- description: |-
- imagePullPolicy specifies the policy for image pulling
- during kubeadm "init" and "join" operations. The value of
- this field must be one of "Always", "IfNotPresent" or
- "Never". Defaults to "IfNotPresent". This can be used only
- with Kubernetes version equal to 1.22 and later.
- enum:
- - Always
- - IfNotPresent
- - Never
- type: string
- imagePullSerial:
- description: |-
- imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
- This option takes effect only on Kubernetes >=1.31.0.
- Default: true (defaulted in kubeadm)
- type: boolean
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to
- the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- patches:
- description: |-
- patches contains options related to applying patches to components deployed by kubeadm during
- "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
- properties:
- directory:
- description: |-
- directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
- For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
- "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
- of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
- The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
- "suffix" is an optional string that can be used to determine which patches are applied
- first alpha-numerically.
- These files can be written into the target directory via KubeadmConfig.Files which
- specifies additional files to be created on the machine, either with content inline or
- by referencing a secret.
- type: string
- type: object
- skipPhases:
- description: |-
- skipPhases is a list of phases to skip during command execution.
- The list of phases can be obtained with the "kubeadm init --help" command.
- This option takes effect only on Kubernetes >=1.22.0.
- items:
- type: string
- type: array
- type: object
- mounts:
- description: mounts specifies a list of mount points to be
- setup.
- items:
- description: MountPoints defines input for generated mounts
- in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands
- to run after kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands to
- run before kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-
- Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
- When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated user
- in cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for the
- user
- type: string
- groups:
- description: groups specifies the additional groups
- for the user
- type: string
- homeDir:
- description: homeDir specifies the home directory to
- use for the user
- type: string
- inactive:
- description: inactive specifies whether to mark the
- user as inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password login
- should be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password for
- the user
- type: string
- passwdFrom:
- description: passwdFrom is a referenced source of passwd
- to populate the passwd.
- properties:
- secret:
- description: secret represents a secret that should
- populate this password.
- properties:
- key:
- description: key is the key in the secret's
- data map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- primaryGroup:
- description: primaryGroup specifies the primary group
- for the user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list of ssh
- authorized keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- type: object
- required:
- - template
- type: object
- type: object
- served: true
- storage: true
- subresources: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-manager
- namespace: capi-kubeadm-bootstrap-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-leader-election-role
- namespace: capi-kubeadm-bootstrap-system
-rules:
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-manager-role
-rules:
-- apiGroups:
- - ""
- resources:
- - configmaps
- - secrets
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
-- apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
-- apiGroups:
- - bootstrap.cluster.x-k8s.io
- resources:
- - kubeadmconfigs
- - kubeadmconfigs/finalizers
- - kubeadmconfigs/status
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - cluster.x-k8s.io
- resources:
- - clusters
- - clusters/status
- - machinepools
- - machinepools/status
- - machines
- - machines/status
- - machinesets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-leader-election-rolebinding
- namespace: capi-kubeadm-bootstrap-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: capi-kubeadm-bootstrap-leader-election-role
-subjects:
-- kind: ServiceAccount
- name: capi-kubeadm-bootstrap-manager
- namespace: capi-kubeadm-bootstrap-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-manager-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: capi-kubeadm-bootstrap-manager-role
-subjects:
-- kind: ServiceAccount
- name: capi-kubeadm-bootstrap-manager
- namespace: capi-kubeadm-bootstrap-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-webhook-service
- namespace: capi-kubeadm-bootstrap-system
-spec:
- ports:
- - port: 443
- targetPort: webhook-server
- selector:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- control-plane: controller-manager
- name: capi-kubeadm-bootstrap-controller-manager
- namespace: capi-kubeadm-bootstrap-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- control-plane: controller-manager
- strategy: {}
- template:
- metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- control-plane: controller-manager
- spec:
- containers:
- - args:
- - --leader-elect
- - --diagnostics-address=:8443
- - --insecure-diagnostics=false
- - --feature-gates=MachinePool=true,KubeadmBootstrapFormatIgnition=false
- - --bootstrap-token-ttl=15m
- command:
- - /manager
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_UID
- valueFrom:
- fieldRef:
- fieldPath: metadata.uid
- image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.9.5
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9443
- name: webhook-server
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- - containerPort: 8443
- name: metrics
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources: {}
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- runAsGroup: 65532
- runAsUser: 65532
- terminationMessagePolicy: FallbackToLogsOnError
- volumeMounts:
- - mountPath: /tmp/k8s-webhook-server/serving-certs
- name: cert
- readOnly: true
- securityContext:
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: capi-kubeadm-bootstrap-manager
- terminationGracePeriodSeconds: 10
- tolerations:
- - effect: NoSchedule
- key: node-role.kubernetes.io/master
- - effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
- volumes:
- - name: cert
- secret:
- secretName: capi-kubeadm-bootstrap-webhook-service-cert
-status: {}
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-mutating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-kubeadm-bootstrap-webhook-service
- namespace: capi-kubeadm-bootstrap-system
- path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
- failurePolicy: Fail
- name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io
- rules:
- - apiGroups:
- - bootstrap.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - kubeadmconfigs
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-kubeadm-bootstrap-webhook-service
- namespace: capi-kubeadm-bootstrap-system
- path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
- failurePolicy: Fail
- name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
- rules:
- - apiGroups:
- - bootstrap.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - kubeadmconfigtemplates
- sideEffects: None
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: bootstrap-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-bootstrap-validating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-kubeadm-bootstrap-webhook-service
- namespace: capi-kubeadm-bootstrap-system
- path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io
- rules:
- - apiGroups:
- - bootstrap.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - kubeadmconfigs
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-kubeadm-bootstrap-webhook-service
- namespace: capi-kubeadm-bootstrap-system
- path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
- rules:
- - apiGroups:
- - bootstrap.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - kubeadmconfigtemplates
- sideEffects: None
+++ /dev/null
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- control-plane: controller-manager
- name: capi-kubeadm-control-plane-system
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-selfsigned-issuer
- namespace: capi-kubeadm-control-plane-system
-spec:
- selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-serving-cert
- namespace: capi-kubeadm-control-plane-system
-spec:
- dnsNames:
- - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc
- - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local
- issuerRef:
- kind: Issuer
- name: capi-kubeadm-control-plane-selfsigned-issuer
- secretName: capi-kubeadm-control-plane-webhook-service-cert
- subject:
- organizations:
- - k8s-sig-cluster-lifecycle
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- cluster.x-k8s.io/v1beta1: v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-kubeadm-control-plane-webhook-service
- namespace: capi-kubeadm-control-plane-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: controlplane.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: KubeadmControlPlane
- listKind: KubeadmControlPlaneList
- plural: kubeadmcontrolplanes
- shortNames:
- - kcp
- singular: kubeadmcontrolplane
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: This denotes whether or not the control plane has the uploaded
- kubeadm-config configmap
- jsonPath: .status.initialized
- name: Initialized
- type: boolean
- - description: KubeadmControlPlane API Server is ready to receive requests
- jsonPath: .status.ready
- name: API Server Available
- type: boolean
- - description: Kubernetes version associated with this control plane
- jsonPath: .spec.version
- name: Version
- type: string
- - description: Total number of non-terminated machines targeted by this control
- plane
- jsonPath: .status.replicas
- name: Replicas
- type: integer
- - description: Total number of fully running and ready control plane machines
- jsonPath: .status.readyReplicas
- name: Ready
- type: integer
- - description: Total number of non-terminated machines targeted by this control
- plane that have the desired template spec
- jsonPath: .status.updatedReplicas
- name: Updated
- type: integer
- - description: Total number of unavailable machines targeted by this control plane
- jsonPath: .status.unavailableReplicas
- name: Unavailable
- type: integer
- deprecated: true
- name: v1alpha3
- schema:
- openAPIV3Schema:
- description: |-
- KubeadmControlPlane is the Schema for the KubeadmControlPlane API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
- properties:
- infrastructureTemplate:
- description: |-
- infrastructureTemplate is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- kubeadmConfigSpec:
- description: |-
- kubeadmConfigSpec is a KubeadmConfigSpec
- to use for initializing and joining machines to the control plane.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration
- are the configurations necessary for the init command
- properties:
- apiServer:
- description: APIServer contains extra settings for the API
- server control plane component
- properties:
- certSANs:
- description: CertSANs sets extra Subject Alternative Names
- for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: ExtraArgs is an extra set of flags to pass
- to the control plane component.
- type: object
- extraVolumes:
- description: ExtraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- HostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: MountPath is the path inside the pod
- where hostPath will be mounted.
- type: string
- name:
- description: Name of the volume inside the pod template.
- type: string
- pathType:
- description: PathType is the type of the HostPath.
- type: string
- readOnly:
- description: ReadOnly controls write access to the
- volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: TimeoutForControlPlane controls the timeout
- that we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- CertificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: ControllerManager contains extra settings for
- the controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: ExtraArgs is an extra set of flags to pass
- to the control plane component.
- type: object
- extraVolumes:
- description: ExtraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- HostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: MountPath is the path inside the pod
- where hostPath will be mounted.
- type: string
- name:
- description: Name of the volume inside the pod template.
- type: string
- pathType:
- description: PathType is the type of the HostPath.
- type: string
- readOnly:
- description: ReadOnly controls write access to the
- volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: DNS defines the options for the DNS add-on installed
- in the cluster.
- properties:
- imageRepository:
- description: |-
- ImageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- ImageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type:
- description: Type defines the DNS add-on to be used
- type: string
- type: object
- etcd:
- description: |-
- Etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- External describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- CAFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- CertFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: Endpoints of etcd members. Required for
- ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- KeyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- Local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- DataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- ExtraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- imageRepository:
- description: |-
- ImageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- ImageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: PeerCertSANs sets extra Subject Alternative
- Names for the etcd peer signing cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: ServerCertSANs sets extra Subject Alternative
- Names for the etcd server signing cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: FeatureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- ImageRepository sets the container registry to pull images from.
- If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io`
- will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- KubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- Networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: DNSDomain is the dns domain used by k8s services.
- Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- PodSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- ServiceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: Scheduler contains extra settings for the scheduler
- control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: ExtraArgs is an extra set of flags to pass
- to the control plane component.
- type: object
- extraVolumes:
- description: ExtraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- HostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: MountPath is the path inside the pod
- where hostPath will be mounted.
- type: string
- name:
- description: Name of the volume inside the pod template.
- type: string
- pathType:
- description: PathType is the type of the HostPath.
- type: string
- readOnly:
- description: ReadOnly controls write access to the
- volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- useHyperKubeImage:
- description: UseHyperKubeImage controls if hyperkube should
- be used for Kubernetes components instead of their respective
- separate images
- type: boolean
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation of partition
- tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file systems
- to setup.
- items:
- description: Filesystem defines the file systems to be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options to add
- to the command for creating the file system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system type.
- type: string
- label:
- description: label specifies the file system label to
- be used. If set to None, no label is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition to use.
- The valid options are: "auto|any", "auto", "any",
- "none", and <NUM>, where NUM is the actual partition
- number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the partitions
- to setup.
- items:
- description: Partition defines how to create and layout
- a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed to user_data
- upon creation.
- items:
- description: File defines the input for generating write_files
- in cloud-init.
- properties:
- content:
- description: content is the actual content of the file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source of content
- to populate the file.
- properties:
- secret:
- description: secret represents a secret that should
- populate this file.
- properties:
- key:
- description: key is the key in the secret's data
- map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of the file
- contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the file,
- e.g. "root:root".
- type: string
- path:
- description: path specifies the full path on disk where
- to store the file.
- type: string
- permissions:
- description: permissions specifies the permissions to assign
- to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the bootstrap
- data
- enum:
- - cloud-config
- type: string
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration
- are the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap token,
- stored as a Secret in the cluster.
- properties:
- description:
- description: |-
- Description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- Expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- Groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- Token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- TTL defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- Usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: AdvertiseAddress sets the IP address for
- the API server to advertise.
- type: string
- bindPort:
- description: |-
- BindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- required:
- - advertiseAddress
- - bindPort
- type: object
- nodeRegistration:
- description: |-
- NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: CRISocket is used to retrieve container runtime
- info. This information will be annotated to the Node
- API object, for later re-use
- type: string
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the
- taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration for
- the join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- CACertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- ControlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: LocalAPIEndpoint represents the endpoint
- of the API server instance to be deployed on this node.
- properties:
- advertiseAddress:
- description: AdvertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- BindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- required:
- - advertiseAddress
- - bindPort
- type: object
- type: object
- discovery:
- description: Discovery specifies the options for the kubelet
- to use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- BootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: APIServerEndpoint is an IP or domain
- name to the API server from which info will be fetched.
- type: string
- caCertHashes:
- description: |-
- CACertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- Token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- UnsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- - unsafeSkipCAVerification
- type: object
- file:
- description: |-
- File is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfigPath:
- description: KubeConfigPath is used to specify the
- actual file path or URL to the kubeconfig file from
- which to load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: Timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- TLSBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: CRISocket is used to retrieve container runtime
- info. This information will be annotated to the Node
- API object, for later re-use
- type: string
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the
- taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- mounts:
- description: mounts specifies a list of mount points to be setup.
- items:
- description: MountPoints defines input for generated mounts
- in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands to run
- after kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands to run
- before kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated user in
- cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for the user
- type: string
- groups:
- description: groups specifies the additional groups for
- the user
- type: string
- homeDir:
- description: homeDir specifies the home directory to use
- for the user
- type: string
- inactive:
- description: inactive specifies whether to mark the user
- as inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password login should
- be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password for the
- user
- type: string
- primaryGroup:
- description: primaryGroup specifies the primary group for
- the user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list of ssh authorized
- keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- replicas:
- description: |-
- Number of desired machines. Defaults to 1. When stacked etcd is used only
- odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
- This is a pointer to distinguish between explicit zero and not specified.
- format: int32
- type: integer
- rolloutStrategy:
- description: |-
- The RolloutStrategy to use to replace control plane machines with
- new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- RolloutStrategyType = RollingUpdate.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of control planes that can be scheduled above or under the
- desired number of control planes.
- Value can be an absolute number 1 or 0.
- Defaults to 1.
- Example: when this is set to 1, the control plane can be scaled
- up immediately when the rolling update starts.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of rollout. Currently the only supported strategy is
- "RollingUpdate".
- Default is RollingUpdate.
- type: string
- type: object
- upgradeAfter:
- description: |-
- upgradeAfter is a field to indicate an upgrade should be performed
- after the specified time even if no changes have been made to the
- KubeadmControlPlane
- format: date-time
- type: string
- version:
- description: version defines the desired Kubernetes version.
- type: string
- required:
- - infrastructureTemplate
- - kubeadmConfigSpec
- - version
- type: object
- status:
- description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
- properties:
- conditions:
- description: conditions defines current service state of the KubeadmControlPlane.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- ErrorMessage indicates that there is a terminal problem reconciling the
- state, and will be set to a descriptive error message.
- type: string
- failureReason:
- description: |-
- failureReason indicates that there is a terminal problem reconciling the
- state, and will be set to a token value suitable for
- programmatic interpretation.
- type: string
- initialized:
- description: |-
- initialized denotes whether or not the control plane has the
- uploaded kubeadm-config configmap.
- type: boolean
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- ready:
- description: |-
- ready denotes that the KubeadmControlPlane API Server is ready to
- receive requests.
- type: boolean
- readyReplicas:
- description: Total number of fully running and ready control plane
- machines.
- format: int32
- type: integer
- replicas:
- description: |-
- Total number of non-terminated machines targeted by this control plane
- (their labels match the selector).
- format: int32
- type: integer
- selector:
- description: |-
- selector is the label selector in string format to avoid introspection
- by clients, and is used to provide the CRD-based integration for the
- scale subresource and additional integrations for things like kubectl
- describe.. The string will be in the same format as the query-param syntax.
- More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
- type: string
- unavailableReplicas:
- description: |-
- Total number of unavailable machines targeted by this control plane.
- This is the total number of machines that are still required for
- the deployment to have 100% available capacity. They may either
- be machines that are running but not yet ready or machines
- that still have not been created.
- format: int32
- type: integer
- updatedReplicas:
- description: |-
- Total number of non-terminated machines targeted by this control plane
- that have the desired template spec.
- format: int32
- type: integer
- type: object
- type: object
- served: false
- storage: false
- subresources:
- scale:
- labelSelectorPath: .status.selector
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of KubeadmControlPlane
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: This denotes whether or not the control plane has the uploaded
- kubeadm-config configmap
- jsonPath: .status.initialized
- name: Initialized
- type: boolean
- - description: KubeadmControlPlane API Server is ready to receive requests
- jsonPath: .status.ready
- name: API Server Available
- type: boolean
- - description: Kubernetes version associated with this control plane
- jsonPath: .spec.version
- name: Version
- type: string
- - description: Total number of non-terminated machines targeted by this control
- plane
- jsonPath: .status.replicas
- name: Replicas
- type: integer
- - description: Total number of fully running and ready control plane machines
- jsonPath: .status.readyReplicas
- name: Ready
- type: integer
- - description: Total number of non-terminated machines targeted by this control
- plane that have the desired template spec
- jsonPath: .status.updatedReplicas
- name: Updated
- type: integer
- - description: Total number of unavailable machines targeted by this control plane
- jsonPath: .status.unavailableReplicas
- name: Unavailable
- type: integer
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- KubeadmControlPlane is the Schema for the KubeadmControlPlane API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
- properties:
- kubeadmConfigSpec:
- description: |-
- kubeadmConfigSpec is a KubeadmConfigSpec
- to use for initializing and joining machines to the control plane.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration
- are the configurations necessary for the init command
- properties:
- apiServer:
- description: apiServer contains extra settings for the API
- server control plane component
- properties:
- certSANs:
- description: certSANs sets extra Subject Alternative Names
- for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass
- to the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod
- where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the
- volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: timeoutForControlPlane controls the timeout
- that we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- certificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: controllerManager contains extra settings for
- the controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass
- to the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod
- where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the
- volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: dns defines the options for the DNS add-on installed
- in the cluster.
- properties:
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type: object
- etcd:
- description: |-
- etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- external describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- caFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- certFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: endpoints of etcd members. Required for
- ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- keyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- dataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- extraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: peerCertSANs sets extra Subject Alternative
- Names for the etcd peer signing cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: serverCertSANs sets extra Subject Alternative
- Names for the etcd server signing cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: featureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
- will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- kubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: dnsDomain is the dns domain used by k8s services.
- Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- podSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- serviceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: scheduler contains extra settings for the scheduler
- control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass
- to the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod
- where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the
- volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation of partition
- tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file systems
- to setup.
- items:
- description: Filesystem defines the file systems to be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options to add
- to the command for creating the file system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system type.
- type: string
- label:
- description: label specifies the file system label to
- be used. If set to None, no label is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition to use.
- The valid options are: "auto|any", "auto", "any",
- "none", and <NUM>, where NUM is the actual partition
- number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the partitions
- to setup.
- items:
- description: Partition defines how to create and layout
- a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed to user_data
- upon creation.
- items:
- description: File defines the input for generating write_files
- in cloud-init.
- properties:
- content:
- description: content is the actual content of the file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source of content
- to populate the file.
- properties:
- secret:
- description: secret represents a secret that should
- populate this file.
- properties:
- key:
- description: key is the key in the secret's data
- map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of the file
- contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the file,
- e.g. "root:root".
- type: string
- path:
- description: path specifies the full path on disk where
- to store the file.
- type: string
- permissions:
- description: permissions specifies the permissions to assign
- to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the bootstrap
- data
- enum:
- - cloud-config
- type: string
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration
- are the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap token,
- stored as a Secret in the cluster.
- properties:
- description:
- description: |-
- description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- ttl defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address for
- the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container runtime
- info. This information will be annotated to the Node
- API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice of
- pre-flight errors to be ignored when the current node
- is registered.
- items:
- type: string
- type: array
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the
- taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration for
- the join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- caCertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- controlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: localAPIEndpoint represents the endpoint
- of the API server instance to be deployed on this node.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- type: object
- discovery:
- description: discovery specifies the options for the kubelet
- to use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- bootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: apiServerEndpoint is an IP or domain
- name to the API server from which info will be fetched.
- type: string
- caCertHashes:
- description: |-
- caCertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- unsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- type: object
- file:
- description: |-
- file is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfigPath:
- description: kubeConfigPath is used to specify the
- actual file path or URL to the kubeconfig file from
- which to load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- tlsBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container runtime
- info. This information will be annotated to the Node
- API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice of
- pre-flight errors to be ignored when the current node
- is registered.
- items:
- type: string
- type: array
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the
- taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- mounts:
- description: mounts specifies a list of mount points to be setup.
- items:
- description: MountPoints defines input for generated mounts
- in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands to run
- after kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands to run
- before kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated user in
- cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for the user
- type: string
- groups:
- description: groups specifies the additional groups for
- the user
- type: string
- homeDir:
- description: homeDir specifies the home directory to use
- for the user
- type: string
- inactive:
- description: inactive specifies whether to mark the user
- as inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password login should
- be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password for the
- user
- type: string
- primaryGroup:
- description: primaryGroup specifies the primary group for
- the user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list of ssh authorized
- keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- machineTemplate:
- description: |-
- machineTemplate contains information about how machines
- should be shaped when creating or updating a control plane.
- properties:
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- required:
- - infrastructureRef
- type: object
- replicas:
- description: |-
- Number of desired machines. Defaults to 1. When stacked etcd is used only
- odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
- This is a pointer to distinguish between explicit zero and not specified.
- format: int32
- type: integer
- rolloutAfter:
- description: |-
- rolloutAfter is a field to indicate a rollout should be performed
- after the specified time even if no changes have been made to the
- KubeadmControlPlane.
- format: date-time
- type: string
- rolloutStrategy:
- default:
- rollingUpdate:
- maxSurge: 1
- type: RollingUpdate
- description: |-
- The RolloutStrategy to use to replace control plane machines with
- new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- RolloutStrategyType = RollingUpdate.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of control planes that can be scheduled above or under the
- desired number of control planes.
- Value can be an absolute number 1 or 0.
- Defaults to 1.
- Example: when this is set to 1, the control plane can be scaled
- up immediately when the rolling update starts.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of rollout. Currently the only supported strategy is
- "RollingUpdate".
- Default is RollingUpdate.
- type: string
- type: object
- version:
- description: version defines the desired Kubernetes version.
- type: string
- required:
- - kubeadmConfigSpec
- - machineTemplate
- - version
- type: object
- status:
- description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
- properties:
- conditions:
- description: conditions defines current service state of the KubeadmControlPlane.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may not be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- ErrorMessage indicates that there is a terminal problem reconciling the
- state, and will be set to a descriptive error message.
- type: string
- failureReason:
- description: |-
- failureReason indicates that there is a terminal problem reconciling the
- state, and will be set to a token value suitable for
- programmatic interpretation.
- type: string
- initialized:
- description: |-
- initialized denotes whether or not the control plane has the
- uploaded kubeadm-config configmap.
- type: boolean
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- ready:
- description: |-
- ready denotes that the KubeadmControlPlane API Server is ready to
- receive requests.
- type: boolean
- readyReplicas:
- description: Total number of fully running and ready control plane
- machines.
- format: int32
- type: integer
- replicas:
- description: |-
- Total number of non-terminated machines targeted by this control plane
- (their labels match the selector).
- format: int32
- type: integer
- selector:
- description: |-
- selector is the label selector in string format to avoid introspection
- by clients, and is used to provide the CRD-based integration for the
- scale subresource and additional integrations for things like kubectl
- describe.. The string will be in the same format as the query-param syntax.
- More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
- type: string
- unavailableReplicas:
- description: |-
- Total number of unavailable machines targeted by this control plane.
- This is the total number of machines that are still required for
- the deployment to have 100% available capacity. They may either
- be machines that are running but not yet ready or machines
- that still have not been created.
- format: int32
- type: integer
- updatedReplicas:
- description: |-
- Total number of non-terminated machines targeted by this control plane
- that have the desired template spec.
- format: int32
- type: integer
- version:
- description: |-
- version represents the minimum Kubernetes version for the control plane machines
- in the cluster.
- type: string
- type: object
- type: object
- served: false
- storage: false
- subresources:
- scale:
- labelSelectorPath: .status.selector
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
- - additionalPrinterColumns:
- - description: Cluster
- jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
- name: Cluster
- type: string
- - description: This denotes whether or not the control plane has the uploaded
- kubeadm-config configmap
- jsonPath: .status.initialized
- name: Initialized
- type: boolean
- - description: KubeadmControlPlane API Server is ready to receive requests
- jsonPath: .status.ready
- name: API Server Available
- type: boolean
- - description: Total number of machines desired by this control plane
- jsonPath: .spec.replicas
- name: Desired
- priority: 10
- type: integer
- - description: Total number of non-terminated machines targeted by this control
- plane
- jsonPath: .status.replicas
- name: Replicas
- type: integer
- - description: Total number of fully running and ready control plane machines
- jsonPath: .status.readyReplicas
- name: Ready
- type: integer
- - description: Total number of non-terminated machines targeted by this control
- plane that have the desired template spec
- jsonPath: .status.updatedReplicas
- name: Updated
- type: integer
- - description: Total number of unavailable machines targeted by this control plane
- jsonPath: .status.unavailableReplicas
- name: Unavailable
- type: integer
- - description: Time duration since creation of KubeadmControlPlane
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - description: Kubernetes version associated with this control plane
- jsonPath: .spec.version
- name: Version
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: KubeadmControlPlane is the Schema for the KubeadmControlPlane
- API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
- properties:
- kubeadmConfigSpec:
- description: |-
- kubeadmConfigSpec is a KubeadmConfigSpec
- to use for initializing and joining machines to the control plane.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration
- are the configurations necessary for the init command
- properties:
- apiServer:
- description: apiServer contains extra settings for the API
- server control plane component
- properties:
- certSANs:
- description: certSANs sets extra Subject Alternative Names
- for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass
- to the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required for
- volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the
- pod's namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod
- where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the
- volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: timeoutForControlPlane controls the timeout
- that we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- certificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: controllerManager contains extra settings for
- the controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass
- to the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required for
- volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the
- pod's namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod
- where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the
- volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: dns defines the options for the DNS add-on installed
- in the cluster.
- properties:
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type: object
- etcd:
- description: |-
- etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- external describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- caFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- certFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: endpoints of etcd members. Required for
- ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- keyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- dataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- extraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults
- to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: peerCertSANs sets extra Subject Alternative
- Names for the etcd peer signing cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: serverCertSANs sets extra Subject Alternative
- Names for the etcd server signing cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: featureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- * If not set, the default registry of kubeadm will be used, i.e.
- * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
- * k8s.gcr.io (old registry): all older versions
- Please note that when imageRepository is not set we don't allow upgrades to
- versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
- a newer patch version with the new registry instead (i.e. >= v1.22.17,
- >= v1.23.15, >= v1.24.9, >= v1.25.0).
- * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
- and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- kubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: dnsDomain is the dns domain used by k8s services.
- Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- podSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- serviceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: scheduler contains extra settings for the scheduler
- control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags to pass
- to the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required for
- volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the
- pod's namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host volumes,
- mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside the pod
- where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the pod template.
- type: string
- pathType:
- description: pathType is the type of the HostPath.
- type: string
- readOnly:
- description: readOnly controls write access to the
- volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation of partition
- tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file systems
- to setup.
- items:
- description: Filesystem defines the file systems to be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options to add
- to the command for creating the file system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system type.
- type: string
- label:
- description: label specifies the file system label to
- be used. If set to None, no label is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition to use.
- The valid options are: "auto|any", "auto", "any",
- "none", and <NUM>, where NUM is the actual partition
- number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the partitions
- to setup.
- items:
- description: Partition defines how to create and layout
- a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed to user_data
- upon creation.
- items:
- description: File defines the input for generating write_files
- in cloud-init.
- properties:
- append:
- description: append specifies whether to append Content
- to existing file if Path exists.
- type: boolean
- content:
- description: content is the actual content of the file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source of content
- to populate the file.
- properties:
- secret:
- description: secret represents a secret that should
- populate this file.
- properties:
- key:
- description: key is the key in the secret's data
- map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of the file
- contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the file,
- e.g. "root:root".
- type: string
- path:
- description: path specifies the full path on disk where
- to store the file.
- type: string
- permissions:
- description: permissions specifies the permissions to assign
- to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the bootstrap
- data
- enum:
- - cloud-config
- - ignition
- type: string
- ignition:
- description: ignition contains Ignition specific configuration.
- properties:
- containerLinuxConfig:
- description: containerLinuxConfig contains CLC specific configuration.
- properties:
- additionalConfig:
- description: |-
- additionalConfig contains additional configuration to be merged with the Ignition
- configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
-
- The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
- type: string
- strict:
- description: strict controls if AdditionalConfig should
- be strictly parsed. If so, warnings are treated as errors.
- type: boolean
- type: object
- type: object
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration
- are the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap token,
- stored as a Secret in the cluster.
- properties:
- description:
- description: |-
- description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- ttl defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address for
- the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container runtime
- info. This information will be annotated to the Node
- API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice of
- pre-flight errors to be ignored when the current node
- is registered.
- items:
- type: string
- type: array
- imagePullPolicy:
- description: |-
- imagePullPolicy specifies the policy for image pulling
- during kubeadm "init" and "join" operations. The value of
- this field must be one of "Always", "IfNotPresent" or
- "Never". Defaults to "IfNotPresent". This can be used only
- with Kubernetes version equal to 1.22 and later.
- enum:
- - Always
- - IfNotPresent
- - Never
- type: string
- imagePullSerial:
- description: |-
- imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
- This option takes effect only on Kubernetes >=1.31.0.
- Default: true (defaulted in kubeadm)
- type: boolean
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the
- taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- patches:
- description: |-
- patches contains options related to applying patches to components deployed by kubeadm during
- "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
- properties:
- directory:
- description: |-
- directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
- For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
- "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
- of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
- The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
- "suffix" is an optional string that can be used to determine which patches are applied
- first alpha-numerically.
- These files can be written into the target directory via KubeadmConfig.Files which
- specifies additional files to be created on the machine, either with content inline or
- by referencing a secret.
- type: string
- type: object
- skipPhases:
- description: |-
- skipPhases is a list of phases to skip during command execution.
- The list of phases can be obtained with the "kubeadm init --help" command.
- This option takes effect only on Kubernetes >=1.22.0.
- items:
- type: string
- type: array
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration for
- the join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- caCertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- controlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: localAPIEndpoint represents the endpoint
- of the API server instance to be deployed on this node.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- type: object
- discovery:
- description: discovery specifies the options for the kubelet
- to use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- bootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: apiServerEndpoint is an IP or domain
- name to the API server from which info will be fetched.
- type: string
- caCertHashes:
- description: |-
- caCertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- unsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- type: object
- file:
- description: |-
- file is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfig:
- description: |-
- kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
- The file is generated at the path specified in KubeConfigPath.
-
- Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
- Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
- properties:
- cluster:
- description: |-
- cluster contains information about how to communicate with the kubernetes cluster.
-
- By default the following fields are automatically populated:
- - Server with the Cluster's ControlPlaneEndpoint.
- - CertificateAuthorityData with the Cluster's CA certificate.
- properties:
- certificateAuthorityData:
- description: |-
- certificateAuthorityData contains PEM-encoded certificate authority certificates.
-
- Defaults to the Cluster's CA certificate if empty.
- format: byte
- type: string
- insecureSkipTLSVerify:
- description: insecureSkipTLSVerify skips the
- validity check for the server's certificate.
- This will make your HTTPS connections insecure.
- type: boolean
- proxyURL:
- description: |-
- proxyURL is the URL to the proxy to be used for all requests made by this
- client. URLs with "http", "https", and "socks5" schemes are supported. If
- this configuration is not provided or the empty string, the client
- attempts to construct a proxy configuration from http_proxy and
- https_proxy environment variables. If these environment variables are not
- set, the client does not attempt to proxy requests.
-
- socks5 proxying does not currently support spdy streaming endpoints (exec,
- attach, port forward).
- type: string
- server:
- description: |-
- server is the address of the kubernetes cluster (https://hostname:port).
-
- Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
- type: string
- tlsServerName:
- description: tlsServerName is used to check
- server certificate. If TLSServerName is
- empty, the hostname used to contact the
- server is used.
- type: string
- type: object
- user:
- description: |-
- user contains information that describes identity information.
- This is used to tell the kubernetes cluster who you are.
- properties:
- authProvider:
- description: authProvider specifies a custom
- authentication plugin for the kubernetes
- cluster.
- properties:
- config:
- additionalProperties:
- type: string
- description: config holds the parameters
- for the authentication plugin.
- type: object
- name:
- description: name is the name of the authentication
- plugin.
- type: string
- required:
- - name
- type: object
- exec:
- description: exec specifies a custom exec-based
- authentication plugin for the kubernetes
- cluster.
- properties:
- apiVersion:
- description: |-
- Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
- the same encoding version as the input.
- Defaults to client.authentication.k8s.io/v1 if not set.
- type: string
- args:
- description: Arguments to pass to the
- command when executing it.
- items:
- type: string
- type: array
- command:
- description: command to execute.
- type: string
- env:
- description: |-
- env defines additional environment variables to expose to the process. These
- are unioned with the host's environment, as well as variables client-go uses
- to pass argument to the plugin.
- items:
- description: |-
- KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
- credential plugin.
- properties:
- name:
- type: string
- value:
- type: string
- required:
- - name
- - value
- type: object
- type: array
- provideClusterInfo:
- description: |-
- provideClusterInfo determines whether or not to provide cluster information,
- which could potentially contain very large CA data, to this exec plugin as a
- part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
- to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
- reading this environment variable.
- type: boolean
- required:
- - command
- type: object
- type: object
- required:
- - user
- type: object
- kubeConfigPath:
- description: kubeConfigPath is used to specify the
- actual file path or URL to the kubeconfig file from
- which to load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- tlsBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container runtime
- info. This information will be annotated to the Node
- API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a slice of
- pre-flight errors to be ignored when the current node
- is registered.
- items:
- type: string
- type: array
- imagePullPolicy:
- description: |-
- imagePullPolicy specifies the policy for image pulling
- during kubeadm "init" and "join" operations. The value of
- this field must be one of "Always", "IfNotPresent" or
- "Never". Defaults to "IfNotPresent". This can be used only
- with Kubernetes version equal to 1.22 and later.
- enum:
- - Always
- - IfNotPresent
- - Never
- type: string
- imagePullSerial:
- description: |-
- imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
- This option takes effect only on Kubernetes >=1.31.0.
- Default: true (defaulted in kubeadm)
- type: boolean
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to be applied
- to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding to the
- taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- patches:
- description: |-
- patches contains options related to applying patches to components deployed by kubeadm during
- "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
- properties:
- directory:
- description: |-
- directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
- For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
- "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
- of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
- The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
- "suffix" is an optional string that can be used to determine which patches are applied
- first alpha-numerically.
- These files can be written into the target directory via KubeadmConfig.Files which
- specifies additional files to be created on the machine, either with content inline or
- by referencing a secret.
- type: string
- type: object
- skipPhases:
- description: |-
- skipPhases is a list of phases to skip during command execution.
- The list of phases can be obtained with the "kubeadm init --help" command.
- This option takes effect only on Kubernetes >=1.22.0.
- items:
- type: string
- type: array
- type: object
- mounts:
- description: mounts specifies a list of mount points to be setup.
- items:
- description: MountPoints defines input for generated mounts
- in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands to run
- after kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands to run
- before kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-
- Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
- When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated user in
- cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for the user
- type: string
- groups:
- description: groups specifies the additional groups for
- the user
- type: string
- homeDir:
- description: homeDir specifies the home directory to use
- for the user
- type: string
- inactive:
- description: inactive specifies whether to mark the user
- as inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password login should
- be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password for the
- user
- type: string
- passwdFrom:
- description: passwdFrom is a referenced source of passwd
- to populate the passwd.
- properties:
- secret:
- description: secret represents a secret that should
- populate this password.
- properties:
- key:
- description: key is the key in the secret's data
- map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- primaryGroup:
- description: primaryGroup specifies the primary group for
- the user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list of ssh authorized
- keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- machineNamingStrategy:
- description: |-
- MachineNamingStrategy allows changing the naming pattern used when creating Machines.
- InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.
- properties:
- template:
- description: |-
- Template defines the template to use for generating the names of the Machine objects.
- If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`.
- If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will
- get concatenated with a random suffix of length 5.
- Length of the template string must not exceed 256 characters.
- The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`.
- The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created.
- The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created.
- The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5.
- maxLength: 256
- type: string
- type: object
- machineTemplate:
- description: |-
- machineTemplate contains information about how machines
- should be shaped when creating or updating a control plane.
- properties:
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- If no value is provided, the default value for this property of the Machine resource will be used.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- type: string
- required:
- - infrastructureRef
- type: object
- remediationStrategy:
- description: The RemediationStrategy that controls how control plane
- machine remediation happens.
- properties:
- maxRetry:
- description: "maxRetry is the Max number of retries while attempting
- to remediate an unhealthy machine.\nA retry happens when a machine
- that was created as a replacement for an unhealthy machine also
- fails.\nFor example, given a control plane with three machines
- M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
- M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
- M1) has problems while bootstrapping it will become unhealthy,
- and then be\n\tremediated; such operation is considered a retry,
- remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
- unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
- could happen only after RetryPeriod from the previous retry.\nIf
- a machine is marked as unhealthy after MinHealthyPeriod from
- the previous remediation expired,\nthis is not considered a
- retry anymore because the new issue is assumed unrelated from
- the previous one.\n\nIf not set, the remedation will be retried
- infinitely."
- format: int32
- type: integer
- minHealthyPeriod:
- description: "minHealthyPeriod defines the duration after which
- KCP will consider any failure to a machine unrelated\nfrom the
- previous one. In this case the remediation is not considered
- a retry anymore, and thus the retry\ncounter restarts from 0.
- For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
- become unhealthy; remediation happens, and M1-1 is created as
- a replacement.\n\tIf M1-1 (replacement of M1) has problems within
- the 1hr after the creation, also\n\tthis machine will be remediated
- and this operation is considered a retry - a problem related\n\tto
- the original issue happened to M1 -.\n\n\tIf instead the problem
- on M1-1 is happening after MinHealthyPeriod expired, e.g. four
- days after\n\tm1-1 has been created as a remediation of M1,
- the problem on M1-1 is considered unrelated to\n\tthe original
- issue happened to M1.\n\nIf not set, this value is defaulted
- to 1h."
- type: string
- retryPeriod:
- description: |-
- retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement
- for an unhealthy machine (a retry).
-
- If not set, a retry will happen immediately.
- type: string
- type: object
- replicas:
- description: |-
- Number of desired machines. Defaults to 1. When stacked etcd is used only
- odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
- This is a pointer to distinguish between explicit zero and not specified.
- format: int32
- type: integer
- rolloutAfter:
- description: |-
- rolloutAfter is a field to indicate a rollout should be performed
- after the specified time even if no changes have been made to the
- KubeadmControlPlane.
- Example: In the YAML the time can be specified in the RFC3339 format.
- To specify the rolloutAfter target as March 9, 2023, at 9 am UTC
- use "2023-03-09T09:00:00Z".
- format: date-time
- type: string
- rolloutBefore:
- description: |-
- rolloutBefore is a field to indicate a rollout should be performed
- if the specified criteria is met.
- properties:
- certificatesExpiryDays:
- description: |-
- certificatesExpiryDays indicates a rollout needs to be performed if the
- certificates of the machine will expire within the specified days.
- format: int32
- type: integer
- type: object
- rolloutStrategy:
- default:
- rollingUpdate:
- maxSurge: 1
- type: RollingUpdate
- description: |-
- The RolloutStrategy to use to replace control plane machines with
- new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- RolloutStrategyType = RollingUpdate.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of control planes that can be scheduled above or under the
- desired number of control planes.
- Value can be an absolute number 1 or 0.
- Defaults to 1.
- Example: when this is set to 1, the control plane can be scaled
- up immediately when the rolling update starts.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of rollout. Currently the only supported strategy is
- "RollingUpdate".
- Default is RollingUpdate.
- type: string
- type: object
- version:
- description: |-
- version defines the desired Kubernetes version.
- Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set
- we don't allow upgrades to versions >= v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io).
- Please use a newer patch version with the new registry instead. The default registries of kubeadm are:
- * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
- * k8s.gcr.io (old registry): all older versions
- type: string
- required:
- - kubeadmConfigSpec
- - machineTemplate
- - version
- type: object
- status:
- description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
- properties:
- conditions:
- description: conditions defines current service state of the KubeadmControlPlane.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- ErrorMessage indicates that there is a terminal problem reconciling the
- state, and will be set to a descriptive error message.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- failureReason:
- description: |-
- failureReason indicates that there is a terminal problem reconciling the
- state, and will be set to a token value suitable for
- programmatic interpretation.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- type: string
- initialized:
- description: |-
- initialized denotes that the KubeadmControlPlane API Server is initialized and thus
- it can accept requests.
- NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
- The value of this field is never updated after provisioning is completed. Please use conditions
- to check the operational state of the control plane.
- type: boolean
- lastRemediation:
- description: lastRemediation stores info about last remediation performed.
- properties:
- machine:
- description: machine is the machine name of the latest machine
- being remediated.
- type: string
- retryCount:
- description: |-
- retryCount used to keep track of remediation retry for the last remediated machine.
- A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
- format: int32
- type: integer
- timestamp:
- description: timestamp is when last remediation happened. It is
- represented in RFC3339 form and is in UTC.
- format: date-time
- type: string
- required:
- - machine
- - retryCount
- - timestamp
- type: object
- observedGeneration:
- description: observedGeneration is the latest generation observed
- by the controller.
- format: int64
- type: integer
- ready:
- description: |-
- ready denotes that the KubeadmControlPlane API Server became ready during initial provisioning
- to receive requests.
- NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
- The value of this field is never updated after provisioning is completed. Please use conditions
- to check the operational state of the control plane.
- type: boolean
- readyReplicas:
- description: Total number of fully running and ready control plane
- machines.
- format: int32
- type: integer
- replicas:
- description: |-
- Total number of non-terminated machines targeted by this control plane
- (their labels match the selector).
- format: int32
- type: integer
- selector:
- description: |-
- selector is the label selector in string format to avoid introspection
- by clients, and is used to provide the CRD-based integration for the
- scale subresource and additional integrations for things like kubectl
- describe.. The string will be in the same format as the query-param syntax.
- More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
- type: string
- unavailableReplicas:
- description: |-
- Total number of unavailable machines targeted by this control plane.
- This is the total number of machines that are still required for
- the deployment to have 100% available capacity. They may either
- be machines that are running but not yet ready or machines
- that still have not been created.
-
- Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
- format: int32
- type: integer
- updatedReplicas:
- description: |-
- Total number of non-terminated machines targeted by this control plane
- that have the desired template spec.
- format: int32
- type: integer
- v1beta2:
- description: v1beta2 groups all the fields that will be added or modified
- in KubeadmControlPlane's status with the V1Beta2 version.
- properties:
- availableReplicas:
- description: availableReplicas is the number of available replicas
- targeted by this KubeadmControlPlane. A machine is considered
- available when Machine's Available condition is true.
- format: int32
- type: integer
- conditions:
- description: |-
- conditions represents the observations of a KubeadmControlPlane's current state.
- Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate,
- ScalingUp, ScalingDown, Remediating, Deleting, Paused.
- items:
- description: Condition contains details for one aspect of the
- current state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 32
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- readyReplicas:
- description: readyReplicas is the number of ready replicas for
- this KubeadmControlPlane. A machine is considered ready when
- Machine's Ready condition is true.
- format: int32
- type: integer
- upToDateReplicas:
- description: upToDateReplicas is the number of up-to-date replicas
- targeted by this KubeadmControlPlane. A machine is considered
- up-to-date when Machine's UpToDate condition is true.
- format: int32
- type: integer
- type: object
- version:
- description: |-
- version represents the minimum Kubernetes version for the control plane machines
- in the cluster.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- scale:
- labelSelectorPath: .status.selector
- specReplicasPath: .spec.replicas
- statusReplicasPath: .status.replicas
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.1
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- cluster.x-k8s.io/v1beta1: v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capi-kubeadm-control-plane-webhook-service
- namespace: capi-kubeadm-control-plane-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: controlplane.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: KubeadmControlPlaneTemplate
- listKind: KubeadmControlPlaneTemplateList
- plural: kubeadmcontrolplanetemplates
- singular: kubeadmcontrolplanetemplate
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Time duration since creation of KubeadmControlPlaneTemplate
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- deprecated: true
- name: v1alpha4
- schema:
- openAPIV3Schema:
- description: |-
- KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API.
-
- Deprecated: This type will be removed in one of the next releases.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: KubeadmControlPlaneTemplateSpec defines the desired state
- of KubeadmControlPlaneTemplate.
- properties:
- template:
- description: KubeadmControlPlaneTemplateResource describes the data
- needed to create a KubeadmControlPlane from a template.
- properties:
- spec:
- description: KubeadmControlPlaneSpec defines the desired state
- of KubeadmControlPlane.
- properties:
- kubeadmConfigSpec:
- description: |-
- kubeadmConfigSpec is a KubeadmConfigSpec
- to use for initializing and joining machines to the control plane.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration
- are the configurations necessary for the init command
- properties:
- apiServer:
- description: apiServer contains extra settings for
- the API server control plane component
- properties:
- certSANs:
- description: certSANs sets extra Subject Alternative
- Names for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags
- to pass to the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside
- the pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the
- pod template.
- type: string
- pathType:
- description: pathType is the type of the
- HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: timeoutForControlPlane controls the
- timeout that we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- certificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: controllerManager contains extra settings
- for the controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags
- to pass to the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside
- the pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the
- pod template.
- type: string
- pathType:
- description: pathType is the type of the
- HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: dns defines the options for the DNS add-on
- installed in the cluster.
- properties:
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type: object
- etcd:
- description: |-
- etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- external describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- caFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- certFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: endpoints of etcd members. Required
- for ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- keyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- dataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- extraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: peerCertSANs sets extra Subject
- Alternative Names for the etcd peer signing
- cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: serverCertSANs sets extra Subject
- Alternative Names for the etcd server signing
- cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: featureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
- will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- kubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: dnsDomain is the dns domain used
- by k8s services. Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- podSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- serviceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: scheduler contains extra settings for
- the scheduler control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags
- to pass to the control plane component.
- type: object
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside
- the pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the
- pod template.
- type: string
- pathType:
- description: pathType is the type of the
- HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation
- of partition tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file
- systems to setup.
- items:
- description: Filesystem defines the file systems
- to be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options
- to add to the command for creating the file
- system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system
- type.
- type: string
- label:
- description: label specifies the file system
- label to be used. If set to None, no label
- is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition
- to use. The valid options are: "auto|any",
- "auto", "any", "none", and <NUM>, where NUM
- is the actual partition number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the
- partitions to setup.
- items:
- description: Partition defines how to create and
- layout a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed
- to user_data upon creation.
- items:
- description: File defines the input for generating write_files
- in cloud-init.
- properties:
- content:
- description: content is the actual content of the
- file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source
- of content to populate the file.
- properties:
- secret:
- description: secret represents a secret that
- should populate this file.
- properties:
- key:
- description: key is the key in the secret's
- data map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of
- the file contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the
- file, e.g. "root:root".
- type: string
- path:
- description: path specifies the full path on disk
- where to store the file.
- type: string
- permissions:
- description: permissions specifies the permissions
- to assign to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the
- bootstrap data
- enum:
- - cloud-config
- type: string
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration
- are the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap
- token, stored as a Secret in the cluster.
- properties:
- description:
- description: |-
- description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- ttl defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a
- slice of pre-flight errors to be ignored when
- the current node is registered.
- items:
- type: string
- type: array
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to
- be applied to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding
- to the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration
- for the join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- caCertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- controlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: localAPIEndpoint represents the endpoint
- of the API server instance to be deployed on
- this node.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP
- address for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- type: object
- discovery:
- description: discovery specifies the options for the
- kubelet to use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- bootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: apiServerEndpoint is an IP or
- domain name to the API server from which
- info will be fetched.
- type: string
- caCertHashes:
- description: |-
- caCertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- unsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- type: object
- file:
- description: |-
- file is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfigPath:
- description: kubeConfigPath is used to specify
- the actual file path or URL to the kubeconfig
- file from which to load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- tlsBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a
- slice of pre-flight errors to be ignored when
- the current node is registered.
- items:
- type: string
- type: array
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to
- be applied to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding
- to the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- type: object
- mounts:
- description: mounts specifies a list of mount points to
- be setup.
- items:
- description: MountPoints defines input for generated
- mounts in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should
- be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to
- use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands
- to run after kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands
- to run before kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated
- user in cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for
- the user
- type: string
- groups:
- description: groups specifies the additional groups
- for the user
- type: string
- homeDir:
- description: homeDir specifies the home directory
- to use for the user
- type: string
- inactive:
- description: inactive specifies whether to mark
- the user as inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password
- login should be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password
- for the user
- type: string
- primaryGroup:
- description: primaryGroup specifies the primary
- group for the user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list
- of ssh authorized keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the
- user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- machineTemplate:
- description: |-
- machineTemplate contains information about how machines
- should be shaped when creating or updating a control plane.
- properties:
- infrastructureRef:
- description: |-
- infrastructureRef is a required reference to a custom resource
- offered by an infrastructure provider.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: |-
- If referring to a piece of an object instead of an entire object, this string
- should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within a pod, this would take on a value like:
- "spec.containers{name}" (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]" (container with
- index 2 in this pod). This syntax is chosen only to have some well-defined way of
- referencing a part of an object.
- type: string
- kind:
- description: |-
- Kind of the referent.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- namespace:
- description: |-
- Namespace of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- type: string
- resourceVersion:
- description: |-
- Specific resourceVersion to which this reference is made, if any.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- type: string
- uid:
- description: |-
- UID of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
- type: string
- type: object
- x-kubernetes-map-type: atomic
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- required:
- - infrastructureRef
- type: object
- replicas:
- description: |-
- Number of desired machines. Defaults to 1. When stacked etcd is used only
- odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
- This is a pointer to distinguish between explicit zero and not specified.
- format: int32
- type: integer
- rolloutAfter:
- description: |-
- rolloutAfter is a field to indicate a rollout should be performed
- after the specified time even if no changes have been made to the
- KubeadmControlPlane.
- format: date-time
- type: string
- rolloutStrategy:
- default:
- rollingUpdate:
- maxSurge: 1
- type: RollingUpdate
- description: |-
- The RolloutStrategy to use to replace control plane machines with
- new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- RolloutStrategyType = RollingUpdate.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of control planes that can be scheduled above or under the
- desired number of control planes.
- Value can be an absolute number 1 or 0.
- Defaults to 1.
- Example: when this is set to 1, the control plane can be scaled
- up immediately when the rolling update starts.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of rollout. Currently the only supported strategy is
- "RollingUpdate".
- Default is RollingUpdate.
- type: string
- type: object
- version:
- description: version defines the desired Kubernetes version.
- type: string
- required:
- - kubeadmConfigSpec
- - machineTemplate
- - version
- type: object
- required:
- - spec
- type: object
- required:
- - template
- type: object
- type: object
- served: false
- storage: false
- subresources: {}
- - additionalPrinterColumns:
- - description: Time duration since creation of KubeadmControlPlaneTemplate
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates
- API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: KubeadmControlPlaneTemplateSpec defines the desired state
- of KubeadmControlPlaneTemplate.
- properties:
- template:
- description: KubeadmControlPlaneTemplateResource describes the data
- needed to create a KubeadmControlPlane from a template.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- spec:
- description: |-
- KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane.
- NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but
- omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate,
- because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot
- be configured on the KubeadmControlPlaneTemplate.
- properties:
- kubeadmConfigSpec:
- description: |-
- kubeadmConfigSpec is a KubeadmConfigSpec
- to use for initializing and joining machines to the control plane.
- properties:
- clusterConfiguration:
- description: clusterConfiguration along with InitConfiguration
- are the configurations necessary for the init command
- properties:
- apiServer:
- description: apiServer contains extra settings for
- the API server control plane component
- properties:
- certSANs:
- description: certSANs sets extra Subject Alternative
- Names for the API Server signing cert.
- items:
- type: string
- type: array
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags
- to pass to the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if value
- is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env
- vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside
- the pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the
- pod template.
- type: string
- pathType:
- description: pathType is the type of the
- HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- timeoutForControlPlane:
- description: timeoutForControlPlane controls the
- timeout that we use for API server to appear
- type: string
- type: object
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- certificatesDir:
- description: |-
- certificatesDir specifies where to store or look for all required certificates.
- NB: if not provided, this will default to `/etc/kubernetes/pki`
- type: string
- clusterName:
- description: The cluster name
- type: string
- controlPlaneEndpoint:
- description: |-
- controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
- can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
- In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
- are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
- the BindPort is used.
- Possible usages are:
- e.g. In a cluster with more than one control plane instances, this field should be
- assigned the address of the external load balancer in front of the
- control plane instances.
- e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
- could be used for assigning a stable DNS to the control plane.
- NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
- type: string
- controllerManager:
- description: controllerManager contains extra settings
- for the controller manager control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags
- to pass to the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if value
- is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env
- vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside
- the pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the
- pod template.
- type: string
- pathType:
- description: pathType is the type of the
- HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- dns:
- description: dns defines the options for the DNS add-on
- installed in the cluster.
- properties:
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- type: object
- etcd:
- description: |-
- etcd holds configuration for etcd.
- NB: This value defaults to a Local (stacked) etcd
- properties:
- external:
- description: |-
- external describes how to connect to an external etcd cluster
- Local and External are mutually exclusive
- properties:
- caFile:
- description: |-
- caFile is an SSL Certificate Authority file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- certFile:
- description: |-
- certFile is an SSL certification file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- endpoints:
- description: endpoints of etcd members. Required
- for ExternalEtcd.
- items:
- type: string
- type: array
- keyFile:
- description: |-
- keyFile is an SSL key file used to secure etcd communication.
- Required if using a TLS connection.
- type: string
- required:
- - caFile
- - certFile
- - endpoints
- - keyFile
- type: object
- local:
- description: |-
- local provides configuration knobs for configuring the local etcd instance
- Local and External are mutually exclusive
- properties:
- dataDir:
- description: |-
- dataDir is the directory etcd will place its data.
- Defaults to "/var/lib/etcd".
- type: string
- extraArgs:
- additionalProperties:
- type: string
- description: |-
- extraArgs are extra arguments provided to the etcd binary
- when run inside a static pod.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment
- variable. Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if
- value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a
- ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether
- the ConfigMap or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the
- schema the FieldPath is written
- in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field
- to select in the specified
- API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name:
- required for volumes, optional
- for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a
- secret in the pod's namespace
- properties:
- key:
- description: The key of the
- secret to select from. Must
- be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether
- the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
- type: string
- imageTag:
- description: |-
- imageTag allows to specify a tag for the image.
- In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
- type: string
- peerCertSANs:
- description: peerCertSANs sets extra Subject
- Alternative Names for the etcd peer signing
- cert.
- items:
- type: string
- type: array
- serverCertSANs:
- description: serverCertSANs sets extra Subject
- Alternative Names for the etcd server signing
- cert.
- items:
- type: string
- type: array
- type: object
- type: object
- featureGates:
- additionalProperties:
- type: boolean
- description: featureGates enabled by the user.
- type: object
- imageRepository:
- description: |-
- imageRepository sets the container registry to pull images from.
- * If not set, the default registry of kubeadm will be used, i.e.
- * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
- * k8s.gcr.io (old registry): all older versions
- Please note that when imageRepository is not set we don't allow upgrades to
- versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
- a newer patch version with the new registry instead (i.e. >= v1.22.17,
- >= v1.23.15, >= v1.24.9, >= v1.25.0).
- * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
- `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
- and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- kubernetesVersion:
- description: |-
- kubernetesVersion is the target version of the control plane.
- NB: This value defaults to the Machine object spec.version
- type: string
- networking:
- description: |-
- networking holds configuration for the networking topology of the cluster.
- NB: This value defaults to the Cluster object spec.clusterNetwork.
- properties:
- dnsDomain:
- description: dnsDomain is the dns domain used
- by k8s services. Defaults to "cluster.local".
- type: string
- podSubnet:
- description: |-
- podSubnet is the subnet used by pods.
- If unset, the API server will not allocate CIDR ranges for every node.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
- type: string
- serviceSubnet:
- description: |-
- serviceSubnet is the subnet used by k8s services.
- Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
- to "10.96.0.0/12" if that's unset.
- type: string
- type: object
- scheduler:
- description: scheduler contains extra settings for
- the scheduler control plane component
- properties:
- extraArgs:
- additionalProperties:
- type: string
- description: extraArgs is an extra set of flags
- to pass to the control plane component.
- type: object
- extraEnvs:
- description: |-
- extraEnvs is an extra set of environment variables to pass to the control plane component.
- Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
- This option takes effect only on Kubernetes >=1.31.0.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if value
- is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env
- vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- extraVolumes:
- description: extraVolumes is an extra set of host
- volumes, mounted to the control plane component.
- items:
- description: |-
- HostPathMount contains elements describing volumes that are mounted from the
- host.
- properties:
- hostPath:
- description: |-
- hostPath is the path in the host that will be mounted inside
- the pod.
- type: string
- mountPath:
- description: mountPath is the path inside
- the pod where hostPath will be mounted.
- type: string
- name:
- description: name of the volume inside the
- pod template.
- type: string
- pathType:
- description: pathType is the type of the
- HostPath.
- type: string
- readOnly:
- description: readOnly controls write access
- to the volume
- type: boolean
- required:
- - hostPath
- - mountPath
- - name
- type: object
- type: array
- type: object
- type: object
- diskSetup:
- description: diskSetup specifies options for the creation
- of partition tables and file systems on devices.
- properties:
- filesystems:
- description: filesystems specifies the list of file
- systems to setup.
- items:
- description: Filesystem defines the file systems
- to be created.
- properties:
- device:
- description: device specifies the device name
- type: string
- extraOpts:
- description: extraOpts defined extra options
- to add to the command for creating the file
- system.
- items:
- type: string
- type: array
- filesystem:
- description: filesystem specifies the file system
- type.
- type: string
- label:
- description: label specifies the file system
- label to be used. If set to None, no label
- is used.
- type: string
- overwrite:
- description: |-
- overwrite defines whether or not to overwrite any existing filesystem.
- If true, any pre-existing file system will be destroyed. Use with Caution.
- type: boolean
- partition:
- description: 'partition specifies the partition
- to use. The valid options are: "auto|any",
- "auto", "any", "none", and <NUM>, where NUM
- is the actual partition number.'
- type: string
- replaceFS:
- description: |-
- replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
- NOTE: unless you define a label, this requires the use of the 'any' partition directive.
- type: string
- required:
- - device
- - filesystem
- - label
- type: object
- type: array
- partitions:
- description: partitions specifies the list of the
- partitions to setup.
- items:
- description: Partition defines how to create and
- layout a partition.
- properties:
- device:
- description: device is the name of the device.
- type: string
- layout:
- description: |-
- layout specifies the device layout.
- If it is true, a single partition will be created for the entire device.
- When layout is false, it means don't partition or ignore existing partitioning.
- type: boolean
- overwrite:
- description: |-
- overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
- Use with caution. Default is 'false'.
- type: boolean
- tableType:
- description: |-
- tableType specifies the tupe of partition table. The following are supported:
- 'mbr': default and setups a MS-DOS partition table
- 'gpt': setups a GPT partition table
- type: string
- required:
- - device
- - layout
- type: object
- type: array
- type: object
- files:
- description: files specifies extra files to be passed
- to user_data upon creation.
- items:
- description: File defines the input for generating write_files
- in cloud-init.
- properties:
- append:
- description: append specifies whether to append
- Content to existing file if Path exists.
- type: boolean
- content:
- description: content is the actual content of the
- file.
- type: string
- contentFrom:
- description: contentFrom is a referenced source
- of content to populate the file.
- properties:
- secret:
- description: secret represents a secret that
- should populate this file.
- properties:
- key:
- description: key is the key in the secret's
- data map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- encoding:
- description: encoding specifies the encoding of
- the file contents.
- enum:
- - base64
- - gzip
- - gzip+base64
- type: string
- owner:
- description: owner specifies the ownership of the
- file, e.g. "root:root".
- type: string
- path:
- description: path specifies the full path on disk
- where to store the file.
- type: string
- permissions:
- description: permissions specifies the permissions
- to assign to the file, e.g. "0640".
- type: string
- required:
- - path
- type: object
- type: array
- format:
- description: format specifies the output format of the
- bootstrap data
- enum:
- - cloud-config
- - ignition
- type: string
- ignition:
- description: ignition contains Ignition specific configuration.
- properties:
- containerLinuxConfig:
- description: containerLinuxConfig contains CLC specific
- configuration.
- properties:
- additionalConfig:
- description: |-
- additionalConfig contains additional configuration to be merged with the Ignition
- configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
-
- The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
- type: string
- strict:
- description: strict controls if AdditionalConfig
- should be strictly parsed. If so, warnings are
- treated as errors.
- type: boolean
- type: object
- type: object
- initConfiguration:
- description: initConfiguration along with ClusterConfiguration
- are the configurations necessary for the init command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- bootstrapTokens:
- description: |-
- bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
- This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
- items:
- description: BootstrapToken describes one bootstrap
- token, stored as a Secret in the cluster.
- properties:
- description:
- description: |-
- description sets a human-friendly message why this token exists and what it's used
- for, so other administrators can know its purpose.
- type: string
- expires:
- description: |-
- expires specifies the timestamp when this token expires. Defaults to being set
- dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
- format: date-time
- type: string
- groups:
- description: |-
- groups specifies the extra groups that this token will authenticate as when/if
- used for authentication
- items:
- type: string
- type: array
- token:
- description: |-
- token is used for establishing bidirectional trust between nodes and control-planes.
- Used for joining nodes in the cluster.
- type: string
- ttl:
- description: |-
- ttl defines the time to live for this token. Defaults to 24h.
- Expires and TTL are mutually exclusive.
- type: string
- usages:
- description: |-
- usages describes the ways in which this token can be used. Can by default be used
- for establishing bidirectional trust, but that can be changed here.
- items:
- type: string
- type: array
- required:
- - token
- type: object
- type: array
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- localAPIEndpoint:
- description: |-
- localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
- In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
- is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
- configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
- on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
- fails you may set the desired value here.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP address
- for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a
- slice of pre-flight errors to be ignored when
- the current node is registered.
- items:
- type: string
- type: array
- imagePullPolicy:
- description: |-
- imagePullPolicy specifies the policy for image pulling
- during kubeadm "init" and "join" operations. The value of
- this field must be one of "Always", "IfNotPresent" or
- "Never". Defaults to "IfNotPresent". This can be used only
- with Kubernetes version equal to 1.22 and later.
- enum:
- - Always
- - IfNotPresent
- - Never
- type: string
- imagePullSerial:
- description: |-
- imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
- This option takes effect only on Kubernetes >=1.31.0.
- Default: true (defaulted in kubeadm)
- type: boolean
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to
- be applied to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding
- to the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- patches:
- description: |-
- patches contains options related to applying patches to components deployed by kubeadm during
- "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
- properties:
- directory:
- description: |-
- directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
- For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
- "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
- of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
- The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
- "suffix" is an optional string that can be used to determine which patches are applied
- first alpha-numerically.
- These files can be written into the target directory via KubeadmConfig.Files which
- specifies additional files to be created on the machine, either with content inline or
- by referencing a secret.
- type: string
- type: object
- skipPhases:
- description: |-
- skipPhases is a list of phases to skip during command execution.
- The list of phases can be obtained with the "kubeadm init --help" command.
- This option takes effect only on Kubernetes >=1.22.0.
- items:
- type: string
- type: array
- type: object
- joinConfiguration:
- description: joinConfiguration is the kubeadm configuration
- for the join command
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- caCertPath:
- description: |-
- caCertPath is the path to the SSL certificate authority used to
- secure comunications between node and control-plane.
- Defaults to "/etc/kubernetes/pki/ca.crt".
- type: string
- controlPlane:
- description: |-
- controlPlane defines the additional control plane instance to be deployed on the joining node.
- If nil, no additional control plane instance will be deployed.
- properties:
- localAPIEndpoint:
- description: localAPIEndpoint represents the endpoint
- of the API server instance to be deployed on
- this node.
- properties:
- advertiseAddress:
- description: advertiseAddress sets the IP
- address for the API server to advertise.
- type: string
- bindPort:
- description: |-
- bindPort sets the secure port for the API Server to bind to.
- Defaults to 6443.
- format: int32
- type: integer
- type: object
- type: object
- discovery:
- description: discovery specifies the options for the
- kubelet to use during the TLS Bootstrap process
- properties:
- bootstrapToken:
- description: |-
- bootstrapToken is used to set the options for bootstrap token based discovery
- BootstrapToken and File are mutually exclusive
- properties:
- apiServerEndpoint:
- description: apiServerEndpoint is an IP or
- domain name to the API server from which
- info will be fetched.
- type: string
- caCertHashes:
- description: |-
- caCertHashes specifies a set of public key pins to verify
- when token-based discovery is used. The root CA found during discovery
- must match one of these values. Specifying an empty set disables root CA
- pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
- where the only currently supported type is "sha256". This is a hex-encoded
- SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
- ASN.1. These hashes can be calculated using, for example, OpenSSL:
- openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
- items:
- type: string
- type: array
- token:
- description: |-
- token is a token used to validate cluster information
- fetched from the control-plane.
- type: string
- unsafeSkipCAVerification:
- description: |-
- unsafeSkipCAVerification allows token-based discovery
- without CA verification via CACertHashes. This can weaken
- the security of kubeadm since other nodes can impersonate the control-plane.
- type: boolean
- required:
- - token
- type: object
- file:
- description: |-
- file is used to specify a file or URL to a kubeconfig file from which to load cluster information
- BootstrapToken and File are mutually exclusive
- properties:
- kubeConfig:
- description: |-
- kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
- The file is generated at the path specified in KubeConfigPath.
-
- Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
- Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
- properties:
- cluster:
- description: |-
- cluster contains information about how to communicate with the kubernetes cluster.
-
- By default the following fields are automatically populated:
- - Server with the Cluster's ControlPlaneEndpoint.
- - CertificateAuthorityData with the Cluster's CA certificate.
- properties:
- certificateAuthorityData:
- description: |-
- certificateAuthorityData contains PEM-encoded certificate authority certificates.
-
- Defaults to the Cluster's CA certificate if empty.
- format: byte
- type: string
- insecureSkipTLSVerify:
- description: insecureSkipTLSVerify
- skips the validity check for the
- server's certificate. This will
- make your HTTPS connections insecure.
- type: boolean
- proxyURL:
- description: |-
- proxyURL is the URL to the proxy to be used for all requests made by this
- client. URLs with "http", "https", and "socks5" schemes are supported. If
- this configuration is not provided or the empty string, the client
- attempts to construct a proxy configuration from http_proxy and
- https_proxy environment variables. If these environment variables are not
- set, the client does not attempt to proxy requests.
-
- socks5 proxying does not currently support spdy streaming endpoints (exec,
- attach, port forward).
- type: string
- server:
- description: |-
- server is the address of the kubernetes cluster (https://hostname:port).
-
- Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
- type: string
- tlsServerName:
- description: tlsServerName is used
- to check server certificate. If
- TLSServerName is empty, the hostname
- used to contact the server is used.
- type: string
- type: object
- user:
- description: |-
- user contains information that describes identity information.
- This is used to tell the kubernetes cluster who you are.
- properties:
- authProvider:
- description: authProvider specifies
- a custom authentication plugin for
- the kubernetes cluster.
- properties:
- config:
- additionalProperties:
- type: string
- description: config holds the
- parameters for the authentication
- plugin.
- type: object
- name:
- description: name is the name
- of the authentication plugin.
- type: string
- required:
- - name
- type: object
- exec:
- description: exec specifies a custom
- exec-based authentication plugin
- for the kubernetes cluster.
- properties:
- apiVersion:
- description: |-
- Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
- the same encoding version as the input.
- Defaults to client.authentication.k8s.io/v1 if not set.
- type: string
- args:
- description: Arguments to pass
- to the command when executing
- it.
- items:
- type: string
- type: array
- command:
- description: command to execute.
- type: string
- env:
- description: |-
- env defines additional environment variables to expose to the process. These
- are unioned with the host's environment, as well as variables client-go uses
- to pass argument to the plugin.
- items:
- description: |-
- KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
- credential plugin.
- properties:
- name:
- type: string
- value:
- type: string
- required:
- - name
- - value
- type: object
- type: array
- provideClusterInfo:
- description: |-
- provideClusterInfo determines whether or not to provide cluster information,
- which could potentially contain very large CA data, to this exec plugin as a
- part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
- to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
- reading this environment variable.
- type: boolean
- required:
- - command
- type: object
- type: object
- required:
- - user
- type: object
- kubeConfigPath:
- description: kubeConfigPath is used to specify
- the actual file path or URL to the kubeconfig
- file from which to load cluster information
- type: string
- required:
- - kubeConfigPath
- type: object
- timeout:
- description: timeout modifies the discovery timeout
- type: string
- tlsBootstrapToken:
- description: |-
- tlsBootstrapToken is a token used for TLS bootstrapping.
- If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
- If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
- type: string
- type: object
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- nodeRegistration:
- description: |-
- nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
- When used in the context of control plane nodes, NodeRegistration should remain consistent
- across both InitConfiguration and JoinConfiguration
- properties:
- criSocket:
- description: criSocket is used to retrieve container
- runtime info. This information will be annotated
- to the Node API object, for later re-use
- type: string
- ignorePreflightErrors:
- description: ignorePreflightErrors provides a
- slice of pre-flight errors to be ignored when
- the current node is registered.
- items:
- type: string
- type: array
- imagePullPolicy:
- description: |-
- imagePullPolicy specifies the policy for image pulling
- during kubeadm "init" and "join" operations. The value of
- this field must be one of "Always", "IfNotPresent" or
- "Never". Defaults to "IfNotPresent". This can be used only
- with Kubernetes version equal to 1.22 and later.
- enum:
- - Always
- - IfNotPresent
- - Never
- type: string
- imagePullSerial:
- description: |-
- imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
- This option takes effect only on Kubernetes >=1.31.0.
- Default: true (defaulted in kubeadm)
- type: boolean
- kubeletExtraArgs:
- additionalProperties:
- type: string
- description: |-
- kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
- kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
- Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
- type: object
- name:
- description: |-
- name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
- This field is also used in the CommonName field of the kubelet's client certificate to the API server.
- Defaults to the hostname of the node if not provided.
- type: string
- taints:
- description: |-
- taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
- it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
- empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
- items:
- description: |-
- The node this Taint is attached to has the "effect" on
- any pod that does not tolerate the Taint.
- properties:
- effect:
- description: |-
- Required. The effect of the taint on pods
- that do not tolerate the taint.
- Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Required. The taint key to
- be applied to a node.
- type: string
- timeAdded:
- description: |-
- TimeAdded represents the time at which the taint was added.
- It is only written for NoExecute taints.
- format: date-time
- type: string
- value:
- description: The taint value corresponding
- to the taint key.
- type: string
- required:
- - effect
- - key
- type: object
- type: array
- type: object
- patches:
- description: |-
- patches contains options related to applying patches to components deployed by kubeadm during
- "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
- properties:
- directory:
- description: |-
- directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
- For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
- "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
- of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
- The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
- "suffix" is an optional string that can be used to determine which patches are applied
- first alpha-numerically.
- These files can be written into the target directory via KubeadmConfig.Files which
- specifies additional files to be created on the machine, either with content inline or
- by referencing a secret.
- type: string
- type: object
- skipPhases:
- description: |-
- skipPhases is a list of phases to skip during command execution.
- The list of phases can be obtained with the "kubeadm init --help" command.
- This option takes effect only on Kubernetes >=1.22.0.
- items:
- type: string
- type: array
- type: object
- mounts:
- description: mounts specifies a list of mount points to
- be setup.
- items:
- description: MountPoints defines input for generated
- mounts in cloud-init.
- items:
- type: string
- type: array
- type: array
- ntp:
- description: ntp specifies NTP configuration
- properties:
- enabled:
- description: enabled specifies whether NTP should
- be enabled
- type: boolean
- servers:
- description: servers specifies which NTP servers to
- use
- items:
- type: string
- type: array
- type: object
- postKubeadmCommands:
- description: postKubeadmCommands specifies extra commands
- to run after kubeadm runs
- items:
- type: string
- type: array
- preKubeadmCommands:
- description: preKubeadmCommands specifies extra commands
- to run before kubeadm runs
- items:
- type: string
- type: array
- useExperimentalRetryJoin:
- description: |-
- useExperimentalRetryJoin replaces a basic kubeadm command with a shell
- script with retries for joins.
-
- This is meant to be an experimental temporary workaround on some environments
- where joins fail due to timing (and other issues). The long term goal is to add retries to
- kubeadm proper and use that functionality.
-
- This will add about 40KB to userdata
-
- For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
-
- Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
- When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
- type: boolean
- users:
- description: users specifies extra users to add
- items:
- description: User defines the input for a generated
- user in cloud-init.
- properties:
- gecos:
- description: gecos specifies the gecos to use for
- the user
- type: string
- groups:
- description: groups specifies the additional groups
- for the user
- type: string
- homeDir:
- description: homeDir specifies the home directory
- to use for the user
- type: string
- inactive:
- description: inactive specifies whether to mark
- the user as inactive
- type: boolean
- lockPassword:
- description: lockPassword specifies if password
- login should be disabled
- type: boolean
- name:
- description: name specifies the user name
- type: string
- passwd:
- description: passwd specifies a hashed password
- for the user
- type: string
- passwdFrom:
- description: passwdFrom is a referenced source of
- passwd to populate the passwd.
- properties:
- secret:
- description: secret represents a secret that
- should populate this password.
- properties:
- key:
- description: key is the key in the secret's
- data map for this value.
- type: string
- name:
- description: name of the secret in the KubeadmBootstrapConfig's
- namespace to use.
- type: string
- required:
- - key
- - name
- type: object
- required:
- - secret
- type: object
- primaryGroup:
- description: primaryGroup specifies the primary
- group for the user
- type: string
- shell:
- description: shell specifies the user's shell
- type: string
- sshAuthorizedKeys:
- description: sshAuthorizedKeys specifies a list
- of ssh authorized keys for the user
- items:
- type: string
- type: array
- sudo:
- description: sudo specifies a sudo role for the
- user
- type: string
- required:
- - name
- type: object
- type: array
- verbosity:
- description: |-
- verbosity is the number for the kubeadm log level verbosity.
- It overrides the `--v` flag in kubeadm commands.
- format: int32
- type: integer
- type: object
- machineNamingStrategy:
- description: |-
- MachineNamingStrategy allows changing the naming pattern used when creating Machines.
- InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.
- properties:
- template:
- description: |-
- Template defines the template to use for generating the names of the Machine objects.
- If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`.
- If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will
- get concatenated with a random suffix of length 5.
- Length of the template string must not exceed 256 characters.
- The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`.
- The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created.
- The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created.
- The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5.
- maxLength: 256
- type: string
- type: object
- machineTemplate:
- description: |-
- machineTemplate contains information about how machines
- should be shaped when creating or updating a control plane.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- properties:
- annotations:
- additionalProperties:
- type: string
- description: |-
- annotations is an unstructured key value map stored with a resource that may be
- set by external tools to store and retrieve arbitrary metadata. They are not
- queryable and should be preserved when modifying objects.
- More info: http://kubernetes.io/docs/user-guide/annotations
- type: object
- labels:
- additionalProperties:
- type: string
- description: |-
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services.
- More info: http://kubernetes.io/docs/user-guide/labels
- type: object
- type: object
- nodeDeletionTimeout:
- description: |-
- nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
- hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
- If no value is provided, the default value for this property of the Machine resource will be used.
- type: string
- nodeDrainTimeout:
- description: |-
- nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
- The default value is 0, meaning that the node can be drained without any time limitations.
- NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
- type: string
- nodeVolumeDetachTimeout:
- description: |-
- nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
- to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
- type: string
- type: object
- remediationStrategy:
- description: The RemediationStrategy that controls how control
- plane machine remediation happens.
- properties:
- maxRetry:
- description: "maxRetry is the Max number of retries while
- attempting to remediate an unhealthy machine.\nA retry
- happens when a machine that was created as a replacement
- for an unhealthy machine also fails.\nFor example, given
- a control plane with three machines M1, M2, M3:\n\n\tM1
- become unhealthy; remediation happens, and M1-1 is created
- as a replacement.\n\tIf M1-1 (replacement of M1) has
- problems while bootstrapping it will become unhealthy,
- and then be\n\tremediated; such operation is considered
- a retry, remediation-retry #1.\n\tIf M1-2 (replacement
- of M1-1) becomes unhealthy, remediation-retry #2 will
- happen, etc.\n\nA retry could happen only after RetryPeriod
- from the previous retry.\nIf a machine is marked as
- unhealthy after MinHealthyPeriod from the previous remediation
- expired,\nthis is not considered a retry anymore because
- the new issue is assumed unrelated from the previous
- one.\n\nIf not set, the remedation will be retried infinitely."
- format: int32
- type: integer
- minHealthyPeriod:
- description: "minHealthyPeriod defines the duration after
- which KCP will consider any failure to a machine unrelated\nfrom
- the previous one. In this case the remediation is not
- considered a retry anymore, and thus the retry\ncounter
- restarts from 0. For example, assuming MinHealthyPeriod
- is set to 1h (default)\n\n\tM1 become unhealthy; remediation
- happens, and M1-1 is created as a replacement.\n\tIf
- M1-1 (replacement of M1) has problems within the 1hr
- after the creation, also\n\tthis machine will be remediated
- and this operation is considered a retry - a problem
- related\n\tto the original issue happened to M1 -.\n\n\tIf
- instead the problem on M1-1 is happening after MinHealthyPeriod
- expired, e.g. four days after\n\tm1-1 has been created
- as a remediation of M1, the problem on M1-1 is considered
- unrelated to\n\tthe original issue happened to M1.\n\nIf
- not set, this value is defaulted to 1h."
- type: string
- retryPeriod:
- description: |-
- retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement
- for an unhealthy machine (a retry).
-
- If not set, a retry will happen immediately.
- type: string
- type: object
- rolloutAfter:
- description: |-
- rolloutAfter is a field to indicate a rollout should be performed
- after the specified time even if no changes have been made to the
- KubeadmControlPlane.
- format: date-time
- type: string
- rolloutBefore:
- description: |-
- rolloutBefore is a field to indicate a rollout should be performed
- if the specified criteria is met.
- properties:
- certificatesExpiryDays:
- description: |-
- certificatesExpiryDays indicates a rollout needs to be performed if the
- certificates of the machine will expire within the specified days.
- format: int32
- type: integer
- type: object
- rolloutStrategy:
- default:
- rollingUpdate:
- maxSurge: 1
- type: RollingUpdate
- description: |-
- The RolloutStrategy to use to replace control plane machines with
- new ones.
- properties:
- rollingUpdate:
- description: |-
- Rolling update config params. Present only if
- RolloutStrategyType = RollingUpdate.
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: |-
- The maximum number of control planes that can be scheduled above or under the
- desired number of control planes.
- Value can be an absolute number 1 or 0.
- Defaults to 1.
- Example: when this is set to 1, the control plane can be scaled
- up immediately when the rolling update starts.
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: |-
- type of rollout. Currently the only supported strategy is
- "RollingUpdate".
- Default is RollingUpdate.
- type: string
- type: object
- required:
- - kubeadmConfigSpec
- type: object
- required:
- - spec
- type: object
- required:
- - template
- type: object
- type: object
- served: true
- storage: true
- subresources: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-manager
- namespace: capi-kubeadm-control-plane-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-leader-election-role
- namespace: capi-kubeadm-control-plane-system
-rules:
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-aggregationRule:
- clusterRoleSelectors:
- - matchLabels:
- kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-aggregated-manager-role
-rules: []
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
- name: capi-kubeadm-control-plane-manager-role
-rules:
-- apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
-- apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
-- apiGroups:
- - bootstrap.cluster.x-k8s.io
- - controlplane.cluster.x-k8s.io
- - infrastructure.cluster.x-k8s.io
- resources:
- - '*'
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - cluster.x-k8s.io
- resources:
- - clusters
- - clusters/status
- - machinepools
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - cluster.x-k8s.io
- resources:
- - machines
- - machines/status
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - create
- - get
- - list
- - patch
- - update
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-leader-election-rolebinding
- namespace: capi-kubeadm-control-plane-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: capi-kubeadm-control-plane-leader-election-role
-subjects:
-- kind: ServiceAccount
- name: capi-kubeadm-control-plane-manager
- namespace: capi-kubeadm-control-plane-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-manager-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: capi-kubeadm-control-plane-aggregated-manager-role
-subjects:
-- kind: ServiceAccount
- name: capi-kubeadm-control-plane-manager
- namespace: capi-kubeadm-control-plane-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-webhook-service
- namespace: capi-kubeadm-control-plane-system
-spec:
- ports:
- - port: 443
- targetPort: webhook-server
- selector:
- cluster.x-k8s.io/provider: control-plane-kubeadm
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- control-plane: controller-manager
- name: capi-kubeadm-control-plane-controller-manager
- namespace: capi-kubeadm-control-plane-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- control-plane: controller-manager
- strategy: {}
- template:
- metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- control-plane: controller-manager
- spec:
- containers:
- - args:
- - --leader-elect
- - --diagnostics-address=:8443
- - --insecure-diagnostics=false
- - --use-deprecated-infra-machine-naming=false
- - --feature-gates=MachinePool=true,ClusterTopology=false,KubeadmBootstrapFormatIgnition=false
- command:
- - /manager
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_UID
- valueFrom:
- fieldRef:
- fieldPath: metadata.uid
- image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.9.5
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9443
- name: webhook-server
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- - containerPort: 8443
- name: metrics
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources: {}
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- runAsGroup: 65532
- runAsUser: 65532
- terminationMessagePolicy: FallbackToLogsOnError
- volumeMounts:
- - mountPath: /tmp/k8s-webhook-server/serving-certs
- name: cert
- readOnly: true
- securityContext:
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: capi-kubeadm-control-plane-manager
- terminationGracePeriodSeconds: 10
- tolerations:
- - effect: NoSchedule
- key: node-role.kubernetes.io/master
- - effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
- volumes:
- - name: cert
- secret:
- secretName: capi-kubeadm-control-plane-webhook-service-cert
-status: {}
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-mutating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-kubeadm-control-plane-webhook-service
- namespace: capi-kubeadm-control-plane-system
- path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
- rules:
- - apiGroups:
- - controlplane.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - kubeadmcontrolplanes
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-kubeadm-control-plane-webhook-service
- namespace: capi-kubeadm-control-plane-system
- path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
- failurePolicy: Fail
- name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
- rules:
- - apiGroups:
- - controlplane.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - kubeadmcontrolplanetemplates
- sideEffects: None
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: control-plane-kubeadm
- clusterctl.cluster.x-k8s.io: ""
- name: capi-kubeadm-control-plane-validating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-kubeadm-control-plane-webhook-service
- namespace: capi-kubeadm-control-plane-system
- path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
- rules:
- - apiGroups:
- - controlplane.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - UPDATE
- resources:
- - kubeadmcontrolplanes/scale
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-kubeadm-control-plane-webhook-service
- namespace: capi-kubeadm-control-plane-system
- path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
- rules:
- - apiGroups:
- - controlplane.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - kubeadmcontrolplanes
- sideEffects: None
-- admissionReviewVersions:
- - v1
- - v1beta1
- clientConfig:
- service:
- name: capi-kubeadm-control-plane-webhook-service
- namespace: capi-kubeadm-control-plane-system
- path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
- failurePolicy: Fail
- name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
- rules:
- - apiGroups:
- - controlplane.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - kubeadmcontrolplanetemplates
- sideEffects: None
+++ /dev/null
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: orc
- control-plane: controller-manager
- name: orc-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.16.4
- name: images.openstack.k-orc.cloud
-spec:
- group: openstack.k-orc.cloud
- names:
- kind: Image
- listKind: ImageList
- plural: images
- singular: image
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Resource ID
- jsonPath: .status.id
- name: ID
- type: string
- - description: Availability status of resource
- jsonPath: .status.conditions[?(@.type=='Available')].status
- name: Available
- type: string
- - description: Message describing current availability status
- jsonPath: .status.conditions[?(@.type=='Available')].message
- name: Message
- type: string
- - description: Time duration since creation
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: Image is the Schema for an ORC resource.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: ImageSpec defines the desired state of an ORC object.
- properties:
- cloudCredentialsRef:
- description: CloudCredentialsRef points to a secret containing OpenStack
- credentials
- properties:
- cloudName:
- description: CloudName specifies the name of the entry in the
- clouds.yaml file to use.
- maxLength: 256
- minLength: 1
- type: string
- secretName:
- description: |-
- SecretName is the name of a secret in the same namespace as the resource being provisioned.
- The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
- The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
- maxLength: 253
- minLength: 1
- type: string
- required:
- - cloudName
- - secretName
- type: object
- import:
- description: |-
- Import refers to an existing OpenStack resource which will be imported instead of
- creating a new one.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: |-
- Filter contains a resource query which is expected to return a single
- result. The controller will continue to retry if filter returns no
- results. If filter returns multiple results the controller will set an
- error state and will not continue to retry.
- minProperties: 1
- properties:
- name:
- description: Name specifies the name of a Glance image
- maxLength: 1000
- minLength: 1
- type: string
- type: object
- id:
- description: |-
- ID contains the unique identifier of an existing OpenStack resource. Note
- that when specifying an import by ID, the resource MUST already exist.
- The ORC object will enter an error state if the resource does not exist.
- format: uuid
- type: string
- type: object
- managedOptions:
- description: ManagedOptions specifies options which may be applied
- to managed objects.
- properties:
- onDelete:
- default: delete
- description: |-
- OnDelete specifies the behaviour of the controller when the ORC
- object is deleted. Options are `delete` - delete the OpenStack resource;
- `detach` - do not delete the OpenStack resource. If not specified, the
- default is `delete`.
- enum:
- - delete
- - detach
- type: string
- type: object
- managementPolicy:
- default: managed
- description: |-
- ManagementPolicy defines how ORC will treat the object. Valid values are
- `managed`: ORC will create, update, and delete the resource; `unmanaged`:
- ORC will import an existing resource, and will not apply updates to it or
- delete it.
- enum:
- - managed
- - unmanaged
- type: string
- x-kubernetes-validations:
- - message: managementPolicy is immutable
- rule: self == oldSelf
- resource:
- description: |-
- Resource specifies the desired state of the resource.
-
- Resource may not be specified if the management policy is `unmanaged`.
-
- Resource must be specified if the management policy is `managed`.
- properties:
- content:
- description: Content specifies how to obtain the image content.
- properties:
- containerFormat:
- default: bare
- description: |-
- ContainerFormat is the format of the image container.
- qcow2 and raw images do not usually have a container. This is specified as "bare", which is also the default.
- Permitted values are ami, ari, aki, bare, ovf, ova, and docker.
- enum:
- - ami
- - ari
- - aki
- - bare
- - ovf
- - ova
- - docker
- type: string
- diskFormat:
- description: |-
- DiskFormat is the format of the disk image.
- Normal values are "qcow2", or "raw". Glance may be configured to support others.
- enum:
- - ami
- - ari
- - aki
- - vhd
- - vhdx
- - vmdk
- - raw
- - qcow2
- - vdi
- - ploop
- - iso
- type: string
- download:
- description: |-
- Download describes how to obtain image data by downloading it from a URL.
- Must be set when creating a managed image.
- properties:
- decompress:
- description: |-
- Decompress specifies that the source data must be decompressed with the
- given compression algorithm before being stored. Specifying Decompress
- will disable the use of Glance's web-download, as web-download cannot
- currently deterministically decompress downloaded content.
- enum:
- - xz
- - gz
- - bz2
- type: string
- hash:
- description: |-
- Hash is a hash which will be used to verify downloaded data, i.e.
- before any decompression. If not specified, no hash verification will be
- performed. Specifying a Hash will disable the use of Glance's
- web-download, as web-download cannot currently deterministically verify
- the hash of downloaded content.
- properties:
- algorithm:
- description: Algorithm is the hash algorithm used
- to generate value.
- enum:
- - md5
- - sha1
- - sha256
- - sha512
- type: string
- value:
- description: Value is the hash of the image data using
- Algorithm. It must be hex encoded using lowercase
- letters.
- maxLength: 1024
- minLength: 1
- pattern: ^[0-9a-f]+$
- type: string
- required:
- - algorithm
- - value
- type: object
- x-kubernetes-validations:
- - message: hash is immutable
- rule: self == oldSelf
- url:
- description: URL containing image data
- format: uri
- type: string
- required:
- - url
- type: object
- required:
- - diskFormat
- - download
- type: object
- x-kubernetes-validations:
- - message: content is immutable
- rule: self == oldSelf
- name:
- description: |-
- Name will be the name of the created Glance image. If not specified, the
- name of the Image object will be used.
- maxLength: 1024
- minLength: 1
- type: string
- properties:
- description: Properties is metadata available to consumers of
- the image
- properties:
- hardware:
- description: |-
- Hardware is a set of properties which control the virtual hardware
- created by Nova.
- properties:
- cdromBus:
- description: CDROMBus specifies the type of disk controller
- to attach CD-ROM devices to.
- enum:
- - scsi
- - virtio
- - uml
- - xen
- - ide
- - usb
- - lxc
- type: string
- cpuCores:
- description: CPUCores is the preferred number of cores
- to expose to the guest
- type: integer
- cpuPolicy:
- description: |-
- CPUPolicy is used to pin the virtual CPUs (vCPUs) of instances to the
- host's physical CPU cores (pCPUs). Host aggregates should be used to
- separate these pinned instances from unpinned instances as the latter
- will not respect the resourcing requirements of the former.
-
- Permitted values are shared (the default), and dedicated.
-
- shared: The guest vCPUs will be allowed to freely float across host
- pCPUs, albeit potentially constrained by NUMA policy.
-
- dedicated: The guest vCPUs will be strictly pinned to a set of host
- pCPUs. In the absence of an explicit vCPU topology request, the
- drivers typically expose all vCPUs as sockets with one core and one
- thread. When strict CPU pinning is in effect the guest CPU topology
- will be setup to match the topology of the CPUs to which it is
- pinned. This option implies an overcommit ratio of 1.0. For example,
- if a two vCPU guest is pinned to a single host core with two threads,
- then the guest will get a topology of one socket, one core, two
- threads.
- enum:
- - shared
- - dedicated
- type: string
- cpuSockets:
- description: CPUSockets is the preferred number of sockets
- to expose to the guest
- type: integer
- cpuThreadPolicy:
- description: |-
- CPUThreadPolicy further refines a CPUPolicy of 'dedicated' by stating
- how hardware CPU threads in a simultaneous multithreading-based (SMT)
- architecture be used. SMT-based architectures include Intel
- processors with Hyper-Threading technology. In these architectures,
- processor cores share a number of components with one or more other
- cores. Cores in such architectures are commonly referred to as
- hardware threads, while the cores that a given core share components
- with are known as thread siblings.
-
- Permitted values are prefer (the default), isolate, and require.
-
- prefer: The host may or may not have an SMT architecture. Where an
- SMT architecture is present, thread siblings are preferred.
-
- isolate: The host must not have an SMT architecture or must emulate a
- non-SMT architecture. If the host does not have an SMT architecture,
- each vCPU is placed on a different core as expected. If the host does
- have an SMT architecture - that is, one or more cores have thread
- siblings - then each vCPU is placed on a different physical core. No
- vCPUs from other guests are placed on the same core. All but one
- thread sibling on each utilized core is therefore guaranteed to be
- unusable.
-
- require: The host must have an SMT architecture. Each vCPU is
- allocated on thread siblings. If the host does not have an SMT
- architecture, then it is not used. If the host has an SMT
- architecture, but not enough cores with free thread siblings are
- available, then scheduling fails.
- enum:
- - prefer
- - isolate
- - require
- type: string
- cpuThreads:
- description: CPUThreads is the preferred number of threads
- to expose to the guest
- type: integer
- diskBus:
- description: DiskBus specifies the type of disk controller
- to attach disk devices to.
- enum:
- - scsi
- - virtio
- - uml
- - xen
- - ide
- - usb
- - lxc
- type: string
- scsiModel:
- description: |-
- SCSIModel enables the use of VirtIO SCSI (virtio-scsi) to provide
- block device access for compute instances; by default, instances use
- VirtIO Block (virtio-blk). VirtIO SCSI is a para-virtualized SCSI
- controller device that provides improved scalability and performance,
- and supports advanced SCSI hardware.
-
- The only permitted value is virtio-scsi.
- enum:
- - virtio-scsi
- type: string
- vifModel:
- description: |-
- VIFModel specifies the model of virtual network interface device to use.
-
- Permitted values are e1000, e1000e, ne2k_pci, pcnet, rtl8139, virtio,
- and vmxnet3.
- enum:
- - e1000
- - e1000e
- - ne2k_pci
- - pcnet
- - rtl8139
- - virtio
- - vmxnet3
- type: string
- type: object
- minDiskGB:
- description: MinDisk is the minimum amount of disk space in
- GB that is required to boot the image
- minimum: 1
- type: integer
- minMemoryMB:
- description: MinMemoryMB is the minimum amount of RAM in MB
- that is required to boot the image.
- minimum: 1
- type: integer
- type: object
- protected:
- description: |-
- Protected specifies that the image is protected from deletion.
- If not specified, the default is false.
- type: boolean
- tags:
- description: Tags is a list of tags which will be applied to the
- image. A tag has a maximum length of 255 characters.
- items:
- maxLength: 255
- minLength: 1
- type: string
- type: array
- x-kubernetes-list-type: set
- visibility:
- description: Visibility of the image
- enum:
- - public
- - private
- - shared
- - community
- type: string
- x-kubernetes-validations:
- - message: visibility is immutable
- rule: self == oldSelf
- type: object
- x-kubernetes-validations:
- - message: name is immutable
- rule: 'has(self.name) ? self.name == oldSelf.name : !has(oldSelf.name)'
- - message: name is immutable
- rule: 'has(self.protected) ? self.protected == oldSelf.protected
- : !has(oldSelf.protected)'
- - message: tags is immutable
- rule: 'has(self.tags) ? self.tags == oldSelf.tags : !has(oldSelf.tags)'
- - message: visibility is immutable
- rule: 'has(self.visibility) ? self.visibility == oldSelf.visibility
- : !has(oldSelf.visibility)'
- - message: properties is immutable
- rule: 'has(self.properties) ? self.properties == oldSelf.properties
- : !has(oldSelf.properties)'
- required:
- - cloudCredentialsRef
- type: object
- x-kubernetes-validations:
- - message: resource must be specified when policy is managed
- rule: 'self.managementPolicy == ''managed'' ? has(self.resource) : true'
- - message: import may not be specified when policy is managed
- rule: 'self.managementPolicy == ''managed'' ? !has(self.__import__)
- : true'
- - message: resource may not be specified when policy is unmanaged
- rule: 'self.managementPolicy == ''unmanaged'' ? !has(self.resource)
- : true'
- - message: import must be specified when policy is unmanaged
- rule: 'self.managementPolicy == ''unmanaged'' ? has(self.__import__)
- : true'
- - message: managedOptions may only be provided when policy is managed
- rule: 'has(self.managedOptions) ? self.managementPolicy == ''managed''
- : true'
- - message: resource content must be specified when not importing
- rule: '!has(self.__import__) ? has(self.resource.content) : true'
- status:
- description: ImageStatus defines the observed state of an ORC resource.
- properties:
- conditions:
- description: |-
- Conditions represents the observed status of the object.
- Known .status.conditions.type are: "Available", "Progressing"
-
- Available represents the availability of the OpenStack resource. If it is
- true then the resource is ready for use.
-
- Progressing indicates whether the controller is still attempting to
- reconcile the current state of the OpenStack resource to the desired
- state. Progressing will be False either because the desired state has
- been achieved, or because some terminal error prevents it from ever being
- achieved and the controller is no longer attempting to reconcile. If
- Progressing is True, an observer waiting on the resource should continue
- to wait.
- items:
- description: Condition contains details for one aspect of the current
- state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- downloadAttempts:
- description: DownloadAttempts is the number of times the controller
- has attempted to download the image contents
- type: integer
- id:
- description: ID is the unique identifier of the OpenStack resource.
- type: string
- resource:
- description: Resource contains the observed state of the OpenStack
- resource.
- properties:
- hash:
- description: |-
- Hash is the hash of the image data published by Glance. Note that this is
- a hash of the data stored internally by Glance, which will have been
- decompressed and potentially format converted depending on server-side
- configuration which is not visible to clients. It is expected that this
- hash will usually differ from the download hash.
- properties:
- algorithm:
- description: Algorithm is the hash algorithm used to generate
- value.
- enum:
- - md5
- - sha1
- - sha256
- - sha512
- type: string
- value:
- description: Value is the hash of the image data using Algorithm.
- It must be hex encoded using lowercase letters.
- maxLength: 1024
- minLength: 1
- pattern: ^[0-9a-f]+$
- type: string
- required:
- - algorithm
- - value
- type: object
- sizeB:
- description: SizeB is the size of the image data, in bytes
- format: int64
- type: integer
- status:
- description: Status is the image status as reported by Glance
- type: string
- virtualSizeB:
- description: VirtualSizeB is the size of the disk the image data
- represents, in bytes
- format: int64
- type: integer
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: orc
- name: orc-controller-manager
- namespace: orc-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: orc
- name: orc-leader-election-role
- namespace: orc-system
-rules:
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: orc
- name: orc-image-editor-role
-rules:
-- apiGroups:
- - openstack.k-orc.cloud
- resources:
- - images
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - openstack.k-orc.cloud
- resources:
- - images/status
- verbs:
- - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: orc
- name: orc-image-viewer-role
-rules:
-- apiGroups:
- - openstack.k-orc.cloud
- resources:
- - images
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - openstack.k-orc.cloud
- resources:
- - images/status
- verbs:
- - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: orc-manager-role
-rules:
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - openstack.k-orc.cloud
- resources:
- - images
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - openstack.k-orc.cloud
- resources:
- - images/status
- verbs:
- - get
- - patch
- - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: orc-metrics-auth-role
-rules:
-- apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
-- apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: orc-metrics-reader
-rules:
-- nonResourceURLs:
- - /metrics
- verbs:
- - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: orc
- name: orc-leader-election-rolebinding
- namespace: orc-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: orc-leader-election-role
-subjects:
-- kind: ServiceAccount
- name: orc-controller-manager
- namespace: orc-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: orc
- name: orc-manager-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: orc-manager-role
-subjects:
-- kind: ServiceAccount
- name: orc-controller-manager
- namespace: orc-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: orc-metrics-auth-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: orc-metrics-auth-role
-subjects:
-- kind: ServiceAccount
- name: orc-controller-manager
- namespace: orc-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: orc
- control-plane: controller-manager
- name: orc-controller-manager-metrics-service
- namespace: orc-system
-spec:
- ports:
- - name: https
- port: 8443
- protocol: TCP
- targetPort: 8443
- selector:
- control-plane: controller-manager
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: orc
- control-plane: controller-manager
- name: orc-controller-manager
- namespace: orc-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- control-plane: controller-manager
- template:
- metadata:
- annotations:
- kubectl.kubernetes.io/default-container: manager
- labels:
- control-plane: controller-manager
- spec:
- containers:
- - args:
- - --metrics-bind-address=:8443
- - --leader-elect
- - --health-probe-bind-address=:8081
- command:
- - /manager
- image: quay.io/orc/openstack-resource-controller:v1.0.1
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 20
- name: manager
- readinessProbe:
- httpGet:
- path: /readyz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- limits:
- cpu: 500m
- memory: 128Mi
- requests:
- cpu: 10m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- runAsGroup: 65532
- runAsUser: 65532
- terminationMessagePolicy: FallbackToLogsOnError
- securityContext:
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: orc-controller-manager
- terminationGracePeriodSeconds: 10
+++ /dev/null
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- pod-security.kubernetes.io/audit: restricted
- pod-security.kubernetes.io/enforce: restricted
- pod-security.kubernetes.io/warn: restricted
- name: capo-system
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- name: capo-selfsigned-issuer
- namespace: capo-system
-spec:
- selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- name: capo-serving-cert
- namespace: capo-system
-spec:
- dnsNames:
- - capo-webhook-service.capo-system.svc
- - capo-webhook-service.capo-system.svc.cluster.local
- issuerRef:
- kind: Issuer
- name: capo-selfsigned-issuer
- secretName: capo-webhook-service-cert
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.5
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: openstackclusters.infrastructure.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capo-webhook-service
- namespace: capo-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: infrastructure.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: OpenStackCluster
- listKind: OpenStackClusterList
- plural: openstackclusters
- shortNames:
- - osc
- singular: openstackcluster
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Cluster to which this OpenStackCluster belongs
- jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
- name: Cluster
- type: string
- - description: Cluster infrastructure is ready for OpenStack instances
- jsonPath: .status.ready
- name: Ready
- type: string
- - description: Network the cluster is using
- jsonPath: .status.network.id
- name: Network
- type: string
- - description: API Endpoint
- jsonPath: .spec.controlPlaneEndpoint.host
- name: Endpoint
- priority: 1
- type: string
- - description: Bastion address for breakglass access
- jsonPath: .status.bastion.floatingIP
- name: Bastion IP
- type: string
- - description: Time duration since creation of OpenStackCluster
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- deprecated: true
- deprecationWarning: The v1alpha7 version of OpenStackCluster has been deprecated
- and will be removed in a future release.
- name: v1alpha7
- schema:
- openAPIV3Schema:
- description: |-
- OpenStackCluster is the Schema for the openstackclusters API.
-
- Deprecated: v1alpha7.OpenStackCluster has been replaced by v1beta1.OpenStackCluster.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
- properties:
- allowAllInClusterTraffic:
- description: |-
- AllowAllInClusterTraffic is only used when managed security groups are in use.
- If set to true, the rules for the managed security groups are configured so that all
- ingress and egress between cluster nodes is permitted, allowing CNIs other than
- Calico to be used.
- type: boolean
- apiServerFixedIP:
- description: |-
- APIServerFixedIP is the fixed IP which will be associated with the API server.
- In the case where the API server has a floating IP but not a managed load balancer,
- this field is not used.
- If a managed load balancer is used and this field is not specified, a fixed IP will
- be dynamically allocated for the load balancer.
- If a managed load balancer is not used AND the API server floating IP is disabled,
- this field MUST be specified and should correspond to a pre-allocated port that
- holds the fixed IP to be used as a VIP.
- type: string
- apiServerFloatingIP:
- description: |-
- APIServerFloatingIP is the floatingIP which will be associated with the API server.
- The floatingIP will be created if it does not already exist.
- If not specified, a new floatingIP is allocated.
- This field is not used if DisableAPIServerFloatingIP is set to true.
- type: string
- apiServerLoadBalancer:
- description: |-
- APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
- It must be activated by setting `enabled: true`.
- properties:
- additionalPorts:
- description: AdditionalPorts adds additional tcp ports to the
- load balancer.
- items:
- type: integer
- type: array
- allowedCidrs:
- description: AllowedCIDRs restrict access to all API-Server listeners
- to the given address CIDRs.
- items:
- type: string
- type: array
- enabled:
- description: Enabled defines whether a load balancer should be
- created.
- type: boolean
- provider:
- description: Octavia Provider Used to create load balancer
- type: string
- type: object
- apiServerPort:
- description: |-
- APIServerPort is the port on which the listener on the APIServer
- will be created
- type: integer
- bastion:
- description: |-
- Bastion is the OpenStack instance to login the nodes
-
- As a rolling update is not ideal during a bastion host session, we
- prevent changes to a running bastion configuration. Set `enabled: false` to
- make changes.
- properties:
- availabilityZone:
- type: string
- enabled:
- type: boolean
- instance:
- description: Instance for the bastion itself
- properties:
- additionalBlockDevices:
- description: AdditionalBlockDevices is a list of specifications
- for additional block devices to attach to the server instance
- items:
- description: AdditionalBlockDevice is a block device to
- attach to the server.
- properties:
- name:
- description: |-
- Name of the block device in the context of a machine.
- If the block device is a volume, the Cinder volume will be named
- as a combination of the machine name and this name.
- Also, this name will be used for tagging the block device.
- Information about the block device tag can be obtained from the OpenStack
- metadata API or the config drive.
- type: string
- sizeGiB:
- description: SizeGiB is the size of the block device
- in gibibytes (GiB).
- type: integer
- storage:
- description: |-
- Storage specifies the storage type of the block device and
- additional storage options.
- properties:
- type:
- description: |-
- Type is the type of block device to create.
- This can be either "Volume" or "Local".
- type: string
- volume:
- description: Volume contains additional storage
- options for a volume block device.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume in.
- If omitted, the availability zone of the server will be used.
- The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
- to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
- further information.
- type: string
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- type: object
- required:
- - type
- type: object
- required:
- - name
- - sizeGiB
- - storage
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- cloudName:
- description: The name of the cloud to use from the clouds
- secret
- type: string
- configDrive:
- description: Config Drive support
- type: boolean
- flavor:
- description: The flavor reference for the flavor for your
- server instance.
- minLength: 1
- type: string
- flavorID:
- description: |-
- FlavorID allows flavors to be specified by ID. This field takes precedence
- over Flavor.
- minLength: 1
- type: string
- floatingIP:
- description: |-
- The floatingIP which will be associated to the machine, only used for master.
- The floatingIP should have been created and haven't been associated.
- type: string
- identityRef:
- description: |-
- IdentityRef is a reference to a identity to be used when reconciling this cluster.
- If not specified, the identity ref of the cluster will be used instead.
- properties:
- kind:
- description: |-
- Kind of the identity. Must be supported by the infrastructure
- provider and may be either cluster or namespace-scoped.
- minLength: 1
- type: string
- name:
- description: |-
- Name of the infrastructure identity to be used.
- Must be either a cluster-scoped resource, or namespaced-scoped
- resource the same namespace as the resource(s) being provisioned.
- type: string
- required:
- - kind
- - name
- type: object
- image:
- description: |-
- The name of the image to use for your server instance.
- If the RootVolume is specified, this will be ignored and use rootVolume directly.
- type: string
- imageUUID:
- description: |-
- The uuid of the image to use for your server instance.
- if it's empty, Image name will be used
- type: string
- instanceID:
- description: InstanceID is the OpenStack instance ID for this
- machine.
- type: string
- ports:
- description: |-
- Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
- If not specified a default port will be added for the default cluster network.
- items:
- properties:
- adminStateUp:
- type: boolean
- allowedAddressPairs:
- items:
- properties:
- ipAddress:
- type: string
- macAddress:
- type: string
- type: object
- type: array
- description:
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: Specify pairs of subnet and/or IP address.
- These should be subnets of the network with the given
- NetworkID.
- items:
- properties:
- ipAddress:
- type: string
- subnet:
- description: |-
- Subnet is an openstack subnet query that will return the id of a subnet to create
- the fixed IP of a port in. This query must not return more than one subnet.
- properties:
- cidr:
- type: string
- description:
- type: string
- gateway_ip:
- type: string
- id:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RaMode:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- required:
- - subnet
- type: object
- type: array
- hostId:
- description: The ID of the host where the port is allocated
- type: string
- macAddress:
- type: string
- nameSuffix:
- description: Used to make the name of the port unique.
- If unspecified, instead the 0-based index of the port
- in the list is used.
- type: string
- network:
- description: |-
- Network is a query for an openstack network that the port will be created or discovered on.
- This will fail if the query returns more than one network.
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding details.
- We intentionally don't expose this as a map[string]string because we only want to enable
- the users to set the values of the keys that are known to work in OpenStack Networking API.
- See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- properties:
- ovsHWOffload:
- description: OVSHWOffload enables or disables the
- OVS hardware offload feature.
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables
- the propagate uplink status on the port.
- type: boolean
- securityGroupFilters:
- description: The names, uuids, filters or any combination
- these of the security groups to assign to the instance
- items:
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- type: array
- tags:
- description: |-
- Tags applied to the port (and corresponding trunk, if a trunk is configured.)
- These tags are applied in addition to the instance's tags, which will also be applied to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Enables and disables trunk at port level.
- If not provided, openStackMachine.Spec.Trunk is inherited.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec
- key-value pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value
- pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: The virtual network interface card (vNIC)
- type that is bound to the neutron port.
- type: string
- type: object
- type: array
- providerID:
- description: ProviderID is the unique identifier as specified
- by the cloud provider.
- type: string
- rootVolume:
- description: The volume metadata to boot from
- properties:
- availabilityZone:
- type: string
- diskSize:
- type: integer
- volumeType:
- type: string
- type: object
- securityGroups:
- description: The names of the security groups to assign to
- the instance
- items:
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- type: array
- serverGroupID:
- description: The server group to assign the machine to
- type: string
- serverMetadata:
- additionalProperties:
- type: string
- description: Metadata mapping. Allows you to create a map
- of key value pairs to add to the server instance.
- type: object
- sshKeyName:
- description: The ssh key to inject in the instance
- type: string
- tags:
- description: |-
- Machine tags
- Requires Nova api 2.52 minimum!
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Whether the server instance is created on a trunk
- port or not.
- type: boolean
- type: object
- type: object
- cloudName:
- description: The name of the cloud to use from the clouds secret
- type: string
- controlPlaneAvailabilityZones:
- description: ControlPlaneAvailabilityZones is the az to deploy control
- plane to
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- controlPlaneEndpoint:
- description: ControlPlaneEndpoint represents the endpoint used to
- communicate with the control plane.
- properties:
- host:
- description: The hostname on which the API server is serving.
- type: string
- port:
- description: The port on which the API server is serving.
- format: int32
- type: integer
- required:
- - host
- - port
- type: object
- controlPlaneOmitAvailabilityZone:
- description: |-
- Indicates whether to omit the az for control plane nodes, allowing the Nova scheduler
- to make a decision on which az to use based on other scheduling constraints
- type: boolean
- disableAPIServerFloatingIP:
- description: |-
- DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
- IP to the API server. This allows for the creation of clusters when attaching a floating
- IP to the API server (and hence, in many cases, exposing the API server to the internet)
- is not possible or desirable, e.g. if using a shared VLAN for communication between
- management and workload clusters or when the management cluster is inside the
- project network.
- This option requires that the API server use a VIP on the cluster network so that the
- underlying machines can change without changing ControlPlaneEndpoint.Host.
- When using a managed load balancer, this VIP will be managed automatically.
- If not using a managed load balancer, cluster configuration will fail without additional
- configuration to manage the VIP on the control plane machines, which falls outside of
- the scope of this controller.
- type: boolean
- disablePortSecurity:
- description: |-
- DisablePortSecurity disables the port security of the network created for the
- Kubernetes cluster, which also disables SecurityGroups
- type: boolean
- dnsNameservers:
- description: |-
- DNSNameservers is the list of nameservers for OpenStack Subnet being created.
- Set this value when you need create a new network/subnet while the access
- through DNS is required.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- externalNetworkId:
- description: |-
- ExternalNetworkID is the ID of an external OpenStack Network. This is necessary
- to get public internet to the VMs.
- type: string
- externalRouterIPs:
- description: |-
- ExternalRouterIPs is an array of externalIPs on the respective subnets.
- This is necessary if the router needs a fixed ip in a specific subnet.
- items:
- properties:
- fixedIP:
- description: The FixedIP in the corresponding subnet
- type: string
- subnet:
- description: The subnet in which the FixedIP is used for the
- Gateway of this router
- properties:
- cidr:
- type: string
- description:
- type: string
- gateway_ip:
- type: string
- id:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RaMode:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- required:
- - subnet
- type: object
- type: array
- identityRef:
- description: IdentityRef is a reference to a identity to be used when
- reconciling this cluster
- properties:
- kind:
- description: |-
- Kind of the identity. Must be supported by the infrastructure
- provider and may be either cluster or namespace-scoped.
- minLength: 1
- type: string
- name:
- description: |-
- Name of the infrastructure identity to be used.
- Must be either a cluster-scoped resource, or namespaced-scoped
- resource the same namespace as the resource(s) being provisioned.
- type: string
- required:
- - kind
- - name
- type: object
- managedSecurityGroups:
- description: |-
- ManagedSecurityGroups determines whether OpenStack security groups for the cluster
- will be managed by the OpenStack provider or whether pre-existing security groups will
- be specified as part of the configuration.
- By default, the managed security groups have rules that allow the Kubelet, etcd, the
- Kubernetes API server and the Calico CNI plugin to function correctly.
- type: boolean
- network:
- description: If NodeCIDR cannot be set this can be used to detect
- an existing network.
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- networkMtu:
- description: |-
- NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
- This value will be used only if the Cluster actuator creates the network.
- If leaved empty, the network will have the default MTU defined in Openstack network service.
- To use this field, the Openstack installation requires the net-mtu neutron API extension.
- type: integer
- nodeCidr:
- description: |-
- NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a
- network, a subnet with NodeCIDR, and a router connected to this subnet.
- If you leave this empty, no network will be created.
- type: string
- router:
- description: |-
- If NodeCIDR is set this option can be used to detect an existing router.
- If specified, no new router will be created.
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- subnet:
- description: If NodeCIDR cannot be set this can be used to detect
- an existing subnet.
- properties:
- cidr:
- type: string
- description:
- type: string
- gateway_ip:
- type: string
- id:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RaMode:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- tags:
- description: Tags for all resources in cluster
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- status:
- description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
- properties:
- apiServerLoadBalancer:
- description: APIServerLoadBalancer describes the api server load balancer
- if one exists
- properties:
- allowedCIDRs:
- items:
- type: string
- type: array
- id:
- type: string
- internalIP:
- type: string
- ip:
- type: string
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - internalIP
- - ip
- - name
- type: object
- bastion:
- properties:
- floatingIP:
- type: string
- id:
- type: string
- ip:
- type: string
- name:
- type: string
- sshKeyName:
- type: string
- state:
- description: InstanceState describes the state of an OpenStack
- instance.
- type: string
- type: object
- bastionSecurityGroup:
- description: |-
- SecurityGroup represents the basic information of the associated
- OpenStack Neutron Security Group.
- properties:
- id:
- type: string
- name:
- type: string
- rules:
- items:
- description: |-
- SecurityGroupRule represent the basic information of the associated OpenStack
- Security Group Role.
- properties:
- description:
- type: string
- direction:
- type: string
- etherType:
- type: string
- name:
- type: string
- portRangeMax:
- type: integer
- portRangeMin:
- type: integer
- protocol:
- type: string
- remoteGroupID:
- type: string
- remoteIPPrefix:
- type: string
- securityGroupID:
- type: string
- required:
- - description
- - direction
- - etherType
- - name
- - portRangeMax
- - portRangeMin
- - protocol
- - remoteGroupID
- - remoteIPPrefix
- - securityGroupID
- type: object
- type: array
- required:
- - id
- - name
- type: object
- controlPlaneSecurityGroup:
- description: |-
- ControlPlaneSecurityGroups contains all the information about the OpenStack
- Security Group that needs to be applied to control plane nodes.
- properties:
- id:
- type: string
- name:
- type: string
- rules:
- items:
- description: |-
- SecurityGroupRule represent the basic information of the associated OpenStack
- Security Group Role.
- properties:
- description:
- type: string
- direction:
- type: string
- etherType:
- type: string
- name:
- type: string
- portRangeMax:
- type: integer
- portRangeMin:
- type: integer
- protocol:
- type: string
- remoteGroupID:
- type: string
- remoteIPPrefix:
- type: string
- securityGroupID:
- type: string
- required:
- - description
- - direction
- - etherType
- - name
- - portRangeMax
- - portRangeMin
- - protocol
- - remoteGroupID
- - remoteIPPrefix
- - securityGroupID
- type: object
- type: array
- required:
- - id
- - name
- type: object
- externalNetwork:
- description: externalNetwork contains information about the external
- network used for default ingress and egress traffic.
- properties:
- id:
- type: string
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - name
- type: object
- failureDomains:
- additionalProperties:
- description: |-
- FailureDomainSpec is the Schema for Cluster API failure domains.
- It allows controllers to understand how many failure domains a cluster can optionally span across.
- properties:
- attributes:
- additionalProperties:
- type: string
- description: attributes is a free form map of attributes an
- infrastructure provider might use or require.
- type: object
- controlPlane:
- description: controlPlane determines if this failure domain
- is suitable for use by control plane machines.
- type: boolean
- type: object
- description: FailureDomains represent OpenStack availability zones
- type: object
- failureMessage:
- description: |-
- FailureMessage will be set in the event that there is a terminal problem
- reconciling the OpenStackCluster and will contain a more verbose string suitable
- for logging and human consumption.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the OpenStackCluster's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of
- OpenStackClusters can be added as events to the OpenStackCluster object
- and/or logged in the controller's output.
- type: string
- failureReason:
- description: |-
- FailureReason will be set in the event that there is a terminal problem
- reconciling the OpenStackCluster and will contain a succinct value suitable
- for machine interpretation.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the OpenStackCluster's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of
- OpenStackClusters can be added as events to the OpenStackCluster object
- and/or logged in the controller's output.
- type: string
- network:
- description: Network contains information about the created OpenStack
- Network.
- properties:
- id:
- type: string
- name:
- type: string
- subnets:
- description: Subnets is a list of subnets associated with the
- default cluster network. Machines which use the default cluster
- network will get an address from all of these subnets.
- items:
- description: Subnet represents basic information about the associated
- OpenStack Neutron Subnet.
- properties:
- cidr:
- type: string
- id:
- type: string
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - cidr
- - id
- - name
- type: object
- type: array
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - name
- type: object
- ready:
- type: boolean
- router:
- description: Router describes the default cluster router
- properties:
- id:
- type: string
- ips:
- items:
- type: string
- type: array
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - name
- type: object
- workerSecurityGroup:
- description: |-
- WorkerSecurityGroup contains all the information about the OpenStack Security
- Group that needs to be applied to worker nodes.
- properties:
- id:
- type: string
- name:
- type: string
- rules:
- items:
- description: |-
- SecurityGroupRule represent the basic information of the associated OpenStack
- Security Group Role.
- properties:
- description:
- type: string
- direction:
- type: string
- etherType:
- type: string
- name:
- type: string
- portRangeMax:
- type: integer
- portRangeMin:
- type: integer
- protocol:
- type: string
- remoteGroupID:
- type: string
- remoteIPPrefix:
- type: string
- securityGroupID:
- type: string
- required:
- - description
- - direction
- - etherType
- - name
- - portRangeMax
- - portRangeMin
- - protocol
- - remoteGroupID
- - remoteIPPrefix
- - securityGroupID
- type: object
- type: array
- required:
- - id
- - name
- type: object
- required:
- - ready
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Cluster to which this OpenStackCluster belongs
- jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
- name: Cluster
- type: string
- - description: Cluster infrastructure is ready for OpenStack instances
- jsonPath: .status.ready
- name: Ready
- type: string
- - description: Network the cluster is using
- jsonPath: .status.network.id
- name: Network
- type: string
- - description: API Endpoint
- jsonPath: .spec.controlPlaneEndpoint.host
- name: Endpoint
- priority: 1
- type: string
- - description: Bastion address for breakglass access
- jsonPath: .status.bastion.floatingIP
- name: Bastion IP
- type: string
- - description: Time duration since creation of OpenStackCluster
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: OpenStackCluster is the Schema for the openstackclusters API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
- properties:
- apiServerFixedIP:
- description: |-
- APIServerFixedIP is the fixed IP which will be associated with the API server.
- In the case where the API server has a floating IP but not a managed load balancer,
- this field is not used.
- If a managed load balancer is used and this field is not specified, a fixed IP will
- be dynamically allocated for the load balancer.
- If a managed load balancer is not used AND the API server floating IP is disabled,
- this field MUST be specified and should correspond to a pre-allocated port that
- holds the fixed IP to be used as a VIP.
- type: string
- apiServerFloatingIP:
- description: |-
- APIServerFloatingIP is the floatingIP which will be associated with the API server.
- The floatingIP will be created if it does not already exist.
- If not specified, a new floatingIP is allocated.
- This field is not used if DisableAPIServerFloatingIP is set to true.
- type: string
- apiServerLoadBalancer:
- description: |-
- APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
- If not specified, no load balancer will be created for the API server.
- properties:
- additionalPorts:
- description: AdditionalPorts adds additional tcp ports to the
- load balancer.
- items:
- type: integer
- type: array
- x-kubernetes-list-type: set
- allowedCIDRs:
- description: AllowedCIDRs restrict access to all API-Server listeners
- to the given address CIDRs.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- availabilityZone:
- description: AvailabilityZone is the failure domain that will
- be used to create the APIServerLoadBalancer Spec.
- type: string
- enabled:
- default: true
- description: |-
- Enabled defines whether a load balancer should be created. This value
- defaults to true if an APIServerLoadBalancer is given.
-
- There is no reason to set this to false. To disable creation of the
- API server loadbalancer, omit the APIServerLoadBalancer field in the
- cluster spec instead.
- type: boolean
- flavor:
- description: Flavor is the flavor name that will be used to create
- the APIServerLoadBalancer Spec.
- type: string
- network:
- description: Network defines which network should the load balancer
- be allocated on.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use. If ID is
- provided, the other filters cannot be provided. Must be
- in UUID format.
- format: uuid
- type: string
- type: object
- provider:
- description: |-
- Provider specifies name of a specific Octavia provider to use for the
- API load balancer. The Octavia default will be used if it is not
- specified.
- type: string
- subnets:
- description: |-
- Subnets define which subnets should the load balancer be allocated on.
- It is expected that subnets are located on the network specified in this resource.
- Only the first element is taken into account.
- kubebuilder:validation:MaxLength:=2
- items:
- description: SubnetParam specifies an OpenStack subnet to use.
- It may be specified by either ID or filter, but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select the subnet.
- It must match exactly one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet. It will not be
- validated.
- format: uuid
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- required:
- - enabled
- type: object
- apiServerPort:
- description: |-
- APIServerPort is the port on which the listener on the APIServer
- will be created. If specified, it must be an integer between 0 and 65535.
- maximum: 65535
- minimum: 0
- type: integer
- bastion:
- description: |-
- Bastion is the OpenStack instance to login the nodes
-
- As a rolling update is not ideal during a bastion host session, we
- prevent changes to a running bastion configuration. To make changes, it's required
- to first set `enabled: false` which will remove the bastion and then changes can be made.
- properties:
- availabilityZone:
- description: AvailabilityZone is the failure domain that will
- be used to create the Bastion Spec.
- type: string
- enabled:
- default: true
- description: |-
- Enabled means that bastion is enabled. The bastion is enabled by
- default if this field is not specified. Set this field to false to disable the
- bastion.
-
- It is not currently possible to remove the bastion from the cluster
- spec without first disabling it by setting this field to false and
- waiting until the bastion has been deleted.
- type: boolean
- floatingIP:
- description: |-
- FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID.
- The floating IP should already exist and should not be associated with a port. If FIP of this address does not
- exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so.
- format: ipv4
- type: string
- spec:
- description: Spec for the bastion itself
- properties:
- additionalBlockDevices:
- description: AdditionalBlockDevices is a list of specifications
- for additional block devices to attach to the server instance
- items:
- description: AdditionalBlockDevice is a block device to
- attach to the server.
- properties:
- name:
- description: |-
- Name of the block device in the context of a machine.
- If the block device is a volume, the Cinder volume will be named
- as a combination of the machine name and this name.
- Also, this name will be used for tagging the block device.
- Information about the block device tag can be obtained from the OpenStack
- metadata API or the config drive.
- Name cannot be 'root', which is reserved for the root volume.
- type: string
- sizeGiB:
- description: SizeGiB is the size of the block device
- in gibibytes (GiB).
- minimum: 1
- type: integer
- storage:
- description: |-
- Storage specifies the storage type of the block device and
- additional storage options.
- properties:
- type:
- description: |-
- Type is the type of block device to create.
- This can be either "Volume" or "Local".
- type: string
- volume:
- description: Volume contains additional storage
- options for a volume block device.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from is 'Name'
- or default
- rule: '!has(self.from) || self.from == ''Name''
- ? has(self.name) : !has(self.name)'
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- type: object
- required:
- - type
- type: object
- required:
- - name
- - sizeGiB
- - storage
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- configDrive:
- description: Config Drive support
- type: boolean
- flavor:
- description: The flavor reference for the flavor for your
- server instance.
- minLength: 1
- type: string
- flavorID:
- description: |-
- FlavorID allows flavors to be specified by ID. This field takes precedence
- over Flavor.
- minLength: 1
- type: string
- floatingIPPoolRef:
- description: |-
- floatingIPPoolRef is a reference to a IPPool that will be assigned
- to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
- will be assigned to the OpenStackMachine.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- identityRef:
- description: |-
- IdentityRef is a reference to a secret holding OpenStack credentials
- to be used when reconciling this machine. If not specified, the
- credentials specified in the cluster will be used.
- properties:
- cloudName:
- description: CloudName specifies the name of the entry
- in the clouds.yaml file to use.
- type: string
- name:
- description: |-
- Name is the name of a secret in the same namespace as the resource being provisioned.
- The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
- The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
- type: string
- region:
- description: |-
- Region specifies an OpenStack region to use. If specified, it overrides
- any value in clouds.yaml. If specified for an OpenStackMachine, its
- value will be included in providerID.
- type: string
- required:
- - cloudName
- - name
- type: object
- x-kubernetes-validations:
- - message: region is immutable
- rule: (!has(self.region) && !has(oldSelf.region)) || self.region
- == oldSelf.region
- image:
- description: |-
- The image to use for your server instance.
- If the rootVolume is specified, this will be used when creating the root volume.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: |-
- Filter describes a query for an image. If specified, the combination
- of name and tags must return a single matching image or an error will
- be raised.
- minProperties: 1
- properties:
- name:
- description: The name of the desired image. If specified,
- the combination of name and tags must return a single
- matching image or an error will be raised.
- type: string
- tags:
- description: The tags associated with the desired
- image. If specified, the combination of name and
- tags must return a single matching image or an error
- will be raised.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the image. ID will not
- be validated before use.
- format: uuid
- type: string
- imageRef:
- description: |-
- ImageRef is a reference to an ORC Image in the same namespace as the
- referring object.
- properties:
- name:
- description: Name is the name of the referenced resource
- type: string
- required:
- - name
- type: object
- type: object
- ports:
- description: |-
- Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
- If not specified a default port will be added for the default cluster network.
- items:
- properties:
- adminStateUp:
- description: AdminStateUp specifies whether the port
- should be created in the up (true) or down (false)
- state. The default is up.
- type: boolean
- allowedAddressPairs:
- description: |-
- AllowedAddressPairs is a list of address pairs which Neutron will
- allow the port to send traffic from in addition to the port's
- addresses. If not specified, the MAC Address will be the MAC Address
- of the port. Depending on the configuration of Neutron, it may be
- supported to specify a CIDR instead of a specific IP address.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is the IP address of the allowed address pair. Depending on
- the configuration of Neutron, it may be supported to specify a CIDR
- instead of a specific IP address.
- type: string
- macAddress:
- description: |-
- MACAddress is the MAC address of the allowed address pair. If not
- specified, the MAC address will be the MAC address of the port.
- type: string
- required:
- - ipAddress
- type: object
- type: array
- description:
- description: Description is a human-readable description
- for the port.
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: FixedIPs is a list of pairs of subnet and/or
- IP address to assign to the port. If specified, these
- must be subnets of the port's network.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is a specific IP address to assign to the port. If Subnet
- is also specified, IPAddress must be a valid IP address in the
- subnet. If Subnet is not specified, IPAddress must be a valid IP
- address in any subnet of the port's network.
- type: string
- subnet:
- description: |-
- Subnet is an openstack subnet query that will return the id of a subnet to create
- the fixed IP of a port in. This query must not return more than one subnet.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to
- select the subnet. It must match exactly
- one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet.
- It will not be validated.
- format: uuid
- type: string
- type: object
- type: object
- type: array
- x-kubernetes-list-type: atomic
- hostID:
- description: HostID specifies the ID of the host where
- the port resides.
- type: string
- macAddress:
- description: MACAddress specifies the MAC address of
- the port. If not specified, the MAC address will be
- generated.
- type: string
- nameSuffix:
- description: NameSuffix will be appended to the name
- of the port if specified. If unspecified, instead
- the 0-based index of the port in the list is used.
- type: string
- network:
- description: |-
- Network is a query for an openstack network that the port will be created or discovered on.
- This will fail if the query returns more than one network.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select
- an OpenStack network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use.
- If ID is provided, the other filters cannot be
- provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding
- details. We intentionally don't expose this as a map[string]string
- because we only want to enable the users to set the values of the
- keys that are known to work in OpenStack Networking API. See
- https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- To set profiles, your tenant needs permissions rule:create_port, and
- rule:create_port:binding:profile
- properties:
- ovsHWOffload:
- description: |-
- OVSHWOffload enables or disables the OVS hardware offload feature.
- This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
- See: https://bugs.launchpad.net/nova/+bug/2020813
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables
- the propagate uplink status on the port.
- type: boolean
- securityGroups:
- description: SecurityGroups is a list of the names,
- uuids, filters or any combination these of the security
- groups to assign to the instance.
- items:
- description: SecurityGroupParam specifies an OpenStack
- security group. It may be specified by ID or filter,
- but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select
- an OpenStack security group. If provided, cannot
- be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security group
- to use. If ID is provided, the other filters
- cannot be provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: |-
- Tags applied to the port (and corresponding trunk, if a trunk is configured.)
- These tags are applied in addition to the instance's tags, which will also be applied to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: |-
- Trunk specifies whether trunking is enabled at the port level. If not
- provided the value is inherited from the machine, or false for a
- bastion host.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec
- key-value pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value
- pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: |-
- VNICType specifies the type of vNIC which this port should be
- attached to. This is used to determine which mechanism driver(s) to
- be used to bind the port. The valid values are normal, macvtap,
- direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
- remote-managed, although these values will not be validated in this
- API to ensure compatibility with future neutron changes or custom
- implementations. What type of vNIC is actually available depends on
- deployments. If not specified, the Neutron default value is used.
- type: string
- type: object
- type: array
- providerID:
- description: ProviderID is the unique identifier as specified
- by the cloud provider.
- type: string
- rootVolume:
- description: The volume metadata to boot from
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from is 'Name' or default
- rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
- : !has(self.name)'
- sizeGiB:
- description: SizeGiB is the size of the block device in
- gibibytes (GiB).
- minimum: 1
- type: integer
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- required:
- - sizeGiB
- type: object
- schedulerHintAdditionalProperties:
- description: |-
- SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
- to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
- such as specifying certain host aggregates or availability zones.
- items:
- description: |-
- SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
- It includes a Name to identify the property and a Value that can be of various types.
- properties:
- name:
- description: |-
- Name is the name of the scheduler hint property.
- It is a unique identifier for the property.
- minLength: 1
- type: string
- value:
- description: |-
- Value is the value of the scheduler hint property, which can be of various types
- (e.g., bool, string, int). The type is indicated by the Value.Type field.
- properties:
- bool:
- description: |-
- Bool is the boolean value of the scheduler hint, used when Type is "Bool".
- This field is required if type is 'Bool', and must not be set otherwise.
- type: boolean
- number:
- description: |-
- Number is the integer value of the scheduler hint, used when Type is "Number".
- This field is required if type is 'Number', and must not be set otherwise.
- type: integer
- string:
- description: |-
- String is the string value of the scheduler hint, used when Type is "String".
- This field is required if type is 'String', and must not be set otherwise.
- maxLength: 255
- minLength: 1
- type: string
- type:
- description: |-
- Type represents the type of the value.
- Valid values are Bool, String, and Number.
- enum:
- - Bool
- - String
- - Number
- type: string
- required:
- - type
- type: object
- x-kubernetes-validations:
- - message: bool is required when type is Bool, and forbidden
- otherwise
- rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
- : !has(self.bool)'
- - message: number is required when type is Number, and
- forbidden otherwise
- rule: 'has(self.type) && self.type == ''Number'' ?
- has(self.number) : !has(self.number)'
- - message: string is required when type is String, and
- forbidden otherwise
- rule: 'has(self.type) && self.type == ''String'' ?
- has(self.string) : !has(self.string)'
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityGroups:
- description: The names of the security groups to assign to
- the instance
- items:
- description: SecurityGroupParam specifies an OpenStack security
- group. It may be specified by ID or filter, but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack
- security group. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security group to use.
- If ID is provided, the other filters cannot be provided.
- Must be in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- serverGroup:
- description: The server group to assign the machine to.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack
- server group. If provided, it cannot be empty.
- minProperties: 1
- properties:
- name:
- description: Name is the name of a server group to
- look for.
- type: string
- type: object
- id:
- description: ID is the ID of the server group to use.
- format: uuid
- type: string
- type: object
- serverMetadata:
- description: Metadata mapping. Allows you to create a map
- of key value pairs to add to the server instance.
- items:
- properties:
- key:
- description: Key is the server metadata key
- maxLength: 255
- type: string
- value:
- description: Value is the server metadata value
- maxLength: 255
- type: string
- required:
- - key
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - key
- x-kubernetes-list-type: map
- sshKeyName:
- description: The ssh key to inject in the instance
- type: string
- tags:
- description: |-
- Tags which will be added to the machine and all dependent resources
- which support them. These are in addition to Tags defined on the
- cluster.
- Requires Nova api 2.52 minimum!
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Whether the server instance is created on a trunk
- port or not.
- type: boolean
- required:
- - image
- type: object
- x-kubernetes-validations:
- - message: at least one of flavor or flavorID must be set
- rule: (has(self.flavor) || has(self.flavorID))
- type: object
- x-kubernetes-validations:
- - message: spec is required if bastion is enabled
- rule: '!self.enabled || has(self.spec)'
- controlPlaneAvailabilityZones:
- description: |-
- ControlPlaneAvailabilityZones is the set of availability zones which
- control plane machines may be deployed to.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- controlPlaneEndpoint:
- description: |-
- ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
- It is normally populated automatically by the OpenStackCluster
- controller during cluster provisioning. If it is set on creation the
- control plane endpoint will use the values set here in preference to
- values set elsewhere.
- ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set.
- properties:
- host:
- description: The hostname on which the API server is serving.
- type: string
- port:
- description: The port on which the API server is serving.
- format: int32
- type: integer
- required:
- - host
- - port
- type: object
- controlPlaneOmitAvailabilityZone:
- description: |-
- ControlPlaneOmitAvailabilityZone causes availability zone to be
- omitted when creating control plane nodes, allowing the Nova
- scheduler to make a decision on which availability zone to use based
- on other scheduling constraints
- type: boolean
- disableAPIServerFloatingIP:
- description: |-
- DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
- IP to the API server. This allows for the creation of clusters when attaching a floating
- IP to the API server (and hence, in many cases, exposing the API server to the internet)
- is not possible or desirable, e.g. if using a shared VLAN for communication between
- management and workload clusters or when the management cluster is inside the
- project network.
- This option requires that the API server use a VIP on the cluster network so that the
- underlying machines can change without changing ControlPlaneEndpoint.Host.
- When using a managed load balancer, this VIP will be managed automatically.
- If not using a managed load balancer, cluster configuration will fail without additional
- configuration to manage the VIP on the control plane machines, which falls outside of
- the scope of this controller.
- type: boolean
- disableExternalNetwork:
- description: |-
- DisableExternalNetwork specifies whether or not to attempt to connect the cluster
- to an external network. This allows for the creation of clusters when connecting
- to an external network is not possible or desirable, e.g. if using a provider network.
- type: boolean
- disablePortSecurity:
- description: |-
- DisablePortSecurity disables the port security of the network created for the
- Kubernetes cluster, which also disables SecurityGroups
- type: boolean
- externalNetwork:
- description: |-
- ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs.
- This option is ignored if DisableExternalNetwork is set to true.
-
- If ExternalNetwork is defined it must refer to exactly one external network.
-
- If ExternalNetwork is not defined or is empty the controller will use any
- existing external network as long as there is only one. It is an
- error if ExternalNetwork is not defined and there are multiple
- external networks unless DisableExternalNetwork is also set.
-
- If ExternalNetwork is not defined and there are no external networks
- the controller will proceed as though DisableExternalNetwork was set.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use. If ID is provided,
- the other filters cannot be provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- externalRouterIPs:
- description: |-
- ExternalRouterIPs is an array of externalIPs on the respective subnets.
- This is necessary if the router needs a fixed ip in a specific subnet.
- items:
- properties:
- fixedIP:
- description: The FixedIP in the corresponding subnet
- type: string
- subnet:
- description: The subnet in which the FixedIP is used for the
- Gateway of this router
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select the subnet.
- It must match exactly one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet. It will not be
- validated.
- format: uuid
- type: string
- type: object
- required:
- - subnet
- type: object
- type: array
- x-kubernetes-list-type: atomic
- identityRef:
- description: |-
- IdentityRef is a reference to a secret holding OpenStack credentials
- to be used when reconciling this cluster. It is also to reconcile
- machines unless overridden in the machine spec.
- properties:
- cloudName:
- description: CloudName specifies the name of the entry in the
- clouds.yaml file to use.
- type: string
- name:
- description: |-
- Name is the name of a secret in the same namespace as the resource being provisioned.
- The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
- The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
- type: string
- region:
- description: |-
- Region specifies an OpenStack region to use. If specified, it overrides
- any value in clouds.yaml. If specified for an OpenStackMachine, its
- value will be included in providerID.
- type: string
- required:
- - cloudName
- - name
- type: object
- x-kubernetes-validations:
- - message: region is immutable
- rule: (!has(self.region) && !has(oldSelf.region)) || self.region
- == oldSelf.region
- managedSecurityGroups:
- description: |-
- ManagedSecurityGroups determines whether OpenStack security groups for the cluster
- will be managed by the OpenStack provider or whether pre-existing security groups will
- be specified as part of the configuration.
- By default, the managed security groups have rules that allow the Kubelet, etcd, and the
- Kubernetes API server to function correctly.
- It's possible to add additional rules to the managed security groups.
- When defined to an empty struct, the managed security groups will be created with the default rules.
- properties:
- allNodesSecurityGroupRules:
- description: allNodesSecurityGroupRules defines the rules that
- should be applied to all nodes.
- items:
- description: |-
- SecurityGroupRuleSpec represent the basic information of the associated OpenStack
- Security Group Role.
- For now this is only used for the allNodesSecurityGroupRules but when we add
- other security groups, we'll need to add a validation because
- Remote* fields are mutually exclusive.
- properties:
- description:
- description: description of the security group rule.
- type: string
- direction:
- description: |-
- direction in which the security group rule is applied. The only values
- allowed are "ingress" or "egress". For a compute instance, an ingress
- security group rule is applied to incoming (ingress) traffic for that
- instance. An egress rule is applied to traffic leaving the instance.
- type: string
- etherType:
- description: |-
- etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
- ingress or egress rules.
- type: string
- name:
- description: |-
- name of the security group rule.
- It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
- type: string
- portRangeMax:
- description: |-
- portRangeMax is a number in the range that is matched by the security group
- rule. The portRangeMin attribute constrains the portRangeMax attribute.
- type: integer
- portRangeMin:
- description: |-
- portRangeMin is a number in the range that is matched by the security group
- rule. If the protocol is TCP or UDP, this value must be less than or equal
- to the value of the portRangeMax attribute.
- type: integer
- protocol:
- description: protocol is the protocol that is matched by
- the security group rule.
- type: string
- remoteGroupID:
- description: |-
- remoteGroupID is the remote group ID to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteIPPrefix:
- description: |-
- remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteManagedGroups:
- description: |-
- remoteManagedGroups is the remote managed groups to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- items:
- enum:
- - bastion
- - controlplane
- - worker
- type: string
- type: array
- required:
- - direction
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- allowAllInClusterTraffic:
- default: false
- description: AllowAllInClusterTraffic allows all ingress and egress
- traffic between cluster nodes when set to true.
- type: boolean
- controlPlaneNodesSecurityGroupRules:
- description: controlPlaneNodesSecurityGroupRules defines the rules
- that should be applied to control plane nodes.
- items:
- description: |-
- SecurityGroupRuleSpec represent the basic information of the associated OpenStack
- Security Group Role.
- For now this is only used for the allNodesSecurityGroupRules but when we add
- other security groups, we'll need to add a validation because
- Remote* fields are mutually exclusive.
- properties:
- description:
- description: description of the security group rule.
- type: string
- direction:
- description: |-
- direction in which the security group rule is applied. The only values
- allowed are "ingress" or "egress". For a compute instance, an ingress
- security group rule is applied to incoming (ingress) traffic for that
- instance. An egress rule is applied to traffic leaving the instance.
- type: string
- etherType:
- description: |-
- etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
- ingress or egress rules.
- type: string
- name:
- description: |-
- name of the security group rule.
- It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
- type: string
- portRangeMax:
- description: |-
- portRangeMax is a number in the range that is matched by the security group
- rule. The portRangeMin attribute constrains the portRangeMax attribute.
- type: integer
- portRangeMin:
- description: |-
- portRangeMin is a number in the range that is matched by the security group
- rule. If the protocol is TCP or UDP, this value must be less than or equal
- to the value of the portRangeMax attribute.
- type: integer
- protocol:
- description: protocol is the protocol that is matched by
- the security group rule.
- type: string
- remoteGroupID:
- description: |-
- remoteGroupID is the remote group ID to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteIPPrefix:
- description: |-
- remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteManagedGroups:
- description: |-
- remoteManagedGroups is the remote managed groups to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- items:
- enum:
- - bastion
- - controlplane
- - worker
- type: string
- type: array
- required:
- - direction
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- workerNodesSecurityGroupRules:
- description: workerNodesSecurityGroupRules defines the rules that
- should be applied to worker nodes.
- items:
- description: |-
- SecurityGroupRuleSpec represent the basic information of the associated OpenStack
- Security Group Role.
- For now this is only used for the allNodesSecurityGroupRules but when we add
- other security groups, we'll need to add a validation because
- Remote* fields are mutually exclusive.
- properties:
- description:
- description: description of the security group rule.
- type: string
- direction:
- description: |-
- direction in which the security group rule is applied. The only values
- allowed are "ingress" or "egress". For a compute instance, an ingress
- security group rule is applied to incoming (ingress) traffic for that
- instance. An egress rule is applied to traffic leaving the instance.
- type: string
- etherType:
- description: |-
- etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
- ingress or egress rules.
- type: string
- name:
- description: |-
- name of the security group rule.
- It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
- type: string
- portRangeMax:
- description: |-
- portRangeMax is a number in the range that is matched by the security group
- rule. The portRangeMin attribute constrains the portRangeMax attribute.
- type: integer
- portRangeMin:
- description: |-
- portRangeMin is a number in the range that is matched by the security group
- rule. If the protocol is TCP or UDP, this value must be less than or equal
- to the value of the portRangeMax attribute.
- type: integer
- protocol:
- description: protocol is the protocol that is matched by
- the security group rule.
- type: string
- remoteGroupID:
- description: |-
- remoteGroupID is the remote group ID to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteIPPrefix:
- description: |-
- remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteManagedGroups:
- description: |-
- remoteManagedGroups is the remote managed groups to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- items:
- enum:
- - bastion
- - controlplane
- - worker
- type: string
- type: array
- required:
- - direction
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- required:
- - allowAllInClusterTraffic
- type: object
- managedSubnets:
- description: |-
- ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network,
- subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4
- subnet is supported. If you leave this empty, no network will be created.
- items:
- properties:
- allocationPools:
- description: |-
- AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created.
- If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from
- outside of these ranges manually.
- items:
- properties:
- end:
- description: End represents the end of the AlloctionPool,
- that is the highest IP of the pool.
- type: string
- start:
- description: Start represents the start of the AllocationPool,
- that is the lowest IP of the pool.
- type: string
- required:
- - end
- - start
- type: object
- type: array
- cidr:
- description: |-
- CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24.
- This field is required when defining a subnet.
- type: string
- dnsNameservers:
- description: |-
- DNSNameservers holds a list of DNS server addresses that will be provided when creating
- the subnet. These addresses need to have the same IP version as CIDR.
- items:
- type: string
- type: array
- required:
- - cidr
- type: object
- maxItems: 1
- type: array
- x-kubernetes-list-type: atomic
- network:
- description: |-
- Network specifies an existing network to use if no ManagedSubnets
- are specified.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use. If ID is provided,
- the other filters cannot be provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- networkMTU:
- description: |-
- NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
- This value will be used only if the Cluster actuator creates the network.
- If left empty, the network will have the default MTU defined in Openstack network service.
- To use this field, the Openstack installation requires the net-mtu neutron API extension.
- type: integer
- router:
- description: |-
- Router specifies an existing router to be used if ManagedSubnets are
- specified. If specified, no new router will be created.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- router. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the router to use. If ID is provided,
- the other filters cannot be provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- subnets:
- description: |-
- Subnets specifies existing subnets to use if not ManagedSubnets are
- specified. All subnets must be in the network specified by Network.
- There can be zero, one, or two subnets. If no subnets are specified,
- all subnets in Network will be used. If 2 subnets are specified, one
- must be IPv4 and the other IPv6.
- items:
- description: SubnetParam specifies an OpenStack subnet to use. It
- may be specified by either ID or filter, but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select the subnet.
- It must match exactly one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet. It will not be validated.
- format: uuid
- type: string
- type: object
- maxItems: 2
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: Tags to set on all resources in cluster which support
- tags
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- required:
- - identityRef
- type: object
- x-kubernetes-validations:
- - message: bastion floating IP cannot be set when disableExternalNetwork
- is true
- rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
- ? !has(self.bastion) || !has(self.bastion.floatingIP) : true'
- - message: disableAPIServerFloatingIP cannot be false when disableExternalNetwork
- is true
- rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
- ? has(self.disableAPIServerFloatingIP) && self.disableAPIServerFloatingIP
- : true'
- status:
- description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
- properties:
- apiServerLoadBalancer:
- description: APIServerLoadBalancer describes the api server load balancer
- if one exists
- properties:
- allowedCIDRs:
- items:
- type: string
- type: array
- id:
- type: string
- internalIP:
- type: string
- ip:
- type: string
- loadBalancerNetwork:
- description: |-
- LoadBalancerNetwork contains information about network and/or subnets which the
- loadbalancer is allocated on.
- If subnets are specified within the LoadBalancerNetwork currently only the first
- subnet in the list is taken into account.
- properties:
- id:
- type: string
- name:
- type: string
- subnets:
- description: Subnets is a list of subnets associated with
- the default cluster network. Machines which use the default
- cluster network will get an address from all of these subnets.
- items:
- description: Subnet represents basic information about the
- associated OpenStack Neutron Subnet.
- properties:
- cidr:
- type: string
- id:
- type: string
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - cidr
- - id
- - name
- type: object
- type: array
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - name
- type: object
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - internalIP
- - ip
- - name
- type: object
- bastion:
- description: Bastion contains the information about the deployed bastion
- host
- properties:
- floatingIP:
- type: string
- id:
- type: string
- ip:
- type: string
- name:
- type: string
- resolved:
- description: |-
- Resolved contains parts of the bastion's machine spec with all
- external references fully resolved.
- properties:
- flavorID:
- description: FlavorID is the ID of the flavor to use.
- type: string
- imageID:
- description: ImageID is the ID of the image to use for the
- machine and is calculated based on ImageFilter.
- type: string
- ports:
- description: Ports is the fully resolved list of ports to
- create for the machine.
- items:
- description: ResolvedPortSpec is a PortOpts with all contained
- references fully resolved.
- properties:
- adminStateUp:
- description: AdminStateUp specifies whether the port
- should be created in the up (true) or down (false)
- state. The default is up.
- type: boolean
- allowedAddressPairs:
- description: |-
- AllowedAddressPairs is a list of address pairs which Neutron will
- allow the port to send traffic from in addition to the port's
- addresses. If not specified, the MAC Address will be the MAC Address
- of the port. Depending on the configuration of Neutron, it may be
- supported to specify a CIDR instead of a specific IP address.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is the IP address of the allowed address pair. Depending on
- the configuration of Neutron, it may be supported to specify a CIDR
- instead of a specific IP address.
- type: string
- macAddress:
- description: |-
- MACAddress is the MAC address of the allowed address pair. If not
- specified, the MAC address will be the MAC address of the port.
- type: string
- required:
- - ipAddress
- type: object
- type: array
- description:
- description: Description is a human-readable description
- for the port.
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: FixedIPs is a list of pairs of subnet and/or
- IP address to assign to the port. If specified, these
- must be subnets of the port's network.
- items:
- description: ResolvedFixedIP is a FixedIP with the
- Subnet resolved to an ID.
- properties:
- ipAddress:
- description: |-
- IPAddress is a specific IP address to assign to the port. If SubnetID
- is also specified, IPAddress must be a valid IP address in the
- subnet. If Subnet is not specified, IPAddress must be a valid IP
- address in any subnet of the port's network.
- type: string
- subnet:
- description: SubnetID is the id of a subnet to
- create the fixed IP of a port in.
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- hostID:
- description: HostID specifies the ID of the host where
- the port resides.
- type: string
- macAddress:
- description: MACAddress specifies the MAC address of
- the port. If not specified, the MAC address will be
- generated.
- type: string
- name:
- description: Name is the name of the port.
- type: string
- networkID:
- description: NetworkID is the ID of the network the
- port will be created in.
- type: string
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding
- details. We intentionally don't expose this as a map[string]string
- because we only want to enable the users to set the values of the
- keys that are known to work in OpenStack Networking API. See
- https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- To set profiles, your tenant needs permissions rule:create_port, and
- rule:create_port:binding:profile
- properties:
- ovsHWOffload:
- description: |-
- OVSHWOffload enables or disables the OVS hardware offload feature.
- This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
- See: https://bugs.launchpad.net/nova/+bug/2020813
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables
- the propagate uplink status on the port.
- type: boolean
- securityGroups:
- description: SecurityGroups is a list of security group
- IDs to assign to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: Tags applied to the port (and corresponding
- trunk, if a trunk is configured.)
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Trunk specifies whether trunking is enabled
- at the port level.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec
- key-value pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value
- pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: |-
- VNICType specifies the type of vNIC which this port should be
- attached to. This is used to determine which mechanism driver(s) to
- be used to bind the port. The valid values are normal, macvtap,
- direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
- remote-managed, although these values will not be validated in this
- API to ensure compatibility with future neutron changes or custom
- implementations. What type of vNIC is actually available depends on
- deployments. If not specified, the Neutron default value is used.
- type: string
- required:
- - description
- - name
- - networkID
- type: object
- type: array
- serverGroupID:
- description: ServerGroupID is the ID of the server group the
- machine should be added to and is calculated based on ServerGroupFilter.
- type: string
- type: object
- resources:
- description: Resources contains references to OpenStack resources
- created for the bastion.
- properties:
- ports:
- description: Ports is the status of the ports created for
- the machine.
- items:
- properties:
- id:
- description: ID is the unique identifier of the port.
- type: string
- required:
- - id
- type: object
- type: array
- type: object
- sshKeyName:
- type: string
- state:
- description: InstanceState describes the state of an OpenStack
- instance.
- type: string
- type: object
- bastionSecurityGroup:
- description: |-
- BastionSecurityGroup contains the information about the OpenStack
- Security Group that needs to be applied to worker nodes.
- properties:
- id:
- description: id of the security group
- type: string
- name:
- description: name of the security group
- type: string
- required:
- - id
- - name
- type: object
- controlPlaneSecurityGroup:
- description: |-
- ControlPlaneSecurityGroup contains the information about the
- OpenStack Security Group that needs to be applied to control plane
- nodes.
- properties:
- id:
- description: id of the security group
- type: string
- name:
- description: name of the security group
- type: string
- required:
- - id
- - name
- type: object
- externalNetwork:
- description: ExternalNetwork contains information about the external
- network used for default ingress and egress traffic.
- properties:
- id:
- type: string
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - name
- type: object
- failureDomains:
- additionalProperties:
- description: |-
- FailureDomainSpec is the Schema for Cluster API failure domains.
- It allows controllers to understand how many failure domains a cluster can optionally span across.
- properties:
- attributes:
- additionalProperties:
- type: string
- description: attributes is a free form map of attributes an
- infrastructure provider might use or require.
- type: object
- controlPlane:
- description: controlPlane determines if this failure domain
- is suitable for use by control plane machines.
- type: boolean
- type: object
- description: FailureDomains represent OpenStack availability zones
- type: object
- failureMessage:
- description: |-
- FailureMessage will be set in the event that there is a terminal problem
- reconciling the OpenStackCluster and will contain a more verbose string suitable
- for logging and human consumption.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the OpenStackCluster's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of
- OpenStackClusters can be added as events to the OpenStackCluster object
- and/or logged in the controller's output.
- type: string
- failureReason:
- description: |-
- FailureReason will be set in the event that there is a terminal problem
- reconciling the OpenStackCluster and will contain a succinct value suitable
- for machine interpretation.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the OpenStackCluster's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of
- OpenStackClusters can be added as events to the OpenStackCluster object
- and/or logged in the controller's output.
- type: string
- network:
- description: Network contains information about the created OpenStack
- Network.
- properties:
- id:
- type: string
- name:
- type: string
- subnets:
- description: Subnets is a list of subnets associated with the
- default cluster network. Machines which use the default cluster
- network will get an address from all of these subnets.
- items:
- description: Subnet represents basic information about the associated
- OpenStack Neutron Subnet.
- properties:
- cidr:
- type: string
- id:
- type: string
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - cidr
- - id
- - name
- type: object
- type: array
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - name
- type: object
- ready:
- default: false
- description: Ready is true when the cluster infrastructure is ready.
- type: boolean
- router:
- description: Router describes the default cluster router
- properties:
- id:
- type: string
- ips:
- items:
- type: string
- type: array
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - name
- type: object
- workerSecurityGroup:
- description: |-
- WorkerSecurityGroup contains the information about the OpenStack
- Security Group that needs to be applied to worker nodes.
- properties:
- id:
- description: id of the security group
- type: string
- name:
- description: name of the security group
- type: string
- required:
- - id
- - name
- type: object
- required:
- - ready
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.5
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: openstackclustertemplates.infrastructure.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capo-webhook-service
- namespace: capo-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: infrastructure.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: OpenStackClusterTemplate
- listKind: OpenStackClusterTemplateList
- plural: openstackclustertemplates
- shortNames:
- - osct
- singular: openstackclustertemplate
- scope: Namespaced
- versions:
- - deprecated: true
- deprecationWarning: The v1alpha7 version of OpenStackClusterTemplate has been
- deprecated and will be removed in a future release.
- name: v1alpha7
- schema:
- openAPIV3Schema:
- description: |-
- OpenStackClusterTemplate is the Schema for the openstackclustertemplates API.
-
- Deprecated: v1alpha7.OpenStackClusterTemplate has been replaced by v1beta1.OpenStackClusterTemplate.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackClusterTemplateSpec defines the desired state of
- OpenStackClusterTemplate.
- properties:
- template:
- description: OpenStackClusterTemplateResource describes the data needed
- to create a OpenStackCluster from a template.
- properties:
- spec:
- description: OpenStackClusterSpec defines the desired state of
- OpenStackCluster.
- properties:
- allowAllInClusterTraffic:
- description: |-
- AllowAllInClusterTraffic is only used when managed security groups are in use.
- If set to true, the rules for the managed security groups are configured so that all
- ingress and egress between cluster nodes is permitted, allowing CNIs other than
- Calico to be used.
- type: boolean
- apiServerFixedIP:
- description: |-
- APIServerFixedIP is the fixed IP which will be associated with the API server.
- In the case where the API server has a floating IP but not a managed load balancer,
- this field is not used.
- If a managed load balancer is used and this field is not specified, a fixed IP will
- be dynamically allocated for the load balancer.
- If a managed load balancer is not used AND the API server floating IP is disabled,
- this field MUST be specified and should correspond to a pre-allocated port that
- holds the fixed IP to be used as a VIP.
- type: string
- apiServerFloatingIP:
- description: |-
- APIServerFloatingIP is the floatingIP which will be associated with the API server.
- The floatingIP will be created if it does not already exist.
- If not specified, a new floatingIP is allocated.
- This field is not used if DisableAPIServerFloatingIP is set to true.
- type: string
- apiServerLoadBalancer:
- description: |-
- APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
- It must be activated by setting `enabled: true`.
- properties:
- additionalPorts:
- description: AdditionalPorts adds additional tcp ports
- to the load balancer.
- items:
- type: integer
- type: array
- allowedCidrs:
- description: AllowedCIDRs restrict access to all API-Server
- listeners to the given address CIDRs.
- items:
- type: string
- type: array
- enabled:
- description: Enabled defines whether a load balancer should
- be created.
- type: boolean
- provider:
- description: Octavia Provider Used to create load balancer
- type: string
- type: object
- apiServerPort:
- description: |-
- APIServerPort is the port on which the listener on the APIServer
- will be created
- type: integer
- bastion:
- description: |-
- Bastion is the OpenStack instance to login the nodes
-
- As a rolling update is not ideal during a bastion host session, we
- prevent changes to a running bastion configuration. Set `enabled: false` to
- make changes.
- properties:
- availabilityZone:
- type: string
- enabled:
- type: boolean
- instance:
- description: Instance for the bastion itself
- properties:
- additionalBlockDevices:
- description: AdditionalBlockDevices is a list of specifications
- for additional block devices to attach to the server
- instance
- items:
- description: AdditionalBlockDevice is a block device
- to attach to the server.
- properties:
- name:
- description: |-
- Name of the block device in the context of a machine.
- If the block device is a volume, the Cinder volume will be named
- as a combination of the machine name and this name.
- Also, this name will be used for tagging the block device.
- Information about the block device tag can be obtained from the OpenStack
- metadata API or the config drive.
- type: string
- sizeGiB:
- description: SizeGiB is the size of the block
- device in gibibytes (GiB).
- type: integer
- storage:
- description: |-
- Storage specifies the storage type of the block device and
- additional storage options.
- properties:
- type:
- description: |-
- Type is the type of block device to create.
- This can be either "Volume" or "Local".
- type: string
- volume:
- description: Volume contains additional
- storage options for a volume block device.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume in.
- If omitted, the availability zone of the server will be used.
- The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
- to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
- further information.
- type: string
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- type: object
- required:
- - type
- type: object
- required:
- - name
- - sizeGiB
- - storage
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- cloudName:
- description: The name of the cloud to use from the
- clouds secret
- type: string
- configDrive:
- description: Config Drive support
- type: boolean
- flavor:
- description: The flavor reference for the flavor for
- your server instance.
- minLength: 1
- type: string
- flavorID:
- description: |-
- FlavorID allows flavors to be specified by ID. This field takes precedence
- over Flavor.
- minLength: 1
- type: string
- floatingIP:
- description: |-
- The floatingIP which will be associated to the machine, only used for master.
- The floatingIP should have been created and haven't been associated.
- type: string
- identityRef:
- description: |-
- IdentityRef is a reference to a identity to be used when reconciling this cluster.
- If not specified, the identity ref of the cluster will be used instead.
- properties:
- kind:
- description: |-
- Kind of the identity. Must be supported by the infrastructure
- provider and may be either cluster or namespace-scoped.
- minLength: 1
- type: string
- name:
- description: |-
- Name of the infrastructure identity to be used.
- Must be either a cluster-scoped resource, or namespaced-scoped
- resource the same namespace as the resource(s) being provisioned.
- type: string
- required:
- - kind
- - name
- type: object
- image:
- description: |-
- The name of the image to use for your server instance.
- If the RootVolume is specified, this will be ignored and use rootVolume directly.
- type: string
- imageUUID:
- description: |-
- The uuid of the image to use for your server instance.
- if it's empty, Image name will be used
- type: string
- instanceID:
- description: InstanceID is the OpenStack instance
- ID for this machine.
- type: string
- ports:
- description: |-
- Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
- If not specified a default port will be added for the default cluster network.
- items:
- properties:
- adminStateUp:
- type: boolean
- allowedAddressPairs:
- items:
- properties:
- ipAddress:
- type: string
- macAddress:
- type: string
- type: object
- type: array
- description:
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: Specify pairs of subnet and/or
- IP address. These should be subnets of the
- network with the given NetworkID.
- items:
- properties:
- ipAddress:
- type: string
- subnet:
- description: |-
- Subnet is an openstack subnet query that will return the id of a subnet to create
- the fixed IP of a port in. This query must not return more than one subnet.
- properties:
- cidr:
- type: string
- description:
- type: string
- gateway_ip:
- type: string
- id:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RaMode:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- required:
- - subnet
- type: object
- type: array
- hostId:
- description: The ID of the host where the port
- is allocated
- type: string
- macAddress:
- type: string
- nameSuffix:
- description: Used to make the name of the port
- unique. If unspecified, instead the 0-based
- index of the port in the list is used.
- type: string
- network:
- description: |-
- Network is a query for an openstack network that the port will be created or discovered on.
- This will fail if the query returns more than one network.
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding details.
- We intentionally don't expose this as a map[string]string because we only want to enable
- the users to set the values of the keys that are known to work in OpenStack Networking API.
- See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- properties:
- ovsHWOffload:
- description: OVSHWOffload enables or disables
- the OVS hardware offload feature.
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables
- the “trusted mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or
- disables the propagate uplink status on the
- port.
- type: boolean
- securityGroupFilters:
- description: The names, uuids, filters or any
- combination these of the security groups to
- assign to the instance
- items:
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- type: array
- tags:
- description: |-
- Tags applied to the port (and corresponding trunk, if a trunk is configured.)
- These tags are applied in addition to the instance's tags, which will also be applied to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Enables and disables trunk at port
- level. If not provided, openStackMachine.Spec.Trunk
- is inherited.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single
- value_spec key-value pair.
- properties:
- key:
- description: Key is the key in the key-value
- pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the
- key-value pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: The virtual network interface card
- (vNIC) type that is bound to the neutron port.
- type: string
- type: object
- type: array
- providerID:
- description: ProviderID is the unique identifier as
- specified by the cloud provider.
- type: string
- rootVolume:
- description: The volume metadata to boot from
- properties:
- availabilityZone:
- type: string
- diskSize:
- type: integer
- volumeType:
- type: string
- type: object
- securityGroups:
- description: The names of the security groups to assign
- to the instance
- items:
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- type: array
- serverGroupID:
- description: The server group to assign the machine
- to
- type: string
- serverMetadata:
- additionalProperties:
- type: string
- description: Metadata mapping. Allows you to create
- a map of key value pairs to add to the server instance.
- type: object
- sshKeyName:
- description: The ssh key to inject in the instance
- type: string
- tags:
- description: |-
- Machine tags
- Requires Nova api 2.52 minimum!
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Whether the server instance is created
- on a trunk port or not.
- type: boolean
- type: object
- type: object
- cloudName:
- description: The name of the cloud to use from the clouds
- secret
- type: string
- controlPlaneAvailabilityZones:
- description: ControlPlaneAvailabilityZones is the az to deploy
- control plane to
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- controlPlaneEndpoint:
- description: ControlPlaneEndpoint represents the endpoint
- used to communicate with the control plane.
- properties:
- host:
- description: The hostname on which the API server is serving.
- type: string
- port:
- description: The port on which the API server is serving.
- format: int32
- type: integer
- required:
- - host
- - port
- type: object
- controlPlaneOmitAvailabilityZone:
- description: |-
- Indicates whether to omit the az for control plane nodes, allowing the Nova scheduler
- to make a decision on which az to use based on other scheduling constraints
- type: boolean
- disableAPIServerFloatingIP:
- description: |-
- DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
- IP to the API server. This allows for the creation of clusters when attaching a floating
- IP to the API server (and hence, in many cases, exposing the API server to the internet)
- is not possible or desirable, e.g. if using a shared VLAN for communication between
- management and workload clusters or when the management cluster is inside the
- project network.
- This option requires that the API server use a VIP on the cluster network so that the
- underlying machines can change without changing ControlPlaneEndpoint.Host.
- When using a managed load balancer, this VIP will be managed automatically.
- If not using a managed load balancer, cluster configuration will fail without additional
- configuration to manage the VIP on the control plane machines, which falls outside of
- the scope of this controller.
- type: boolean
- disablePortSecurity:
- description: |-
- DisablePortSecurity disables the port security of the network created for the
- Kubernetes cluster, which also disables SecurityGroups
- type: boolean
- dnsNameservers:
- description: |-
- DNSNameservers is the list of nameservers for OpenStack Subnet being created.
- Set this value when you need create a new network/subnet while the access
- through DNS is required.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- externalNetworkId:
- description: |-
- ExternalNetworkID is the ID of an external OpenStack Network. This is necessary
- to get public internet to the VMs.
- type: string
- externalRouterIPs:
- description: |-
- ExternalRouterIPs is an array of externalIPs on the respective subnets.
- This is necessary if the router needs a fixed ip in a specific subnet.
- items:
- properties:
- fixedIP:
- description: The FixedIP in the corresponding subnet
- type: string
- subnet:
- description: The subnet in which the FixedIP is used
- for the Gateway of this router
- properties:
- cidr:
- type: string
- description:
- type: string
- gateway_ip:
- type: string
- id:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RaMode:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- required:
- - subnet
- type: object
- type: array
- identityRef:
- description: IdentityRef is a reference to a identity to be
- used when reconciling this cluster
- properties:
- kind:
- description: |-
- Kind of the identity. Must be supported by the infrastructure
- provider and may be either cluster or namespace-scoped.
- minLength: 1
- type: string
- name:
- description: |-
- Name of the infrastructure identity to be used.
- Must be either a cluster-scoped resource, or namespaced-scoped
- resource the same namespace as the resource(s) being provisioned.
- type: string
- required:
- - kind
- - name
- type: object
- managedSecurityGroups:
- description: |-
- ManagedSecurityGroups determines whether OpenStack security groups for the cluster
- will be managed by the OpenStack provider or whether pre-existing security groups will
- be specified as part of the configuration.
- By default, the managed security groups have rules that allow the Kubelet, etcd, the
- Kubernetes API server and the Calico CNI plugin to function correctly.
- type: boolean
- network:
- description: If NodeCIDR cannot be set this can be used to
- detect an existing network.
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- networkMtu:
- description: |-
- NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
- This value will be used only if the Cluster actuator creates the network.
- If leaved empty, the network will have the default MTU defined in Openstack network service.
- To use this field, the Openstack installation requires the net-mtu neutron API extension.
- type: integer
- nodeCidr:
- description: |-
- NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a
- network, a subnet with NodeCIDR, and a router connected to this subnet.
- If you leave this empty, no network will be created.
- type: string
- router:
- description: |-
- If NodeCIDR is set this option can be used to detect an existing router.
- If specified, no new router will be created.
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- subnet:
- description: If NodeCIDR cannot be set this can be used to
- detect an existing subnet.
- properties:
- cidr:
- type: string
- description:
- type: string
- gateway_ip:
- type: string
- id:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RaMode:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- tags:
- description: Tags for all resources in cluster
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- required:
- - spec
- type: object
- required:
- - template
- type: object
- type: object
- served: false
- storage: false
- - name: v1beta1
- schema:
- openAPIV3Schema:
- description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates
- API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackClusterTemplateSpec defines the desired state of
- OpenStackClusterTemplate.
- properties:
- template:
- description: OpenStackClusterTemplateResource describes the data needed
- to create a OpenStackCluster from a template.
- properties:
- spec:
- description: OpenStackClusterSpec defines the desired state of
- OpenStackCluster.
- properties:
- apiServerFixedIP:
- description: |-
- APIServerFixedIP is the fixed IP which will be associated with the API server.
- In the case where the API server has a floating IP but not a managed load balancer,
- this field is not used.
- If a managed load balancer is used and this field is not specified, a fixed IP will
- be dynamically allocated for the load balancer.
- If a managed load balancer is not used AND the API server floating IP is disabled,
- this field MUST be specified and should correspond to a pre-allocated port that
- holds the fixed IP to be used as a VIP.
- type: string
- apiServerFloatingIP:
- description: |-
- APIServerFloatingIP is the floatingIP which will be associated with the API server.
- The floatingIP will be created if it does not already exist.
- If not specified, a new floatingIP is allocated.
- This field is not used if DisableAPIServerFloatingIP is set to true.
- type: string
- apiServerLoadBalancer:
- description: |-
- APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
- If not specified, no load balancer will be created for the API server.
- properties:
- additionalPorts:
- description: AdditionalPorts adds additional tcp ports
- to the load balancer.
- items:
- type: integer
- type: array
- x-kubernetes-list-type: set
- allowedCIDRs:
- description: AllowedCIDRs restrict access to all API-Server
- listeners to the given address CIDRs.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- availabilityZone:
- description: AvailabilityZone is the failure domain that
- will be used to create the APIServerLoadBalancer Spec.
- type: string
- enabled:
- default: true
- description: |-
- Enabled defines whether a load balancer should be created. This value
- defaults to true if an APIServerLoadBalancer is given.
-
- There is no reason to set this to false. To disable creation of the
- API server loadbalancer, omit the APIServerLoadBalancer field in the
- cluster spec instead.
- type: boolean
- flavor:
- description: Flavor is the flavor name that will be used
- to create the APIServerLoadBalancer Spec.
- type: string
- network:
- description: Network defines which network should the
- load balancer be allocated on.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an
- OpenStack network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use. If
- ID is provided, the other filters cannot be provided.
- Must be in UUID format.
- format: uuid
- type: string
- type: object
- provider:
- description: |-
- Provider specifies name of a specific Octavia provider to use for the
- API load balancer. The Octavia default will be used if it is not
- specified.
- type: string
- subnets:
- description: |-
- Subnets define which subnets should the load balancer be allocated on.
- It is expected that subnets are located on the network specified in this resource.
- Only the first element is taken into account.
- kubebuilder:validation:MaxLength:=2
- items:
- description: SubnetParam specifies an OpenStack subnet
- to use. It may be specified by either ID or filter,
- but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select
- the subnet. It must match exactly one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet. It will
- not be validated.
- format: uuid
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- required:
- - enabled
- type: object
- apiServerPort:
- description: |-
- APIServerPort is the port on which the listener on the APIServer
- will be created. If specified, it must be an integer between 0 and 65535.
- maximum: 65535
- minimum: 0
- type: integer
- bastion:
- description: |-
- Bastion is the OpenStack instance to login the nodes
-
- As a rolling update is not ideal during a bastion host session, we
- prevent changes to a running bastion configuration. To make changes, it's required
- to first set `enabled: false` which will remove the bastion and then changes can be made.
- properties:
- availabilityZone:
- description: AvailabilityZone is the failure domain that
- will be used to create the Bastion Spec.
- type: string
- enabled:
- default: true
- description: |-
- Enabled means that bastion is enabled. The bastion is enabled by
- default if this field is not specified. Set this field to false to disable the
- bastion.
-
- It is not currently possible to remove the bastion from the cluster
- spec without first disabling it by setting this field to false and
- waiting until the bastion has been deleted.
- type: boolean
- floatingIP:
- description: |-
- FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID.
- The floating IP should already exist and should not be associated with a port. If FIP of this address does not
- exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so.
- format: ipv4
- type: string
- spec:
- description: Spec for the bastion itself
- properties:
- additionalBlockDevices:
- description: AdditionalBlockDevices is a list of specifications
- for additional block devices to attach to the server
- instance
- items:
- description: AdditionalBlockDevice is a block device
- to attach to the server.
- properties:
- name:
- description: |-
- Name of the block device in the context of a machine.
- If the block device is a volume, the Cinder volume will be named
- as a combination of the machine name and this name.
- Also, this name will be used for tagging the block device.
- Information about the block device tag can be obtained from the OpenStack
- metadata API or the config drive.
- Name cannot be 'root', which is reserved for the root volume.
- type: string
- sizeGiB:
- description: SizeGiB is the size of the block
- device in gibibytes (GiB).
- minimum: 1
- type: integer
- storage:
- description: |-
- Storage specifies the storage type of the block device and
- additional storage options.
- properties:
- type:
- description: |-
- Type is the type of block device to create.
- This can be either "Volume" or "Local".
- type: string
- volume:
- description: Volume contains additional
- storage options for a volume block device.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from
- is 'Name' or default
- rule: '!has(self.from) || self.from
- == ''Name'' ? has(self.name) : !has(self.name)'
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- type: object
- required:
- - type
- type: object
- required:
- - name
- - sizeGiB
- - storage
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- configDrive:
- description: Config Drive support
- type: boolean
- flavor:
- description: The flavor reference for the flavor for
- your server instance.
- minLength: 1
- type: string
- flavorID:
- description: |-
- FlavorID allows flavors to be specified by ID. This field takes precedence
- over Flavor.
- minLength: 1
- type: string
- floatingIPPoolRef:
- description: |-
- floatingIPPoolRef is a reference to a IPPool that will be assigned
- to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
- will be assigned to the OpenStackMachine.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being
- referenced
- type: string
- name:
- description: Name is the name of resource being
- referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- identityRef:
- description: |-
- IdentityRef is a reference to a secret holding OpenStack credentials
- to be used when reconciling this machine. If not specified, the
- credentials specified in the cluster will be used.
- properties:
- cloudName:
- description: CloudName specifies the name of the
- entry in the clouds.yaml file to use.
- type: string
- name:
- description: |-
- Name is the name of a secret in the same namespace as the resource being provisioned.
- The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
- The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
- type: string
- region:
- description: |-
- Region specifies an OpenStack region to use. If specified, it overrides
- any value in clouds.yaml. If specified for an OpenStackMachine, its
- value will be included in providerID.
- type: string
- required:
- - cloudName
- - name
- type: object
- x-kubernetes-validations:
- - message: region is immutable
- rule: (!has(self.region) && !has(oldSelf.region))
- || self.region == oldSelf.region
- image:
- description: |-
- The image to use for your server instance.
- If the rootVolume is specified, this will be used when creating the root volume.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: |-
- Filter describes a query for an image. If specified, the combination
- of name and tags must return a single matching image or an error will
- be raised.
- minProperties: 1
- properties:
- name:
- description: The name of the desired image.
- If specified, the combination of name and
- tags must return a single matching image
- or an error will be raised.
- type: string
- tags:
- description: The tags associated with the
- desired image. If specified, the combination
- of name and tags must return a single matching
- image or an error will be raised.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the image. ID will
- not be validated before use.
- format: uuid
- type: string
- imageRef:
- description: |-
- ImageRef is a reference to an ORC Image in the same namespace as the
- referring object.
- properties:
- name:
- description: Name is the name of the referenced
- resource
- type: string
- required:
- - name
- type: object
- type: object
- ports:
- description: |-
- Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
- If not specified a default port will be added for the default cluster network.
- items:
- properties:
- adminStateUp:
- description: AdminStateUp specifies whether
- the port should be created in the up (true)
- or down (false) state. The default is up.
- type: boolean
- allowedAddressPairs:
- description: |-
- AllowedAddressPairs is a list of address pairs which Neutron will
- allow the port to send traffic from in addition to the port's
- addresses. If not specified, the MAC Address will be the MAC Address
- of the port. Depending on the configuration of Neutron, it may be
- supported to specify a CIDR instead of a specific IP address.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is the IP address of the allowed address pair. Depending on
- the configuration of Neutron, it may be supported to specify a CIDR
- instead of a specific IP address.
- type: string
- macAddress:
- description: |-
- MACAddress is the MAC address of the allowed address pair. If not
- specified, the MAC address will be the MAC address of the port.
- type: string
- required:
- - ipAddress
- type: object
- type: array
- description:
- description: Description is a human-readable
- description for the port.
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: FixedIPs is a list of pairs of
- subnet and/or IP address to assign to the
- port. If specified, these must be subnets
- of the port's network.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is a specific IP address to assign to the port. If Subnet
- is also specified, IPAddress must be a valid IP address in the
- subnet. If Subnet is not specified, IPAddress must be a valid IP
- address in any subnet of the port's network.
- type: string
- subnet:
- description: |-
- Subnet is an openstack subnet query that will return the id of a subnet to create
- the fixed IP of a port in. This query must not return more than one subnet.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter
- to select the subnet. It must match
- exactly one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the
- subnet. It will not be validated.
- format: uuid
- type: string
- type: object
- type: object
- type: array
- x-kubernetes-list-type: atomic
- hostID:
- description: HostID specifies the ID of the
- host where the port resides.
- type: string
- macAddress:
- description: MACAddress specifies the MAC address
- of the port. If not specified, the MAC address
- will be generated.
- type: string
- nameSuffix:
- description: NameSuffix will be appended to
- the name of the port if specified. If unspecified,
- instead the 0-based index of the port in the
- list is used.
- type: string
- network:
- description: |-
- Network is a query for an openstack network that the port will be created or discovered on.
- This will fail if the query returns more than one network.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to
- select an OpenStack network. If provided,
- cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network
- to use. If ID is provided, the other filters
- cannot be provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding
- details. We intentionally don't expose this as a map[string]string
- because we only want to enable the users to set the values of the
- keys that are known to work in OpenStack Networking API. See
- https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- To set profiles, your tenant needs permissions rule:create_port, and
- rule:create_port:binding:profile
- properties:
- ovsHWOffload:
- description: |-
- OVSHWOffload enables or disables the OVS hardware offload feature.
- This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
- See: https://bugs.launchpad.net/nova/+bug/2020813
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables
- the “trusted mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or
- disables the propagate uplink status on the
- port.
- type: boolean
- securityGroups:
- description: SecurityGroups is a list of the
- names, uuids, filters or any combination these
- of the security groups to assign to the instance.
- items:
- description: SecurityGroupParam specifies
- an OpenStack security group. It may be specified
- by ID or filter, but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query
- to select an OpenStack security group.
- If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security
- group to use. If ID is provided, the
- other filters cannot be provided. Must
- be in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: |-
- Tags applied to the port (and corresponding trunk, if a trunk is configured.)
- These tags are applied in addition to the instance's tags, which will also be applied to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: |-
- Trunk specifies whether trunking is enabled at the port level. If not
- provided the value is inherited from the machine, or false for a
- bastion host.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single
- value_spec key-value pair.
- properties:
- key:
- description: Key is the key in the key-value
- pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the
- key-value pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: |-
- VNICType specifies the type of vNIC which this port should be
- attached to. This is used to determine which mechanism driver(s) to
- be used to bind the port. The valid values are normal, macvtap,
- direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
- remote-managed, although these values will not be validated in this
- API to ensure compatibility with future neutron changes or custom
- implementations. What type of vNIC is actually available depends on
- deployments. If not specified, the Neutron default value is used.
- type: string
- type: object
- type: array
- providerID:
- description: ProviderID is the unique identifier as
- specified by the cloud provider.
- type: string
- rootVolume:
- description: The volume metadata to boot from
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from is 'Name'
- or default
- rule: '!has(self.from) || self.from == ''Name''
- ? has(self.name) : !has(self.name)'
- sizeGiB:
- description: SizeGiB is the size of the block
- device in gibibytes (GiB).
- minimum: 1
- type: integer
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- required:
- - sizeGiB
- type: object
- schedulerHintAdditionalProperties:
- description: |-
- SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
- to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
- such as specifying certain host aggregates or availability zones.
- items:
- description: |-
- SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
- It includes a Name to identify the property and a Value that can be of various types.
- properties:
- name:
- description: |-
- Name is the name of the scheduler hint property.
- It is a unique identifier for the property.
- minLength: 1
- type: string
- value:
- description: |-
- Value is the value of the scheduler hint property, which can be of various types
- (e.g., bool, string, int). The type is indicated by the Value.Type field.
- properties:
- bool:
- description: |-
- Bool is the boolean value of the scheduler hint, used when Type is "Bool".
- This field is required if type is 'Bool', and must not be set otherwise.
- type: boolean
- number:
- description: |-
- Number is the integer value of the scheduler hint, used when Type is "Number".
- This field is required if type is 'Number', and must not be set otherwise.
- type: integer
- string:
- description: |-
- String is the string value of the scheduler hint, used when Type is "String".
- This field is required if type is 'String', and must not be set otherwise.
- maxLength: 255
- minLength: 1
- type: string
- type:
- description: |-
- Type represents the type of the value.
- Valid values are Bool, String, and Number.
- enum:
- - Bool
- - String
- - Number
- type: string
- required:
- - type
- type: object
- x-kubernetes-validations:
- - message: bool is required when type is Bool,
- and forbidden otherwise
- rule: 'has(self.type) && self.type == ''Bool''
- ? has(self.bool) : !has(self.bool)'
- - message: number is required when type is Number,
- and forbidden otherwise
- rule: 'has(self.type) && self.type == ''Number''
- ? has(self.number) : !has(self.number)'
- - message: string is required when type is String,
- and forbidden otherwise
- rule: 'has(self.type) && self.type == ''String''
- ? has(self.string) : !has(self.string)'
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityGroups:
- description: The names of the security groups to assign
- to the instance
- items:
- description: SecurityGroupParam specifies an OpenStack
- security group. It may be specified by ID or filter,
- but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select
- an OpenStack security group. If provided,
- cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security group
- to use. If ID is provided, the other filters
- cannot be provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- serverGroup:
- description: The server group to assign the machine
- to.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select
- an OpenStack server group. If provided, it cannot
- be empty.
- minProperties: 1
- properties:
- name:
- description: Name is the name of a server
- group to look for.
- type: string
- type: object
- id:
- description: ID is the ID of the server group
- to use.
- format: uuid
- type: string
- type: object
- serverMetadata:
- description: Metadata mapping. Allows you to create
- a map of key value pairs to add to the server instance.
- items:
- properties:
- key:
- description: Key is the server metadata key
- maxLength: 255
- type: string
- value:
- description: Value is the server metadata value
- maxLength: 255
- type: string
- required:
- - key
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - key
- x-kubernetes-list-type: map
- sshKeyName:
- description: The ssh key to inject in the instance
- type: string
- tags:
- description: |-
- Tags which will be added to the machine and all dependent resources
- which support them. These are in addition to Tags defined on the
- cluster.
- Requires Nova api 2.52 minimum!
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Whether the server instance is created
- on a trunk port or not.
- type: boolean
- required:
- - image
- type: object
- x-kubernetes-validations:
- - message: at least one of flavor or flavorID must be
- set
- rule: (has(self.flavor) || has(self.flavorID))
- type: object
- x-kubernetes-validations:
- - message: spec is required if bastion is enabled
- rule: '!self.enabled || has(self.spec)'
- controlPlaneAvailabilityZones:
- description: |-
- ControlPlaneAvailabilityZones is the set of availability zones which
- control plane machines may be deployed to.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- controlPlaneEndpoint:
- description: |-
- ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
- It is normally populated automatically by the OpenStackCluster
- controller during cluster provisioning. If it is set on creation the
- control plane endpoint will use the values set here in preference to
- values set elsewhere.
- ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set.
- properties:
- host:
- description: The hostname on which the API server is serving.
- type: string
- port:
- description: The port on which the API server is serving.
- format: int32
- type: integer
- required:
- - host
- - port
- type: object
- controlPlaneOmitAvailabilityZone:
- description: |-
- ControlPlaneOmitAvailabilityZone causes availability zone to be
- omitted when creating control plane nodes, allowing the Nova
- scheduler to make a decision on which availability zone to use based
- on other scheduling constraints
- type: boolean
- disableAPIServerFloatingIP:
- description: |-
- DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
- IP to the API server. This allows for the creation of clusters when attaching a floating
- IP to the API server (and hence, in many cases, exposing the API server to the internet)
- is not possible or desirable, e.g. if using a shared VLAN for communication between
- management and workload clusters or when the management cluster is inside the
- project network.
- This option requires that the API server use a VIP on the cluster network so that the
- underlying machines can change without changing ControlPlaneEndpoint.Host.
- When using a managed load balancer, this VIP will be managed automatically.
- If not using a managed load balancer, cluster configuration will fail without additional
- configuration to manage the VIP on the control plane machines, which falls outside of
- the scope of this controller.
- type: boolean
- disableExternalNetwork:
- description: |-
- DisableExternalNetwork specifies whether or not to attempt to connect the cluster
- to an external network. This allows for the creation of clusters when connecting
- to an external network is not possible or desirable, e.g. if using a provider network.
- type: boolean
- disablePortSecurity:
- description: |-
- DisablePortSecurity disables the port security of the network created for the
- Kubernetes cluster, which also disables SecurityGroups
- type: boolean
- externalNetwork:
- description: |-
- ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs.
- This option is ignored if DisableExternalNetwork is set to true.
-
- If ExternalNetwork is defined it must refer to exactly one external network.
-
- If ExternalNetwork is not defined or is empty the controller will use any
- existing external network as long as there is only one. It is an
- error if ExternalNetwork is not defined and there are multiple
- external networks unless DisableExternalNetwork is also set.
-
- If ExternalNetwork is not defined and there are no external networks
- the controller will proceed as though DisableExternalNetwork was set.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use. If ID
- is provided, the other filters cannot be provided. Must
- be in UUID format.
- format: uuid
- type: string
- type: object
- externalRouterIPs:
- description: |-
- ExternalRouterIPs is an array of externalIPs on the respective subnets.
- This is necessary if the router needs a fixed ip in a specific subnet.
- items:
- properties:
- fixedIP:
- description: The FixedIP in the corresponding subnet
- type: string
- subnet:
- description: The subnet in which the FixedIP is used
- for the Gateway of this router
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select
- the subnet. It must match exactly one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet. It will
- not be validated.
- format: uuid
- type: string
- type: object
- required:
- - subnet
- type: object
- type: array
- x-kubernetes-list-type: atomic
- identityRef:
- description: |-
- IdentityRef is a reference to a secret holding OpenStack credentials
- to be used when reconciling this cluster. It is also to reconcile
- machines unless overridden in the machine spec.
- properties:
- cloudName:
- description: CloudName specifies the name of the entry
- in the clouds.yaml file to use.
- type: string
- name:
- description: |-
- Name is the name of a secret in the same namespace as the resource being provisioned.
- The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
- The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
- type: string
- region:
- description: |-
- Region specifies an OpenStack region to use. If specified, it overrides
- any value in clouds.yaml. If specified for an OpenStackMachine, its
- value will be included in providerID.
- type: string
- required:
- - cloudName
- - name
- type: object
- x-kubernetes-validations:
- - message: region is immutable
- rule: (!has(self.region) && !has(oldSelf.region)) || self.region
- == oldSelf.region
- managedSecurityGroups:
- description: |-
- ManagedSecurityGroups determines whether OpenStack security groups for the cluster
- will be managed by the OpenStack provider or whether pre-existing security groups will
- be specified as part of the configuration.
- By default, the managed security groups have rules that allow the Kubelet, etcd, and the
- Kubernetes API server to function correctly.
- It's possible to add additional rules to the managed security groups.
- When defined to an empty struct, the managed security groups will be created with the default rules.
- properties:
- allNodesSecurityGroupRules:
- description: allNodesSecurityGroupRules defines the rules
- that should be applied to all nodes.
- items:
- description: |-
- SecurityGroupRuleSpec represent the basic information of the associated OpenStack
- Security Group Role.
- For now this is only used for the allNodesSecurityGroupRules but when we add
- other security groups, we'll need to add a validation because
- Remote* fields are mutually exclusive.
- properties:
- description:
- description: description of the security group rule.
- type: string
- direction:
- description: |-
- direction in which the security group rule is applied. The only values
- allowed are "ingress" or "egress". For a compute instance, an ingress
- security group rule is applied to incoming (ingress) traffic for that
- instance. An egress rule is applied to traffic leaving the instance.
- type: string
- etherType:
- description: |-
- etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
- ingress or egress rules.
- type: string
- name:
- description: |-
- name of the security group rule.
- It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
- type: string
- portRangeMax:
- description: |-
- portRangeMax is a number in the range that is matched by the security group
- rule. The portRangeMin attribute constrains the portRangeMax attribute.
- type: integer
- portRangeMin:
- description: |-
- portRangeMin is a number in the range that is matched by the security group
- rule. If the protocol is TCP or UDP, this value must be less than or equal
- to the value of the portRangeMax attribute.
- type: integer
- protocol:
- description: protocol is the protocol that is matched
- by the security group rule.
- type: string
- remoteGroupID:
- description: |-
- remoteGroupID is the remote group ID to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteIPPrefix:
- description: |-
- remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteManagedGroups:
- description: |-
- remoteManagedGroups is the remote managed groups to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- items:
- enum:
- - bastion
- - controlplane
- - worker
- type: string
- type: array
- required:
- - direction
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- allowAllInClusterTraffic:
- default: false
- description: AllowAllInClusterTraffic allows all ingress
- and egress traffic between cluster nodes when set to
- true.
- type: boolean
- controlPlaneNodesSecurityGroupRules:
- description: controlPlaneNodesSecurityGroupRules defines
- the rules that should be applied to control plane nodes.
- items:
- description: |-
- SecurityGroupRuleSpec represent the basic information of the associated OpenStack
- Security Group Role.
- For now this is only used for the allNodesSecurityGroupRules but when we add
- other security groups, we'll need to add a validation because
- Remote* fields are mutually exclusive.
- properties:
- description:
- description: description of the security group rule.
- type: string
- direction:
- description: |-
- direction in which the security group rule is applied. The only values
- allowed are "ingress" or "egress". For a compute instance, an ingress
- security group rule is applied to incoming (ingress) traffic for that
- instance. An egress rule is applied to traffic leaving the instance.
- type: string
- etherType:
- description: |-
- etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
- ingress or egress rules.
- type: string
- name:
- description: |-
- name of the security group rule.
- It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
- type: string
- portRangeMax:
- description: |-
- portRangeMax is a number in the range that is matched by the security group
- rule. The portRangeMin attribute constrains the portRangeMax attribute.
- type: integer
- portRangeMin:
- description: |-
- portRangeMin is a number in the range that is matched by the security group
- rule. If the protocol is TCP or UDP, this value must be less than or equal
- to the value of the portRangeMax attribute.
- type: integer
- protocol:
- description: protocol is the protocol that is matched
- by the security group rule.
- type: string
- remoteGroupID:
- description: |-
- remoteGroupID is the remote group ID to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteIPPrefix:
- description: |-
- remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteManagedGroups:
- description: |-
- remoteManagedGroups is the remote managed groups to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- items:
- enum:
- - bastion
- - controlplane
- - worker
- type: string
- type: array
- required:
- - direction
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- workerNodesSecurityGroupRules:
- description: workerNodesSecurityGroupRules defines the
- rules that should be applied to worker nodes.
- items:
- description: |-
- SecurityGroupRuleSpec represent the basic information of the associated OpenStack
- Security Group Role.
- For now this is only used for the allNodesSecurityGroupRules but when we add
- other security groups, we'll need to add a validation because
- Remote* fields are mutually exclusive.
- properties:
- description:
- description: description of the security group rule.
- type: string
- direction:
- description: |-
- direction in which the security group rule is applied. The only values
- allowed are "ingress" or "egress". For a compute instance, an ingress
- security group rule is applied to incoming (ingress) traffic for that
- instance. An egress rule is applied to traffic leaving the instance.
- type: string
- etherType:
- description: |-
- etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
- ingress or egress rules.
- type: string
- name:
- description: |-
- name of the security group rule.
- It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
- type: string
- portRangeMax:
- description: |-
- portRangeMax is a number in the range that is matched by the security group
- rule. The portRangeMin attribute constrains the portRangeMax attribute.
- type: integer
- portRangeMin:
- description: |-
- portRangeMin is a number in the range that is matched by the security group
- rule. If the protocol is TCP or UDP, this value must be less than or equal
- to the value of the portRangeMax attribute.
- type: integer
- protocol:
- description: protocol is the protocol that is matched
- by the security group rule.
- type: string
- remoteGroupID:
- description: |-
- remoteGroupID is the remote group ID to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteIPPrefix:
- description: |-
- remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- type: string
- remoteManagedGroups:
- description: |-
- remoteManagedGroups is the remote managed groups to be associated with this security group rule.
- You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
- items:
- enum:
- - bastion
- - controlplane
- - worker
- type: string
- type: array
- required:
- - direction
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- required:
- - allowAllInClusterTraffic
- type: object
- managedSubnets:
- description: |-
- ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network,
- subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4
- subnet is supported. If you leave this empty, no network will be created.
- items:
- properties:
- allocationPools:
- description: |-
- AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created.
- If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from
- outside of these ranges manually.
- items:
- properties:
- end:
- description: End represents the end of the AlloctionPool,
- that is the highest IP of the pool.
- type: string
- start:
- description: Start represents the start of the
- AllocationPool, that is the lowest IP of the
- pool.
- type: string
- required:
- - end
- - start
- type: object
- type: array
- cidr:
- description: |-
- CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24.
- This field is required when defining a subnet.
- type: string
- dnsNameservers:
- description: |-
- DNSNameservers holds a list of DNS server addresses that will be provided when creating
- the subnet. These addresses need to have the same IP version as CIDR.
- items:
- type: string
- type: array
- required:
- - cidr
- type: object
- maxItems: 1
- type: array
- x-kubernetes-list-type: atomic
- network:
- description: |-
- Network specifies an existing network to use if no ManagedSubnets
- are specified.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use. If ID
- is provided, the other filters cannot be provided. Must
- be in UUID format.
- format: uuid
- type: string
- type: object
- networkMTU:
- description: |-
- NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
- This value will be used only if the Cluster actuator creates the network.
- If left empty, the network will have the default MTU defined in Openstack network service.
- To use this field, the Openstack installation requires the net-mtu neutron API extension.
- type: integer
- router:
- description: |-
- Router specifies an existing router to be used if ManagedSubnets are
- specified. If specified, no new router will be created.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- router. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the router to use. If ID
- is provided, the other filters cannot be provided. Must
- be in UUID format.
- format: uuid
- type: string
- type: object
- subnets:
- description: |-
- Subnets specifies existing subnets to use if not ManagedSubnets are
- specified. All subnets must be in the network specified by Network.
- There can be zero, one, or two subnets. If no subnets are specified,
- all subnets in Network will be used. If 2 subnets are specified, one
- must be IPv4 and the other IPv6.
- items:
- description: SubnetParam specifies an OpenStack subnet to
- use. It may be specified by either ID or filter, but not
- both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select the
- subnet. It must match exactly one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet. It will not
- be validated.
- format: uuid
- type: string
- type: object
- maxItems: 2
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: Tags to set on all resources in cluster which
- support tags
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- required:
- - identityRef
- type: object
- x-kubernetes-validations:
- - message: bastion floating IP cannot be set when disableExternalNetwork
- is true
- rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
- ? !has(self.bastion) || !has(self.bastion.floatingIP) : true'
- - message: disableAPIServerFloatingIP cannot be false when disableExternalNetwork
- is true
- rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
- ? has(self.disableAPIServerFloatingIP) && self.disableAPIServerFloatingIP
- : true'
- required:
- - spec
- type: object
- required:
- - template
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.5
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: openstackfloatingippools.infrastructure.cluster.x-k8s.io
-spec:
- group: infrastructure.cluster.x-k8s.io
- names:
- kind: OpenStackFloatingIPPool
- listKind: OpenStackFloatingIPPoolList
- plural: openstackfloatingippools
- singular: openstackfloatingippool
- scope: Namespaced
- versions:
- - name: v1alpha1
- schema:
- openAPIV3Schema:
- description: OpenStackFloatingIPPool is the Schema for the openstackfloatingippools
- API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackFloatingIPPoolSpec defines the desired state of
- OpenStackFloatingIPPool.
- properties:
- floatingIPNetwork:
- description: FloatingIPNetwork is the external network to use for
- floating ips, if there's only one external network it will be used
- by default
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use. If ID is provided,
- the other filters cannot be provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- identityRef:
- description: IdentityRef is a reference to a identity to be used when
- reconciling this pool.
- properties:
- cloudName:
- description: CloudName specifies the name of the entry in the
- clouds.yaml file to use.
- type: string
- name:
- description: |-
- Name is the name of a secret in the same namespace as the resource being provisioned.
- The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
- The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
- type: string
- region:
- description: |-
- Region specifies an OpenStack region to use. If specified, it overrides
- any value in clouds.yaml. If specified for an OpenStackMachine, its
- value will be included in providerID.
- type: string
- required:
- - cloudName
- - name
- type: object
- x-kubernetes-validations:
- - message: region is immutable
- rule: (!has(self.region) && !has(oldSelf.region)) || self.region
- == oldSelf.region
- maxIPs:
- description: |-
- MaxIPs is the maximum number of floating ips that can be allocated from this pool, if nil there is no limit.
- If set, the pool will stop allocating floating ips when it reaches this number of ClaimedIPs.
- type: integer
- preAllocatedFloatingIPs:
- description: |-
- PreAllocatedFloatingIPs is a list of floating IPs precreated in OpenStack that should be used by this pool.
- These are used before allocating new ones and are not deleted from OpenStack when the pool is deleted.
- items:
- type: string
- type: array
- reclaimPolicy:
- description: The stratergy to use for reclaiming floating ips when
- they are released from a machine
- enum:
- - Retain
- - Delete
- type: string
- required:
- - identityRef
- - reclaimPolicy
- type: object
- status:
- description: OpenStackFloatingIPPoolStatus defines the observed state
- of OpenStackFloatingIPPool.
- properties:
- availableIPs:
- default: []
- items:
- type: string
- type: array
- claimedIPs:
- default: []
- items:
- type: string
- type: array
- conditions:
- description: Conditions provide observations of the operational state
- of a Cluster API resource.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- failedIPs:
- description: FailedIPs contains a list of floating ips that failed
- to be allocated
- items:
- type: string
- type: array
- floatingIPNetwork:
- description: floatingIPNetwork contains information about the network
- used for floating ips
- properties:
- id:
- type: string
- name:
- type: string
- tags:
- items:
- type: string
- type: array
- required:
- - id
- - name
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.5
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: openstackmachines.infrastructure.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capo-webhook-service
- namespace: capo-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: infrastructure.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: OpenStackMachine
- listKind: OpenStackMachineList
- plural: openstackmachines
- shortNames:
- - osm
- singular: openstackmachine
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Cluster to which this OpenStackMachine belongs
- jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
- name: Cluster
- type: string
- - description: OpenStack instance state
- jsonPath: .status.instanceState
- name: InstanceState
- type: string
- - description: Machine ready status
- jsonPath: .status.ready
- name: Ready
- type: string
- - description: OpenStack instance ID
- jsonPath: .spec.providerID
- name: ProviderID
- type: string
- - description: Machine object which owns with this OpenStackMachine
- jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
- name: Machine
- type: string
- - description: Time duration since creation of OpenStackMachine
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- deprecated: true
- deprecationWarning: The v1alpha7 version of OpenStackMachine has been deprecated
- and will be removed in a future release.
- name: v1alpha7
- schema:
- openAPIV3Schema:
- description: |-
- OpenStackMachine is the Schema for the openstackmachines API.
-
- Deprecated: v1alpha7.OpenStackMachine has been replaced by v1beta1.OpenStackMachine.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
- properties:
- additionalBlockDevices:
- description: AdditionalBlockDevices is a list of specifications for
- additional block devices to attach to the server instance
- items:
- description: AdditionalBlockDevice is a block device to attach to
- the server.
- properties:
- name:
- description: |-
- Name of the block device in the context of a machine.
- If the block device is a volume, the Cinder volume will be named
- as a combination of the machine name and this name.
- Also, this name will be used for tagging the block device.
- Information about the block device tag can be obtained from the OpenStack
- metadata API or the config drive.
- type: string
- sizeGiB:
- description: SizeGiB is the size of the block device in gibibytes
- (GiB).
- type: integer
- storage:
- description: |-
- Storage specifies the storage type of the block device and
- additional storage options.
- properties:
- type:
- description: |-
- Type is the type of block device to create.
- This can be either "Volume" or "Local".
- type: string
- volume:
- description: Volume contains additional storage options
- for a volume block device.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume in.
- If omitted, the availability zone of the server will be used.
- The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
- to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
- further information.
- type: string
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- type: object
- required:
- - type
- type: object
- required:
- - name
- - sizeGiB
- - storage
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- cloudName:
- description: The name of the cloud to use from the clouds secret
- type: string
- configDrive:
- description: Config Drive support
- type: boolean
- flavor:
- description: The flavor reference for the flavor for your server instance.
- minLength: 1
- type: string
- flavorID:
- description: |-
- FlavorID allows flavors to be specified by ID. This field takes precedence
- over Flavor.
- minLength: 1
- type: string
- floatingIP:
- description: |-
- The floatingIP which will be associated to the machine, only used for master.
- The floatingIP should have been created and haven't been associated.
- type: string
- identityRef:
- description: |-
- IdentityRef is a reference to a identity to be used when reconciling this cluster.
- If not specified, the identity ref of the cluster will be used instead.
- properties:
- kind:
- description: |-
- Kind of the identity. Must be supported by the infrastructure
- provider and may be either cluster or namespace-scoped.
- minLength: 1
- type: string
- name:
- description: |-
- Name of the infrastructure identity to be used.
- Must be either a cluster-scoped resource, or namespaced-scoped
- resource the same namespace as the resource(s) being provisioned.
- type: string
- required:
- - kind
- - name
- type: object
- image:
- description: |-
- The name of the image to use for your server instance.
- If the RootVolume is specified, this will be ignored and use rootVolume directly.
- type: string
- imageUUID:
- description: |-
- The uuid of the image to use for your server instance.
- if it's empty, Image name will be used
- type: string
- instanceID:
- description: InstanceID is the OpenStack instance ID for this machine.
- type: string
- ports:
- description: |-
- Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
- If not specified a default port will be added for the default cluster network.
- items:
- properties:
- adminStateUp:
- type: boolean
- allowedAddressPairs:
- items:
- properties:
- ipAddress:
- type: string
- macAddress:
- type: string
- type: object
- type: array
- description:
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: Specify pairs of subnet and/or IP address. These
- should be subnets of the network with the given NetworkID.
- items:
- properties:
- ipAddress:
- type: string
- subnet:
- description: |-
- Subnet is an openstack subnet query that will return the id of a subnet to create
- the fixed IP of a port in. This query must not return more than one subnet.
- properties:
- cidr:
- type: string
- description:
- type: string
- gateway_ip:
- type: string
- id:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RaMode:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- required:
- - subnet
- type: object
- type: array
- hostId:
- description: The ID of the host where the port is allocated
- type: string
- macAddress:
- type: string
- nameSuffix:
- description: Used to make the name of the port unique. If unspecified,
- instead the 0-based index of the port in the list is used.
- type: string
- network:
- description: |-
- Network is a query for an openstack network that the port will be created or discovered on.
- This will fail if the query returns more than one network.
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding details.
- We intentionally don't expose this as a map[string]string because we only want to enable
- the users to set the values of the keys that are known to work in OpenStack Networking API.
- See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- properties:
- ovsHWOffload:
- description: OVSHWOffload enables or disables the OVS hardware
- offload feature.
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables the propagate
- uplink status on the port.
- type: boolean
- securityGroupFilters:
- description: The names, uuids, filters or any combination these
- of the security groups to assign to the instance
- items:
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- type: array
- tags:
- description: |-
- Tags applied to the port (and corresponding trunk, if a trunk is configured.)
- These tags are applied in addition to the instance's tags, which will also be applied to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Enables and disables trunk at port level. If not
- provided, openStackMachine.Spec.Trunk is inherited.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec key-value
- pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: The virtual network interface card (vNIC) type
- that is bound to the neutron port.
- type: string
- type: object
- type: array
- providerID:
- description: ProviderID is the unique identifier as specified by the
- cloud provider.
- type: string
- rootVolume:
- description: The volume metadata to boot from
- properties:
- availabilityZone:
- type: string
- diskSize:
- type: integer
- volumeType:
- type: string
- type: object
- securityGroups:
- description: The names of the security groups to assign to the instance
- items:
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- type: array
- serverGroupID:
- description: The server group to assign the machine to
- type: string
- serverMetadata:
- additionalProperties:
- type: string
- description: Metadata mapping. Allows you to create a map of key value
- pairs to add to the server instance.
- type: object
- sshKeyName:
- description: The ssh key to inject in the instance
- type: string
- tags:
- description: |-
- Machine tags
- Requires Nova api 2.52 minimum!
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Whether the server instance is created on a trunk port
- or not.
- type: boolean
- type: object
- status:
- description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
- properties:
- addresses:
- description: Addresses contains the OpenStack instance associated
- addresses.
- items:
- description: NodeAddress contains information for the node's address.
- properties:
- address:
- description: The node address.
- type: string
- type:
- description: Node address type, one of Hostname, ExternalIP
- or InternalIP.
- type: string
- required:
- - address
- - type
- type: object
- type: array
- conditions:
- description: Conditions provide observations of the operational state
- of a Cluster API resource.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- FailureMessage will be set in the event that there is a terminal problem
- reconciling the Machine and will contain a more verbose string suitable
- for logging and human consumption.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the Machine's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the Machine object and/or logged in the
- controller's output.
- type: string
- failureReason:
- description: DeprecatedCAPIMachineStatusError defines errors states
- for Machine objects.
- type: string
- instanceState:
- description: InstanceState is the state of the OpenStack instance
- for this machine.
- type: string
- ready:
- description: Ready is true when the provider resource is ready.
- type: boolean
- type: object
- type: object
- served: false
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - description: Cluster to which this OpenStackMachine belongs
- jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
- name: Cluster
- type: string
- - description: Machine ready status
- jsonPath: .status.ready
- name: Ready
- type: string
- - description: OpenStack instance ID
- jsonPath: .spec.providerID
- name: ProviderID
- type: string
- - description: Machine object which owns with this OpenStackMachine
- jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
- name: Machine
- type: string
- - description: Time duration since creation of OpenStackMachine
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: OpenStackMachine is the Schema for the openstackmachines API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
- properties:
- additionalBlockDevices:
- description: AdditionalBlockDevices is a list of specifications for
- additional block devices to attach to the server instance
- items:
- description: AdditionalBlockDevice is a block device to attach to
- the server.
- properties:
- name:
- description: |-
- Name of the block device in the context of a machine.
- If the block device is a volume, the Cinder volume will be named
- as a combination of the machine name and this name.
- Also, this name will be used for tagging the block device.
- Information about the block device tag can be obtained from the OpenStack
- metadata API or the config drive.
- Name cannot be 'root', which is reserved for the root volume.
- type: string
- sizeGiB:
- description: SizeGiB is the size of the block device in gibibytes
- (GiB).
- minimum: 1
- type: integer
- storage:
- description: |-
- Storage specifies the storage type of the block device and
- additional storage options.
- properties:
- type:
- description: |-
- Type is the type of block device to create.
- This can be either "Volume" or "Local".
- type: string
- volume:
- description: Volume contains additional storage options
- for a volume block device.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from is 'Name' or default
- rule: '!has(self.from) || self.from == ''Name'' ?
- has(self.name) : !has(self.name)'
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- type: object
- required:
- - type
- type: object
- required:
- - name
- - sizeGiB
- - storage
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- configDrive:
- description: Config Drive support
- type: boolean
- flavor:
- description: The flavor reference for the flavor for your server instance.
- minLength: 1
- type: string
- flavorID:
- description: |-
- FlavorID allows flavors to be specified by ID. This field takes precedence
- over Flavor.
- minLength: 1
- type: string
- floatingIPPoolRef:
- description: |-
- floatingIPPoolRef is a reference to a IPPool that will be assigned
- to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
- will be assigned to the OpenStackMachine.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- identityRef:
- description: |-
- IdentityRef is a reference to a secret holding OpenStack credentials
- to be used when reconciling this machine. If not specified, the
- credentials specified in the cluster will be used.
- properties:
- cloudName:
- description: CloudName specifies the name of the entry in the
- clouds.yaml file to use.
- type: string
- name:
- description: |-
- Name is the name of a secret in the same namespace as the resource being provisioned.
- The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
- The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
- type: string
- region:
- description: |-
- Region specifies an OpenStack region to use. If specified, it overrides
- any value in clouds.yaml. If specified for an OpenStackMachine, its
- value will be included in providerID.
- type: string
- required:
- - cloudName
- - name
- type: object
- x-kubernetes-validations:
- - message: region is immutable
- rule: (!has(self.region) && !has(oldSelf.region)) || self.region
- == oldSelf.region
- image:
- description: |-
- The image to use for your server instance.
- If the rootVolume is specified, this will be used when creating the root volume.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: |-
- Filter describes a query for an image. If specified, the combination
- of name and tags must return a single matching image or an error will
- be raised.
- minProperties: 1
- properties:
- name:
- description: The name of the desired image. If specified,
- the combination of name and tags must return a single matching
- image or an error will be raised.
- type: string
- tags:
- description: The tags associated with the desired image. If
- specified, the combination of name and tags must return
- a single matching image or an error will be raised.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the image. ID will not be validated
- before use.
- format: uuid
- type: string
- imageRef:
- description: |-
- ImageRef is a reference to an ORC Image in the same namespace as the
- referring object.
- properties:
- name:
- description: Name is the name of the referenced resource
- type: string
- required:
- - name
- type: object
- type: object
- ports:
- description: |-
- Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
- If not specified a default port will be added for the default cluster network.
- items:
- properties:
- adminStateUp:
- description: AdminStateUp specifies whether the port should
- be created in the up (true) or down (false) state. The default
- is up.
- type: boolean
- allowedAddressPairs:
- description: |-
- AllowedAddressPairs is a list of address pairs which Neutron will
- allow the port to send traffic from in addition to the port's
- addresses. If not specified, the MAC Address will be the MAC Address
- of the port. Depending on the configuration of Neutron, it may be
- supported to specify a CIDR instead of a specific IP address.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is the IP address of the allowed address pair. Depending on
- the configuration of Neutron, it may be supported to specify a CIDR
- instead of a specific IP address.
- type: string
- macAddress:
- description: |-
- MACAddress is the MAC address of the allowed address pair. If not
- specified, the MAC address will be the MAC address of the port.
- type: string
- required:
- - ipAddress
- type: object
- type: array
- description:
- description: Description is a human-readable description for
- the port.
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: FixedIPs is a list of pairs of subnet and/or IP
- address to assign to the port. If specified, these must be
- subnets of the port's network.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is a specific IP address to assign to the port. If Subnet
- is also specified, IPAddress must be a valid IP address in the
- subnet. If Subnet is not specified, IPAddress must be a valid IP
- address in any subnet of the port's network.
- type: string
- subnet:
- description: |-
- Subnet is an openstack subnet query that will return the id of a subnet to create
- the fixed IP of a port in. This query must not return more than one subnet.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select the
- subnet. It must match exactly one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet. It will
- not be validated.
- format: uuid
- type: string
- type: object
- type: object
- type: array
- x-kubernetes-list-type: atomic
- hostID:
- description: HostID specifies the ID of the host where the port
- resides.
- type: string
- macAddress:
- description: MACAddress specifies the MAC address of the port.
- If not specified, the MAC address will be generated.
- type: string
- nameSuffix:
- description: NameSuffix will be appended to the name of the
- port if specified. If unspecified, instead the 0-based index
- of the port in the list is used.
- type: string
- network:
- description: |-
- Network is a query for an openstack network that the port will be created or discovered on.
- This will fail if the query returns more than one network.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use. If ID is
- provided, the other filters cannot be provided. Must be
- in UUID format.
- format: uuid
- type: string
- type: object
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding
- details. We intentionally don't expose this as a map[string]string
- because we only want to enable the users to set the values of the
- keys that are known to work in OpenStack Networking API. See
- https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- To set profiles, your tenant needs permissions rule:create_port, and
- rule:create_port:binding:profile
- properties:
- ovsHWOffload:
- description: |-
- OVSHWOffload enables or disables the OVS hardware offload feature.
- This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
- See: https://bugs.launchpad.net/nova/+bug/2020813
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables the propagate
- uplink status on the port.
- type: boolean
- securityGroups:
- description: SecurityGroups is a list of the names, uuids, filters
- or any combination these of the security groups to assign
- to the instance.
- items:
- description: SecurityGroupParam specifies an OpenStack security
- group. It may be specified by ID or filter, but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack
- security group. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security group to use.
- If ID is provided, the other filters cannot be provided.
- Must be in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: |-
- Tags applied to the port (and corresponding trunk, if a trunk is configured.)
- These tags are applied in addition to the instance's tags, which will also be applied to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: |-
- Trunk specifies whether trunking is enabled at the port level. If not
- provided the value is inherited from the machine, or false for a
- bastion host.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec key-value
- pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: |-
- VNICType specifies the type of vNIC which this port should be
- attached to. This is used to determine which mechanism driver(s) to
- be used to bind the port. The valid values are normal, macvtap,
- direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
- remote-managed, although these values will not be validated in this
- API to ensure compatibility with future neutron changes or custom
- implementations. What type of vNIC is actually available depends on
- deployments. If not specified, the Neutron default value is used.
- type: string
- type: object
- type: array
- providerID:
- description: ProviderID is the unique identifier as specified by the
- cloud provider.
- type: string
- rootVolume:
- description: The volume metadata to boot from
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from is 'Name' or default
- rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
- : !has(self.name)'
- sizeGiB:
- description: SizeGiB is the size of the block device in gibibytes
- (GiB).
- minimum: 1
- type: integer
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- required:
- - sizeGiB
- type: object
- schedulerHintAdditionalProperties:
- description: |-
- SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
- to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
- such as specifying certain host aggregates or availability zones.
- items:
- description: |-
- SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
- It includes a Name to identify the property and a Value that can be of various types.
- properties:
- name:
- description: |-
- Name is the name of the scheduler hint property.
- It is a unique identifier for the property.
- minLength: 1
- type: string
- value:
- description: |-
- Value is the value of the scheduler hint property, which can be of various types
- (e.g., bool, string, int). The type is indicated by the Value.Type field.
- properties:
- bool:
- description: |-
- Bool is the boolean value of the scheduler hint, used when Type is "Bool".
- This field is required if type is 'Bool', and must not be set otherwise.
- type: boolean
- number:
- description: |-
- Number is the integer value of the scheduler hint, used when Type is "Number".
- This field is required if type is 'Number', and must not be set otherwise.
- type: integer
- string:
- description: |-
- String is the string value of the scheduler hint, used when Type is "String".
- This field is required if type is 'String', and must not be set otherwise.
- maxLength: 255
- minLength: 1
- type: string
- type:
- description: |-
- Type represents the type of the value.
- Valid values are Bool, String, and Number.
- enum:
- - Bool
- - String
- - Number
- type: string
- required:
- - type
- type: object
- x-kubernetes-validations:
- - message: bool is required when type is Bool, and forbidden
- otherwise
- rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
- : !has(self.bool)'
- - message: number is required when type is Number, and forbidden
- otherwise
- rule: 'has(self.type) && self.type == ''Number'' ? has(self.number)
- : !has(self.number)'
- - message: string is required when type is String, and forbidden
- otherwise
- rule: 'has(self.type) && self.type == ''String'' ? has(self.string)
- : !has(self.string)'
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityGroups:
- description: The names of the security groups to assign to the instance
- items:
- description: SecurityGroupParam specifies an OpenStack security
- group. It may be specified by ID or filter, but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack
- security group. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security group to use. If ID
- is provided, the other filters cannot be provided. Must be
- in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- serverGroup:
- description: The server group to assign the machine to.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack server
- group. If provided, it cannot be empty.
- minProperties: 1
- properties:
- name:
- description: Name is the name of a server group to look for.
- type: string
- type: object
- id:
- description: ID is the ID of the server group to use.
- format: uuid
- type: string
- type: object
- serverMetadata:
- description: Metadata mapping. Allows you to create a map of key value
- pairs to add to the server instance.
- items:
- properties:
- key:
- description: Key is the server metadata key
- maxLength: 255
- type: string
- value:
- description: Value is the server metadata value
- maxLength: 255
- type: string
- required:
- - key
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - key
- x-kubernetes-list-type: map
- sshKeyName:
- description: The ssh key to inject in the instance
- type: string
- tags:
- description: |-
- Tags which will be added to the machine and all dependent resources
- which support them. These are in addition to Tags defined on the
- cluster.
- Requires Nova api 2.52 minimum!
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Whether the server instance is created on a trunk port
- or not.
- type: boolean
- required:
- - image
- type: object
- x-kubernetes-validations:
- - message: at least one of flavor or flavorID must be set
- rule: (has(self.flavor) || has(self.flavorID))
- status:
- description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
- properties:
- addresses:
- description: Addresses contains the OpenStack instance associated
- addresses.
- items:
- description: NodeAddress contains information for the node's address.
- properties:
- address:
- description: The node address.
- type: string
- type:
- description: Node address type, one of Hostname, ExternalIP
- or InternalIP.
- type: string
- required:
- - address
- - type
- type: object
- type: array
- conditions:
- description: Conditions provide observations of the operational state
- of a Cluster API resource.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- failureMessage:
- description: |-
- FailureMessage will be set in the event that there is a terminal problem
- reconciling the Machine and will contain a more verbose string suitable
- for logging and human consumption.
-
- This field should not be set for transitive errors that a controller
- faces that are expected to be fixed automatically over
- time (like service outages), but instead indicate that something is
- fundamentally wrong with the Machine's spec or the configuration of
- the controller, and that manual intervention is required. Examples
- of terminal errors would be invalid combinations of settings in the
- spec, values that are unsupported by the controller, or the
- responsible controller itself being critically misconfigured.
-
- Any transient errors that occur during the reconciliation of Machines
- can be added as events to the Machine object and/or logged in the
- controller's output.
- type: string
- failureReason:
- description: DeprecatedCAPIMachineStatusError defines errors states
- for Machine objects.
- type: string
- instanceID:
- description: InstanceID is the OpenStack instance ID for this machine.
- type: string
- instanceState:
- description: |-
- InstanceState is the state of the OpenStack instance for this machine.
- This field is not set anymore by the OpenStackMachine controller.
- Instead, it's set by the OpenStackServer controller.
- type: string
- ready:
- description: Ready is true when the provider resource is ready.
- type: boolean
- resolved:
- description: |-
- Resolved contains parts of the machine spec with all external
- references fully resolved.
- properties:
- flavorID:
- description: FlavorID is the ID of the flavor to use.
- type: string
- imageID:
- description: ImageID is the ID of the image to use for the machine
- and is calculated based on ImageFilter.
- type: string
- ports:
- description: Ports is the fully resolved list of ports to create
- for the machine.
- items:
- description: ResolvedPortSpec is a PortOpts with all contained
- references fully resolved.
- properties:
- adminStateUp:
- description: AdminStateUp specifies whether the port should
- be created in the up (true) or down (false) state. The
- default is up.
- type: boolean
- allowedAddressPairs:
- description: |-
- AllowedAddressPairs is a list of address pairs which Neutron will
- allow the port to send traffic from in addition to the port's
- addresses. If not specified, the MAC Address will be the MAC Address
- of the port. Depending on the configuration of Neutron, it may be
- supported to specify a CIDR instead of a specific IP address.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is the IP address of the allowed address pair. Depending on
- the configuration of Neutron, it may be supported to specify a CIDR
- instead of a specific IP address.
- type: string
- macAddress:
- description: |-
- MACAddress is the MAC address of the allowed address pair. If not
- specified, the MAC address will be the MAC address of the port.
- type: string
- required:
- - ipAddress
- type: object
- type: array
- description:
- description: Description is a human-readable description
- for the port.
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: FixedIPs is a list of pairs of subnet and/or
- IP address to assign to the port. If specified, these
- must be subnets of the port's network.
- items:
- description: ResolvedFixedIP is a FixedIP with the Subnet
- resolved to an ID.
- properties:
- ipAddress:
- description: |-
- IPAddress is a specific IP address to assign to the port. If SubnetID
- is also specified, IPAddress must be a valid IP address in the
- subnet. If Subnet is not specified, IPAddress must be a valid IP
- address in any subnet of the port's network.
- type: string
- subnet:
- description: SubnetID is the id of a subnet to create
- the fixed IP of a port in.
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- hostID:
- description: HostID specifies the ID of the host where the
- port resides.
- type: string
- macAddress:
- description: MACAddress specifies the MAC address of the
- port. If not specified, the MAC address will be generated.
- type: string
- name:
- description: Name is the name of the port.
- type: string
- networkID:
- description: NetworkID is the ID of the network the port
- will be created in.
- type: string
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding
- details. We intentionally don't expose this as a map[string]string
- because we only want to enable the users to set the values of the
- keys that are known to work in OpenStack Networking API. See
- https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- To set profiles, your tenant needs permissions rule:create_port, and
- rule:create_port:binding:profile
- properties:
- ovsHWOffload:
- description: |-
- OVSHWOffload enables or disables the OVS hardware offload feature.
- This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
- See: https://bugs.launchpad.net/nova/+bug/2020813
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables the
- propagate uplink status on the port.
- type: boolean
- securityGroups:
- description: SecurityGroups is a list of security group
- IDs to assign to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: Tags applied to the port (and corresponding
- trunk, if a trunk is configured.)
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Trunk specifies whether trunking is enabled
- at the port level.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec
- key-value pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: |-
- VNICType specifies the type of vNIC which this port should be
- attached to. This is used to determine which mechanism driver(s) to
- be used to bind the port. The valid values are normal, macvtap,
- direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
- remote-managed, although these values will not be validated in this
- API to ensure compatibility with future neutron changes or custom
- implementations. What type of vNIC is actually available depends on
- deployments. If not specified, the Neutron default value is used.
- type: string
- required:
- - description
- - name
- - networkID
- type: object
- type: array
- serverGroupID:
- description: ServerGroupID is the ID of the server group the machine
- should be added to and is calculated based on ServerGroupFilter.
- type: string
- type: object
- resources:
- description: Resources contains references to OpenStack resources
- created for the machine.
- properties:
- ports:
- description: Ports is the status of the ports created for the
- machine.
- items:
- properties:
- id:
- description: ID is the unique identifier of the port.
- type: string
- required:
- - id
- type: object
- type: array
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.5
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: openstackmachinetemplates.infrastructure.cluster.x-k8s.io
-spec:
- conversion:
- strategy: Webhook
- webhook:
- clientConfig:
- service:
- name: capo-webhook-service
- namespace: capo-system
- path: /convert
- conversionReviewVersions:
- - v1
- - v1beta1
- group: infrastructure.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: OpenStackMachineTemplate
- listKind: OpenStackMachineTemplateList
- plural: openstackmachinetemplates
- shortNames:
- - osmt
- singular: openstackmachinetemplate
- scope: Namespaced
- versions:
- - deprecated: true
- deprecationWarning: The v1alpha7 version of OpenStackMachineTemplate has been
- deprecated and will be removed in a future release.
- name: v1alpha7
- schema:
- openAPIV3Schema:
- description: |-
- OpenStackMachineTemplate is the Schema for the openstackmachinetemplates API.
-
- Deprecated: v1alpha7.OpenStackMachineTemplate has been replaced by v1beta1.OpenStackMachineTemplate.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackMachineTemplateSpec defines the desired state of
- OpenStackMachineTemplate.
- properties:
- template:
- description: OpenStackMachineTemplateResource describes the data needed
- to create a OpenStackMachine from a template.
- properties:
- spec:
- description: Spec is the specification of the desired behavior
- of the machine.
- properties:
- additionalBlockDevices:
- description: AdditionalBlockDevices is a list of specifications
- for additional block devices to attach to the server instance
- items:
- description: AdditionalBlockDevice is a block device to
- attach to the server.
- properties:
- name:
- description: |-
- Name of the block device in the context of a machine.
- If the block device is a volume, the Cinder volume will be named
- as a combination of the machine name and this name.
- Also, this name will be used for tagging the block device.
- Information about the block device tag can be obtained from the OpenStack
- metadata API or the config drive.
- type: string
- sizeGiB:
- description: SizeGiB is the size of the block device
- in gibibytes (GiB).
- type: integer
- storage:
- description: |-
- Storage specifies the storage type of the block device and
- additional storage options.
- properties:
- type:
- description: |-
- Type is the type of block device to create.
- This can be either "Volume" or "Local".
- type: string
- volume:
- description: Volume contains additional storage
- options for a volume block device.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume in.
- If omitted, the availability zone of the server will be used.
- The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
- to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
- further information.
- type: string
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- type: object
- required:
- - type
- type: object
- required:
- - name
- - sizeGiB
- - storage
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- cloudName:
- description: The name of the cloud to use from the clouds
- secret
- type: string
- configDrive:
- description: Config Drive support
- type: boolean
- flavor:
- description: The flavor reference for the flavor for your
- server instance.
- minLength: 1
- type: string
- flavorID:
- description: |-
- FlavorID allows flavors to be specified by ID. This field takes precedence
- over Flavor.
- minLength: 1
- type: string
- floatingIP:
- description: |-
- The floatingIP which will be associated to the machine, only used for master.
- The floatingIP should have been created and haven't been associated.
- type: string
- identityRef:
- description: |-
- IdentityRef is a reference to a identity to be used when reconciling this cluster.
- If not specified, the identity ref of the cluster will be used instead.
- properties:
- kind:
- description: |-
- Kind of the identity. Must be supported by the infrastructure
- provider and may be either cluster or namespace-scoped.
- minLength: 1
- type: string
- name:
- description: |-
- Name of the infrastructure identity to be used.
- Must be either a cluster-scoped resource, or namespaced-scoped
- resource the same namespace as the resource(s) being provisioned.
- type: string
- required:
- - kind
- - name
- type: object
- image:
- description: |-
- The name of the image to use for your server instance.
- If the RootVolume is specified, this will be ignored and use rootVolume directly.
- type: string
- imageUUID:
- description: |-
- The uuid of the image to use for your server instance.
- if it's empty, Image name will be used
- type: string
- instanceID:
- description: InstanceID is the OpenStack instance ID for this
- machine.
- type: string
- ports:
- description: |-
- Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
- If not specified a default port will be added for the default cluster network.
- items:
- properties:
- adminStateUp:
- type: boolean
- allowedAddressPairs:
- items:
- properties:
- ipAddress:
- type: string
- macAddress:
- type: string
- type: object
- type: array
- description:
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: Specify pairs of subnet and/or IP address.
- These should be subnets of the network with the given
- NetworkID.
- items:
- properties:
- ipAddress:
- type: string
- subnet:
- description: |-
- Subnet is an openstack subnet query that will return the id of a subnet to create
- the fixed IP of a port in. This query must not return more than one subnet.
- properties:
- cidr:
- type: string
- description:
- type: string
- gateway_ip:
- type: string
- id:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RaMode:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- required:
- - subnet
- type: object
- type: array
- hostId:
- description: The ID of the host where the port is allocated
- type: string
- macAddress:
- type: string
- nameSuffix:
- description: Used to make the name of the port unique.
- If unspecified, instead the 0-based index of the port
- in the list is used.
- type: string
- network:
- description: |-
- Network is a query for an openstack network that the port will be created or discovered on.
- This will fail if the query returns more than one network.
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding details.
- We intentionally don't expose this as a map[string]string because we only want to enable
- the users to set the values of the keys that are known to work in OpenStack Networking API.
- See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- properties:
- ovsHWOffload:
- description: OVSHWOffload enables or disables the
- OVS hardware offload feature.
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables
- the propagate uplink status on the port.
- type: boolean
- securityGroupFilters:
- description: The names, uuids, filters or any combination
- these of the security groups to assign to the instance
- items:
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- type: array
- tags:
- description: |-
- Tags applied to the port (and corresponding trunk, if a trunk is configured.)
- These tags are applied in addition to the instance's tags, which will also be applied to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Enables and disables trunk at port level.
- If not provided, openStackMachine.Spec.Trunk is inherited.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec
- key-value pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value
- pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: The virtual network interface card (vNIC)
- type that is bound to the neutron port.
- type: string
- type: object
- type: array
- providerID:
- description: ProviderID is the unique identifier as specified
- by the cloud provider.
- type: string
- rootVolume:
- description: The volume metadata to boot from
- properties:
- availabilityZone:
- type: string
- diskSize:
- type: integer
- volumeType:
- type: string
- type: object
- securityGroups:
- description: The names of the security groups to assign to
- the instance
- items:
- properties:
- description:
- type: string
- id:
- type: string
- name:
- type: string
- notTags:
- type: string
- notTagsAny:
- type: string
- projectId:
- type: string
- tags:
- type: string
- tagsAny:
- type: string
- type: object
- type: array
- serverGroupID:
- description: The server group to assign the machine to
- type: string
- serverMetadata:
- additionalProperties:
- type: string
- description: Metadata mapping. Allows you to create a map
- of key value pairs to add to the server instance.
- type: object
- sshKeyName:
- description: The ssh key to inject in the instance
- type: string
- tags:
- description: |-
- Machine tags
- Requires Nova api 2.52 minimum!
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Whether the server instance is created on a trunk
- port or not.
- type: boolean
- type: object
- required:
- - spec
- type: object
- required:
- - template
- type: object
- type: object
- served: false
- storage: false
- - name: v1beta1
- schema:
- openAPIV3Schema:
- description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
- API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackMachineTemplateSpec defines the desired state of
- OpenStackMachineTemplate.
- properties:
- template:
- description: OpenStackMachineTemplateResource describes the data needed
- to create a OpenStackMachine from a template.
- properties:
- spec:
- description: Spec is the specification of the desired behavior
- of the machine.
- properties:
- additionalBlockDevices:
- description: AdditionalBlockDevices is a list of specifications
- for additional block devices to attach to the server instance
- items:
- description: AdditionalBlockDevice is a block device to
- attach to the server.
- properties:
- name:
- description: |-
- Name of the block device in the context of a machine.
- If the block device is a volume, the Cinder volume will be named
- as a combination of the machine name and this name.
- Also, this name will be used for tagging the block device.
- Information about the block device tag can be obtained from the OpenStack
- metadata API or the config drive.
- Name cannot be 'root', which is reserved for the root volume.
- type: string
- sizeGiB:
- description: SizeGiB is the size of the block device
- in gibibytes (GiB).
- minimum: 1
- type: integer
- storage:
- description: |-
- Storage specifies the storage type of the block device and
- additional storage options.
- properties:
- type:
- description: |-
- Type is the type of block device to create.
- This can be either "Volume" or "Local".
- type: string
- volume:
- description: Volume contains additional storage
- options for a volume block device.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from is 'Name'
- or default
- rule: '!has(self.from) || self.from == ''Name''
- ? has(self.name) : !has(self.name)'
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- type: object
- required:
- - type
- type: object
- required:
- - name
- - sizeGiB
- - storage
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- configDrive:
- description: Config Drive support
- type: boolean
- flavor:
- description: The flavor reference for the flavor for your
- server instance.
- minLength: 1
- type: string
- flavorID:
- description: |-
- FlavorID allows flavors to be specified by ID. This field takes precedence
- over Flavor.
- minLength: 1
- type: string
- floatingIPPoolRef:
- description: |-
- floatingIPPoolRef is a reference to a IPPool that will be assigned
- to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
- will be assigned to the OpenStackMachine.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- identityRef:
- description: |-
- IdentityRef is a reference to a secret holding OpenStack credentials
- to be used when reconciling this machine. If not specified, the
- credentials specified in the cluster will be used.
- properties:
- cloudName:
- description: CloudName specifies the name of the entry
- in the clouds.yaml file to use.
- type: string
- name:
- description: |-
- Name is the name of a secret in the same namespace as the resource being provisioned.
- The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
- The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
- type: string
- region:
- description: |-
- Region specifies an OpenStack region to use. If specified, it overrides
- any value in clouds.yaml. If specified for an OpenStackMachine, its
- value will be included in providerID.
- type: string
- required:
- - cloudName
- - name
- type: object
- x-kubernetes-validations:
- - message: region is immutable
- rule: (!has(self.region) && !has(oldSelf.region)) || self.region
- == oldSelf.region
- image:
- description: |-
- The image to use for your server instance.
- If the rootVolume is specified, this will be used when creating the root volume.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: |-
- Filter describes a query for an image. If specified, the combination
- of name and tags must return a single matching image or an error will
- be raised.
- minProperties: 1
- properties:
- name:
- description: The name of the desired image. If specified,
- the combination of name and tags must return a single
- matching image or an error will be raised.
- type: string
- tags:
- description: The tags associated with the desired
- image. If specified, the combination of name and
- tags must return a single matching image or an error
- will be raised.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the image. ID will not
- be validated before use.
- format: uuid
- type: string
- imageRef:
- description: |-
- ImageRef is a reference to an ORC Image in the same namespace as the
- referring object.
- properties:
- name:
- description: Name is the name of the referenced resource
- type: string
- required:
- - name
- type: object
- type: object
- ports:
- description: |-
- Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
- If not specified a default port will be added for the default cluster network.
- items:
- properties:
- adminStateUp:
- description: AdminStateUp specifies whether the port
- should be created in the up (true) or down (false)
- state. The default is up.
- type: boolean
- allowedAddressPairs:
- description: |-
- AllowedAddressPairs is a list of address pairs which Neutron will
- allow the port to send traffic from in addition to the port's
- addresses. If not specified, the MAC Address will be the MAC Address
- of the port. Depending on the configuration of Neutron, it may be
- supported to specify a CIDR instead of a specific IP address.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is the IP address of the allowed address pair. Depending on
- the configuration of Neutron, it may be supported to specify a CIDR
- instead of a specific IP address.
- type: string
- macAddress:
- description: |-
- MACAddress is the MAC address of the allowed address pair. If not
- specified, the MAC address will be the MAC address of the port.
- type: string
- required:
- - ipAddress
- type: object
- type: array
- description:
- description: Description is a human-readable description
- for the port.
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: FixedIPs is a list of pairs of subnet and/or
- IP address to assign to the port. If specified, these
- must be subnets of the port's network.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is a specific IP address to assign to the port. If Subnet
- is also specified, IPAddress must be a valid IP address in the
- subnet. If Subnet is not specified, IPAddress must be a valid IP
- address in any subnet of the port's network.
- type: string
- subnet:
- description: |-
- Subnet is an openstack subnet query that will return the id of a subnet to create
- the fixed IP of a port in. This query must not return more than one subnet.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to
- select the subnet. It must match exactly
- one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet.
- It will not be validated.
- format: uuid
- type: string
- type: object
- type: object
- type: array
- x-kubernetes-list-type: atomic
- hostID:
- description: HostID specifies the ID of the host where
- the port resides.
- type: string
- macAddress:
- description: MACAddress specifies the MAC address of
- the port. If not specified, the MAC address will be
- generated.
- type: string
- nameSuffix:
- description: NameSuffix will be appended to the name
- of the port if specified. If unspecified, instead
- the 0-based index of the port in the list is used.
- type: string
- network:
- description: |-
- Network is a query for an openstack network that the port will be created or discovered on.
- This will fail if the query returns more than one network.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select
- an OpenStack network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use.
- If ID is provided, the other filters cannot be
- provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding
- details. We intentionally don't expose this as a map[string]string
- because we only want to enable the users to set the values of the
- keys that are known to work in OpenStack Networking API. See
- https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- To set profiles, your tenant needs permissions rule:create_port, and
- rule:create_port:binding:profile
- properties:
- ovsHWOffload:
- description: |-
- OVSHWOffload enables or disables the OVS hardware offload feature.
- This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
- See: https://bugs.launchpad.net/nova/+bug/2020813
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables
- the propagate uplink status on the port.
- type: boolean
- securityGroups:
- description: SecurityGroups is a list of the names,
- uuids, filters or any combination these of the security
- groups to assign to the instance.
- items:
- description: SecurityGroupParam specifies an OpenStack
- security group. It may be specified by ID or filter,
- but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select
- an OpenStack security group. If provided, cannot
- be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security group
- to use. If ID is provided, the other filters
- cannot be provided. Must be in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: |-
- Tags applied to the port (and corresponding trunk, if a trunk is configured.)
- These tags are applied in addition to the instance's tags, which will also be applied to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: |-
- Trunk specifies whether trunking is enabled at the port level. If not
- provided the value is inherited from the machine, or false for a
- bastion host.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec
- key-value pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value
- pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: |-
- VNICType specifies the type of vNIC which this port should be
- attached to. This is used to determine which mechanism driver(s) to
- be used to bind the port. The valid values are normal, macvtap,
- direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
- remote-managed, although these values will not be validated in this
- API to ensure compatibility with future neutron changes or custom
- implementations. What type of vNIC is actually available depends on
- deployments. If not specified, the Neutron default value is used.
- type: string
- type: object
- type: array
- providerID:
- description: ProviderID is the unique identifier as specified
- by the cloud provider.
- type: string
- rootVolume:
- description: The volume metadata to boot from
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from is 'Name' or default
- rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
- : !has(self.name)'
- sizeGiB:
- description: SizeGiB is the size of the block device in
- gibibytes (GiB).
- minimum: 1
- type: integer
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- required:
- - sizeGiB
- type: object
- schedulerHintAdditionalProperties:
- description: |-
- SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
- to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
- such as specifying certain host aggregates or availability zones.
- items:
- description: |-
- SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
- It includes a Name to identify the property and a Value that can be of various types.
- properties:
- name:
- description: |-
- Name is the name of the scheduler hint property.
- It is a unique identifier for the property.
- minLength: 1
- type: string
- value:
- description: |-
- Value is the value of the scheduler hint property, which can be of various types
- (e.g., bool, string, int). The type is indicated by the Value.Type field.
- properties:
- bool:
- description: |-
- Bool is the boolean value of the scheduler hint, used when Type is "Bool".
- This field is required if type is 'Bool', and must not be set otherwise.
- type: boolean
- number:
- description: |-
- Number is the integer value of the scheduler hint, used when Type is "Number".
- This field is required if type is 'Number', and must not be set otherwise.
- type: integer
- string:
- description: |-
- String is the string value of the scheduler hint, used when Type is "String".
- This field is required if type is 'String', and must not be set otherwise.
- maxLength: 255
- minLength: 1
- type: string
- type:
- description: |-
- Type represents the type of the value.
- Valid values are Bool, String, and Number.
- enum:
- - Bool
- - String
- - Number
- type: string
- required:
- - type
- type: object
- x-kubernetes-validations:
- - message: bool is required when type is Bool, and forbidden
- otherwise
- rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
- : !has(self.bool)'
- - message: number is required when type is Number, and
- forbidden otherwise
- rule: 'has(self.type) && self.type == ''Number'' ?
- has(self.number) : !has(self.number)'
- - message: string is required when type is String, and
- forbidden otherwise
- rule: 'has(self.type) && self.type == ''String'' ?
- has(self.string) : !has(self.string)'
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityGroups:
- description: The names of the security groups to assign to
- the instance
- items:
- description: SecurityGroupParam specifies an OpenStack security
- group. It may be specified by ID or filter, but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack
- security group. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security group to use.
- If ID is provided, the other filters cannot be provided.
- Must be in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- serverGroup:
- description: The server group to assign the machine to.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack
- server group. If provided, it cannot be empty.
- minProperties: 1
- properties:
- name:
- description: Name is the name of a server group to
- look for.
- type: string
- type: object
- id:
- description: ID is the ID of the server group to use.
- format: uuid
- type: string
- type: object
- serverMetadata:
- description: Metadata mapping. Allows you to create a map
- of key value pairs to add to the server instance.
- items:
- properties:
- key:
- description: Key is the server metadata key
- maxLength: 255
- type: string
- value:
- description: Value is the server metadata value
- maxLength: 255
- type: string
- required:
- - key
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - key
- x-kubernetes-list-type: map
- sshKeyName:
- description: The ssh key to inject in the instance
- type: string
- tags:
- description: |-
- Tags which will be added to the machine and all dependent resources
- which support them. These are in addition to Tags defined on the
- cluster.
- Requires Nova api 2.52 minimum!
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Whether the server instance is created on a trunk
- port or not.
- type: boolean
- required:
- - image
- type: object
- x-kubernetes-validations:
- - message: at least one of flavor or flavorID must be set
- rule: (has(self.flavor) || has(self.flavorID))
- required:
- - spec
- type: object
- required:
- - template
- type: object
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
- controller-gen.kubebuilder.io/version: v0.16.5
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
- clusterctl.cluster.x-k8s.io: ""
- name: openstackservers.infrastructure.cluster.x-k8s.io
-spec:
- group: infrastructure.cluster.x-k8s.io
- names:
- categories:
- - cluster-api
- kind: OpenStackServer
- listKind: OpenStackServerList
- plural: openstackservers
- shortNames:
- - oss
- singular: openstackserver
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: OpenStack instance state
- jsonPath: .status.instanceState
- name: InstanceState
- type: string
- - description: OpenStack instance ready status
- jsonPath: .status.ready
- name: Ready
- type: string
- - description: OpenStack instance ID
- jsonPath: .status.instanceID
- name: InstanceID
- type: string
- - description: Time duration since creation of OpenStack instance
- jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: OpenStackServer is the Schema for the openstackservers API.
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OpenStackServerSpec defines the desired state of OpenStackServer.
- properties:
- additionalBlockDevices:
- description: AdditionalBlockDevices is a list of specifications for
- additional block devices to attach to the server instance.
- items:
- description: AdditionalBlockDevice is a block device to attach to
- the server.
- properties:
- name:
- description: |-
- Name of the block device in the context of a machine.
- If the block device is a volume, the Cinder volume will be named
- as a combination of the machine name and this name.
- Also, this name will be used for tagging the block device.
- Information about the block device tag can be obtained from the OpenStack
- metadata API or the config drive.
- Name cannot be 'root', which is reserved for the root volume.
- type: string
- sizeGiB:
- description: SizeGiB is the size of the block device in gibibytes
- (GiB).
- minimum: 1
- type: integer
- storage:
- description: |-
- Storage specifies the storage type of the block device and
- additional storage options.
- properties:
- type:
- description: |-
- Type is the type of block device to create.
- This can be either "Volume" or "Local".
- type: string
- volume:
- description: Volume contains additional storage options
- for a volume block device.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from is 'Name' or default
- rule: '!has(self.from) || self.from == ''Name'' ?
- has(self.name) : !has(self.name)'
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- type: object
- required:
- - type
- type: object
- required:
- - name
- - sizeGiB
- - storage
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- availabilityZone:
- description: AvailabilityZone is the availability zone in which to
- create the server instance.
- type: string
- configDrive:
- description: ConfigDrive is a flag to enable config drive for the
- server instance.
- type: boolean
- flavor:
- description: The flavor reference for the flavor for the server instance.
- minLength: 1
- type: string
- flavorID:
- description: |-
- FlavorID allows flavors to be specified by ID. This field takes precedence
- over Flavor.
- minLength: 1
- type: string
- floatingIPPoolRef:
- description: FloatingIPPoolRef is a reference to a FloatingIPPool
- to allocate a floating IP from.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource being referenced
- type: string
- name:
- description: Name is the name of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- identityRef:
- description: IdentityRef is a reference to a secret holding OpenStack
- credentials.
- properties:
- cloudName:
- description: CloudName specifies the name of the entry in the
- clouds.yaml file to use.
- type: string
- name:
- description: |-
- Name is the name of a secret in the same namespace as the resource being provisioned.
- The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
- The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
- type: string
- region:
- description: |-
- Region specifies an OpenStack region to use. If specified, it overrides
- any value in clouds.yaml. If specified for an OpenStackMachine, its
- value will be included in providerID.
- type: string
- required:
- - cloudName
- - name
- type: object
- x-kubernetes-validations:
- - message: region is immutable
- rule: (!has(self.region) && !has(oldSelf.region)) || self.region
- == oldSelf.region
- image:
- description: The image to use for the server instance.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: |-
- Filter describes a query for an image. If specified, the combination
- of name and tags must return a single matching image or an error will
- be raised.
- minProperties: 1
- properties:
- name:
- description: The name of the desired image. If specified,
- the combination of name and tags must return a single matching
- image or an error will be raised.
- type: string
- tags:
- description: The tags associated with the desired image. If
- specified, the combination of name and tags must return
- a single matching image or an error will be raised.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the image. ID will not be validated
- before use.
- format: uuid
- type: string
- imageRef:
- description: |-
- ImageRef is a reference to an ORC Image in the same namespace as the
- referring object.
- properties:
- name:
- description: Name is the name of the referenced resource
- type: string
- required:
- - name
- type: object
- type: object
- ports:
- description: Ports to be attached to the server instance.
- items:
- properties:
- adminStateUp:
- description: AdminStateUp specifies whether the port should
- be created in the up (true) or down (false) state. The default
- is up.
- type: boolean
- allowedAddressPairs:
- description: |-
- AllowedAddressPairs is a list of address pairs which Neutron will
- allow the port to send traffic from in addition to the port's
- addresses. If not specified, the MAC Address will be the MAC Address
- of the port. Depending on the configuration of Neutron, it may be
- supported to specify a CIDR instead of a specific IP address.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is the IP address of the allowed address pair. Depending on
- the configuration of Neutron, it may be supported to specify a CIDR
- instead of a specific IP address.
- type: string
- macAddress:
- description: |-
- MACAddress is the MAC address of the allowed address pair. If not
- specified, the MAC address will be the MAC address of the port.
- type: string
- required:
- - ipAddress
- type: object
- type: array
- description:
- description: Description is a human-readable description for
- the port.
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: FixedIPs is a list of pairs of subnet and/or IP
- address to assign to the port. If specified, these must be
- subnets of the port's network.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is a specific IP address to assign to the port. If Subnet
- is also specified, IPAddress must be a valid IP address in the
- subnet. If Subnet is not specified, IPAddress must be a valid IP
- address in any subnet of the port's network.
- type: string
- subnet:
- description: |-
- Subnet is an openstack subnet query that will return the id of a subnet to create
- the fixed IP of a port in. This query must not return more than one subnet.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select the
- subnet. It must match exactly one subnet.
- minProperties: 1
- properties:
- cidr:
- type: string
- description:
- type: string
- gatewayIP:
- type: string
- ipVersion:
- type: integer
- ipv6AddressMode:
- type: string
- ipv6RAMode:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the uuid of the subnet. It will
- not be validated.
- format: uuid
- type: string
- type: object
- type: object
- type: array
- x-kubernetes-list-type: atomic
- hostID:
- description: HostID specifies the ID of the host where the port
- resides.
- type: string
- macAddress:
- description: MACAddress specifies the MAC address of the port.
- If not specified, the MAC address will be generated.
- type: string
- nameSuffix:
- description: NameSuffix will be appended to the name of the
- port if specified. If unspecified, instead the 0-based index
- of the port in the list is used.
- type: string
- network:
- description: |-
- Network is a query for an openstack network that the port will be created or discovered on.
- This will fail if the query returns more than one network.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a filter to select an OpenStack
- network. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the network to use. If ID is
- provided, the other filters cannot be provided. Must be
- in UUID format.
- format: uuid
- type: string
- type: object
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding
- details. We intentionally don't expose this as a map[string]string
- because we only want to enable the users to set the values of the
- keys that are known to work in OpenStack Networking API. See
- https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- To set profiles, your tenant needs permissions rule:create_port, and
- rule:create_port:binding:profile
- properties:
- ovsHWOffload:
- description: |-
- OVSHWOffload enables or disables the OVS hardware offload feature.
- This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
- See: https://bugs.launchpad.net/nova/+bug/2020813
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables the propagate
- uplink status on the port.
- type: boolean
- securityGroups:
- description: SecurityGroups is a list of the names, uuids, filters
- or any combination these of the security groups to assign
- to the instance.
- items:
- description: SecurityGroupParam specifies an OpenStack security
- group. It may be specified by ID or filter, but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack
- security group. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security group to use.
- If ID is provided, the other filters cannot be provided.
- Must be in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: |-
- Tags applied to the port (and corresponding trunk, if a trunk is configured.)
- These tags are applied in addition to the instance's tags, which will also be applied to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: |-
- Trunk specifies whether trunking is enabled at the port level. If not
- provided the value is inherited from the machine, or false for a
- bastion host.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec key-value
- pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: |-
- VNICType specifies the type of vNIC which this port should be
- attached to. This is used to determine which mechanism driver(s) to
- be used to bind the port. The valid values are normal, macvtap,
- direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
- remote-managed, although these values will not be validated in this
- API to ensure compatibility with future neutron changes or custom
- implementations. What type of vNIC is actually available depends on
- deployments. If not specified, the Neutron default value is used.
- type: string
- type: object
- type: array
- rootVolume:
- description: RootVolume is the specification for the root volume of
- the server instance.
- properties:
- availabilityZone:
- description: |-
- AvailabilityZone is the volume availability zone to create the volume
- in. If not specified, the volume will be created without an explicit
- availability zone.
- properties:
- from:
- default: Name
- description: |-
- From specifies where we will obtain the availability zone for the
- volume. The options are "Name" and "Machine". If "Name" is specified
- then the Name field must also be specified. If "Machine" is specified
- the volume will use the value of FailureDomain, if any, from the
- associated Machine.
- enum:
- - Name
- - Machine
- type: string
- name:
- description: |-
- Name is the name of a volume availability zone to use. It is required
- if From is "Name". The volume availability zone name may not contain
- spaces.
- minLength: 1
- pattern: ^[^ ]+$
- type: string
- type: object
- x-kubernetes-validations:
- - message: name is required when from is 'Name' or default
- rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
- : !has(self.name)'
- sizeGiB:
- description: SizeGiB is the size of the block device in gibibytes
- (GiB).
- minimum: 1
- type: integer
- type:
- description: |-
- Type is the Cinder volume type of the volume.
- If omitted, the default Cinder volume type that is configured in the OpenStack cloud
- will be used.
- type: string
- required:
- - sizeGiB
- type: object
- schedulerHintAdditionalProperties:
- description: |-
- SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
- to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
- such as specifying certain host aggregates or availability zones.
- items:
- description: |-
- SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
- It includes a Name to identify the property and a Value that can be of various types.
- properties:
- name:
- description: |-
- Name is the name of the scheduler hint property.
- It is a unique identifier for the property.
- minLength: 1
- type: string
- value:
- description: |-
- Value is the value of the scheduler hint property, which can be of various types
- (e.g., bool, string, int). The type is indicated by the Value.Type field.
- properties:
- bool:
- description: |-
- Bool is the boolean value of the scheduler hint, used when Type is "Bool".
- This field is required if type is 'Bool', and must not be set otherwise.
- type: boolean
- number:
- description: |-
- Number is the integer value of the scheduler hint, used when Type is "Number".
- This field is required if type is 'Number', and must not be set otherwise.
- type: integer
- string:
- description: |-
- String is the string value of the scheduler hint, used when Type is "String".
- This field is required if type is 'String', and must not be set otherwise.
- maxLength: 255
- minLength: 1
- type: string
- type:
- description: |-
- Type represents the type of the value.
- Valid values are Bool, String, and Number.
- enum:
- - Bool
- - String
- - Number
- type: string
- required:
- - type
- type: object
- x-kubernetes-validations:
- - message: bool is required when type is Bool, and forbidden
- otherwise
- rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
- : !has(self.bool)'
- - message: number is required when type is Number, and forbidden
- otherwise
- rule: 'has(self.type) && self.type == ''Number'' ? has(self.number)
- : !has(self.number)'
- - message: string is required when type is String, and forbidden
- otherwise
- rule: 'has(self.type) && self.type == ''String'' ? has(self.string)
- : !has(self.string)'
- required:
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityGroups:
- description: SecurityGroups is a list of security groups names to
- assign to the instance.
- items:
- description: SecurityGroupParam specifies an OpenStack security
- group. It may be specified by ID or filter, but not both.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack
- security group. If provided, cannot be empty.
- minProperties: 1
- properties:
- description:
- type: string
- name:
- type: string
- notTags:
- description: |-
- NotTags is a list of tags to filter by. If specified, resources which
- contain all of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- notTagsAny:
- description: |-
- NotTagsAny is a list of tags to filter by. If specified, resources
- which contain any of the given tags will be excluded from the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- projectID:
- type: string
- tags:
- description: |-
- Tags is a list of tags to filter by. If specified, the resource must
- have all of the tags specified to be included in the result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- tagsAny:
- description: |-
- TagsAny is a list of tags to filter by. If specified, the resource
- must have at least one of the tags specified to be included in the
- result.
- items:
- description: |-
- NeutronTag represents a tag on a Neutron resource.
- It may not be empty and may not contain commas.
- minLength: 1
- pattern: ^[^,]+$
- type: string
- type: array
- x-kubernetes-list-type: set
- type: object
- id:
- description: ID is the ID of the security group to use. If ID
- is provided, the other filters cannot be provided. Must be
- in UUID format.
- format: uuid
- type: string
- type: object
- type: array
- serverGroup:
- description: ServerGroup is the server group to which the server instance
- belongs.
- maxProperties: 1
- minProperties: 1
- properties:
- filter:
- description: Filter specifies a query to select an OpenStack server
- group. If provided, it cannot be empty.
- minProperties: 1
- properties:
- name:
- description: Name is the name of a server group to look for.
- type: string
- type: object
- id:
- description: ID is the ID of the server group to use.
- format: uuid
- type: string
- type: object
- serverMetadata:
- description: ServerMetadata is a map of key value pairs to add to
- the server instance.
- items:
- properties:
- key:
- description: Key is the server metadata key
- maxLength: 255
- type: string
- value:
- description: Value is the server metadata value
- maxLength: 255
- type: string
- required:
- - key
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - key
- x-kubernetes-list-type: map
- sshKeyName:
- description: SSHKeyName is the name of the SSH key to inject in the
- instance.
- type: string
- tags:
- description: |-
- Tags which will be added to the machine and all dependent resources
- which support them. These are in addition to Tags defined on the
- cluster.
- Requires Nova api 2.52 minimum!
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Trunk is a flag to indicate if the server instance is
- created on a trunk port or not.
- type: boolean
- userDataRef:
- description: |-
- UserDataRef is a reference to a secret containing the user data to
- be injected into the server instance.
- properties:
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - identityRef
- - image
- - ports
- - sshKeyName
- type: object
- x-kubernetes-validations:
- - message: at least one of flavor or flavorID must be set
- rule: (has(self.flavor) || has(self.flavorID))
- status:
- description: OpenStackServerStatus defines the observed state of OpenStackServer.
- properties:
- addresses:
- description: Addresses is the list of addresses of the server instance.
- items:
- description: NodeAddress contains information for the node's address.
- properties:
- address:
- description: The node address.
- type: string
- type:
- description: Node address type, one of Hostname, ExternalIP
- or InternalIP.
- type: string
- required:
- - address
- - type
- type: object
- type: array
- conditions:
- description: Conditions defines current service state of the OpenStackServer.
- items:
- description: Condition defines an observation of a Cluster API resource
- operational state.
- properties:
- lastTransitionTime:
- description: |-
- Last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when
- the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- A human readable message indicating details about the transition.
- This field may be empty.
- type: string
- reason:
- description: |-
- The reason for the condition's last transition in CamelCase.
- The specific API may choose whether or not this field is considered a guaranteed API.
- This field may be empty.
- type: string
- severity:
- description: |-
- severity provides an explicit classification of Reason code, so the users or machines can immediately
- understand the current situation and act accordingly.
- The Severity field MUST be set only when Status=False.
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability to deconflict is important.
- type: string
- required:
- - lastTransitionTime
- - status
- - type
- type: object
- type: array
- instanceID:
- description: InstanceID is the ID of the server instance.
- type: string
- instanceState:
- description: InstanceState is the state of the server instance.
- type: string
- ready:
- default: false
- description: Ready is true when the OpenStack server is ready.
- type: boolean
- resolved:
- description: |-
- Resolved contains parts of the machine spec with all external
- references fully resolved.
- properties:
- flavorID:
- description: FlavorID is the ID of the flavor to use.
- type: string
- imageID:
- description: ImageID is the ID of the image to use for the server
- and is calculated based on ImageFilter.
- type: string
- ports:
- description: Ports is the fully resolved list of ports to create
- for the server.
- items:
- description: ResolvedPortSpec is a PortOpts with all contained
- references fully resolved.
- properties:
- adminStateUp:
- description: AdminStateUp specifies whether the port should
- be created in the up (true) or down (false) state. The
- default is up.
- type: boolean
- allowedAddressPairs:
- description: |-
- AllowedAddressPairs is a list of address pairs which Neutron will
- allow the port to send traffic from in addition to the port's
- addresses. If not specified, the MAC Address will be the MAC Address
- of the port. Depending on the configuration of Neutron, it may be
- supported to specify a CIDR instead of a specific IP address.
- items:
- properties:
- ipAddress:
- description: |-
- IPAddress is the IP address of the allowed address pair. Depending on
- the configuration of Neutron, it may be supported to specify a CIDR
- instead of a specific IP address.
- type: string
- macAddress:
- description: |-
- MACAddress is the MAC address of the allowed address pair. If not
- specified, the MAC address will be the MAC address of the port.
- type: string
- required:
- - ipAddress
- type: object
- type: array
- description:
- description: Description is a human-readable description
- for the port.
- type: string
- disablePortSecurity:
- description: |-
- DisablePortSecurity enables or disables the port security when set.
- When not set, it takes the value of the corresponding field at the network level.
- type: boolean
- fixedIPs:
- description: FixedIPs is a list of pairs of subnet and/or
- IP address to assign to the port. If specified, these
- must be subnets of the port's network.
- items:
- description: ResolvedFixedIP is a FixedIP with the Subnet
- resolved to an ID.
- properties:
- ipAddress:
- description: |-
- IPAddress is a specific IP address to assign to the port. If SubnetID
- is also specified, IPAddress must be a valid IP address in the
- subnet. If Subnet is not specified, IPAddress must be a valid IP
- address in any subnet of the port's network.
- type: string
- subnet:
- description: SubnetID is the id of a subnet to create
- the fixed IP of a port in.
- type: string
- type: object
- type: array
- x-kubernetes-list-type: atomic
- hostID:
- description: HostID specifies the ID of the host where the
- port resides.
- type: string
- macAddress:
- description: MACAddress specifies the MAC address of the
- port. If not specified, the MAC address will be generated.
- type: string
- name:
- description: Name is the name of the port.
- type: string
- networkID:
- description: NetworkID is the ID of the network the port
- will be created in.
- type: string
- profile:
- description: |-
- Profile is a set of key-value pairs that are used for binding
- details. We intentionally don't expose this as a map[string]string
- because we only want to enable the users to set the values of the
- keys that are known to work in OpenStack Networking API. See
- https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
- To set profiles, your tenant needs permissions rule:create_port, and
- rule:create_port:binding:profile
- properties:
- ovsHWOffload:
- description: |-
- OVSHWOffload enables or disables the OVS hardware offload feature.
- This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
- See: https://bugs.launchpad.net/nova/+bug/2020813
- type: boolean
- trustedVF:
- description: TrustedVF enables or disables the “trusted
- mode” for the VF.
- type: boolean
- type: object
- propagateUplinkStatus:
- description: PropageteUplinkStatus enables or disables the
- propagate uplink status on the port.
- type: boolean
- securityGroups:
- description: SecurityGroups is a list of security group
- IDs to assign to the port.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- tags:
- description: Tags applied to the port (and corresponding
- trunk, if a trunk is configured.)
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- trunk:
- description: Trunk specifies whether trunking is enabled
- at the port level.
- type: boolean
- valueSpecs:
- description: |-
- Value specs are extra parameters to include in the API request with OpenStack.
- This is an extension point for the API, so what they do and if they are supported,
- depends on the specific OpenStack implementation.
- items:
- description: ValueSpec represents a single value_spec
- key-value pair.
- properties:
- key:
- description: Key is the key in the key-value pair.
- type: string
- name:
- description: |-
- Name is the name of the key-value pair.
- This is just for identifying the pair and will not be sent to the OpenStack API.
- type: string
- value:
- description: Value is the value in the key-value pair.
- type: string
- required:
- - key
- - name
- - value
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- vnicType:
- description: |-
- VNICType specifies the type of vNIC which this port should be
- attached to. This is used to determine which mechanism driver(s) to
- be used to bind the port. The valid values are normal, macvtap,
- direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
- remote-managed, although these values will not be validated in this
- API to ensure compatibility with future neutron changes or custom
- implementations. What type of vNIC is actually available depends on
- deployments. If not specified, the Neutron default value is used.
- type: string
- required:
- - description
- - name
- - networkID
- type: object
- type: array
- serverGroupID:
- description: ServerGroupID is the ID of the server group the server
- should be added to and is calculated based on ServerGroupFilter.
- type: string
- type: object
- resources:
- description: Resources contains references to OpenStack resources
- created for the machine.
- properties:
- ports:
- description: Ports is the status of the ports created for the
- server.
- items:
- properties:
- id:
- description: ID is the unique identifier of the port.
- type: string
- required:
- - id
- type: object
- type: array
- type: object
- required:
- - ready
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- name: capo-manager
- namespace: capo-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- name: capo-leader-election-role
- namespace: capo-system
-rules:
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - configmaps/status
- verbs:
- - get
- - update
- - patch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- name: capo-manager-role
-rules:
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
-- apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
-- apiGroups:
- - cluster.x-k8s.io
- resources:
- - clusters
- - clusters/status
- - machines
- - machines/status
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - infrastructure.cluster.x-k8s.io
- resources:
- - openstackclusters
- - openstackfloatingippools
- - openstackmachines
- - openstackservers
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - infrastructure.cluster.x-k8s.io
- resources:
- - openstackclusters/status
- - openstackfloatingippools/status
- - openstackmachines/status
- - openstackservers/status
- verbs:
- - get
- - patch
- - update
-- apiGroups:
- - ipam.cluster.x-k8s.io
- resources:
- - ipaddressclaims
- - ipaddressclaims/status
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ipam.cluster.x-k8s.io
- resources:
- - ipaddresses
- - ipaddresses/status
- verbs:
- - create
- - delete
- - get
- - list
- - update
- - watch
-- apiGroups:
- - openstack.k-orc.cloud
- resources:
- - images
- verbs:
- - get
- - list
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- name: capo-leader-election-rolebinding
- namespace: capo-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: capo-leader-election-role
-subjects:
-- kind: ServiceAccount
- name: capo-manager
- namespace: capo-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- name: capo-manager-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: capo-manager-role
-subjects:
-- kind: ServiceAccount
- name: capo-manager
- namespace: capo-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- name: capo-webhook-service
- namespace: capo-system
-spec:
- ports:
- - port: 443
- targetPort: webhook-server
- selector:
- cluster.x-k8s.io/provider: infrastructure-openstack
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- control-plane: capo-controller-manager
- name: capo-controller-manager
- namespace: capo-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- control-plane: capo-controller-manager
- strategy: {}
- template:
- metadata:
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- control-plane: capo-controller-manager
- spec:
- containers:
- - args:
- - --leader-elect
- - --v=2
- - --diagnostics-address=127.0.0.1:8080
- - --insecure-diagnostics=true
- command:
- - /manager
- image: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.12.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9443
- name: webhook-server
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources: {}
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- runAsGroup: 65532
- runAsUser: 65532
- terminationMessagePolicy: FallbackToLogsOnError
- volumeMounts:
- - mountPath: /tmp/k8s-webhook-server/serving-certs
- name: cert
- readOnly: true
- securityContext:
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: capo-manager
- terminationGracePeriodSeconds: 10
- tolerations:
- - effect: NoSchedule
- key: node-role.kubernetes.io/master
- - effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
- volumes:
- - name: cert
- secret:
- defaultMode: 420
- secretName: capo-webhook-service-cert
-status: {}
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
- annotations:
- cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
- creationTimestamp: null
- labels:
- cluster.x-k8s.io/provider: infrastructure-openstack
- clusterctl.cluster.x-k8s.io: ""
- name: capo-validating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
- - v1beta1
- clientConfig:
- service:
- name: capo-webhook-service
- namespace: capo-system
- path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackcluster
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.openstackcluster.infrastructure.cluster.x-k8s.io
- rules:
- - apiGroups:
- - infrastructure.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - openstackclusters
- sideEffects: None
-- admissionReviewVersions:
- - v1beta1
- clientConfig:
- service:
- name: capo-webhook-service
- namespace: capo-system
- path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackclustertemplate
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.openstackclustertemplate.infrastructure.cluster.x-k8s.io
- rules:
- - apiGroups:
- - infrastructure.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - openstackclustertemplates
- sideEffects: None
-- admissionReviewVersions:
- - v1beta1
- clientConfig:
- service:
- name: capo-webhook-service
- namespace: capo-system
- path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackmachine
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.openstackmachine.infrastructure.cluster.x-k8s.io
- rules:
- - apiGroups:
- - infrastructure.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - openstackmachines
- sideEffects: None
-- admissionReviewVersions:
- - v1beta1
- clientConfig:
- service:
- name: capo-webhook-service
- namespace: capo-system
- path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackmachinetemplate
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.openstackmachinetemplate.infrastructure.cluster.x-k8s.io
- rules:
- - apiGroups:
- - infrastructure.cluster.x-k8s.io
- apiVersions:
- - v1beta1
- operations:
- - CREATE
- - UPDATE
- resources:
- - openstackmachinetemplates
- sideEffects: None
-- admissionReviewVersions:
- - v1beta1
- clientConfig:
- service:
- name: capo-webhook-service
- namespace: capo-system
- path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-openstackserver
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validation.openstackserver.infrastructure.cluster.x-k8s.io
- rules:
- - apiGroups:
- - infrastructure.cluster.x-k8s.io
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - openstackservers
- sideEffects: None
projects / osm / devops.git / commitdiff